Ubuntu
update-notifier package

Jaunty (9.04)
Bug #332945 (update-notifier-autolaunch)
Comment #327

Comment 327 for bug 332945

Revision history for this message

bdoe (bdoe-att) wrote on 2009-05-02: Re: [Bug 332945] Re: [Jaunty] Update Notifier icon would provide useful status information

#327

Matthew Paul Thomas wrote:
> bdoe: If there are security updates waiting in the archive and Update
> Manager doesn't open within a day, please report a separate bug about
> that. However -- and I apologize in advance if this affects your sleep
> -- it has never been true that "if there's no icon up there indicating
> important security updates, then my system is truly secure". A
> vulnerability may be found and exploited by bad guys before being found
> by good guys; once it is identified by good guys, it may be hours before
> it is fixed in a way that the developers are confident won't break
> anything else; after that, Launchpad may take up to an hour to rebuild
> the fixed package (depending on the complexity of the package); after
> that, there may sometimes be an embargo of hours or days agreed with
> other OS vendors; after it is released from embargo, it will be between
> 0 and 60 minutes before the new package is published in the Ubuntu
> archive; and after that, it will be between 0 and 24 hours until your
> computer next checks for security updates. This is all true regardless
> of whether that last step involves a notification area icon or the
> updates window itself.
I can't file a bug report on something I don't know exists. Like I
stated, I may well have simply closed the window in a fit of
desktop-cleaning, without realizing what the window was. I will probably
never know, because once the window is closed, there is no further
indication that I need to update my system unless I manually invoke
Update Manager or another security update comes along (assuming I don't
once again dismiss the window after it pops up and annoys me). With the
notification icon (aka. "old behavior"), there is nothing I can do to
dismiss the icon short of updating my system; nor would I have any
reason to dismiss the icon prematurely, since it is completely unobtrusive.

As for your point about my system never being truly secure: I understand
that. I was being facetious. but the FOSS community has generally been
far more responsive to discovering and patching security flaws than
certain monoliths (*cough*Microsoft*cough*) who have gone on record for
leaving major security flaws unaddressed for about nine months or so (
/http://blog.washingtonpost.com/securityfix/2007/01/internet_explorer_unsafe_for_2.html)/...

Matthew Paul Thomas wrote:
> bdoe: If there are security updates waiting in the archive and Update
> Manager doesn't open within a day, please report a separate bug about
> that. However -- and I apologize in advance if this affects your sleep
> -- it has never been true that "if there's no icon up there indicating
> important security updates, then my system is truly secure". A
> vulnerability may be found and exploited by bad guys before being found
> by good guys; once it is identified by good guys, it may be hours before
> it is fixed in a way that the developers are confident won't break
> anything else; after that, Launchpad may take up to an hour to rebuild
> the fixed package (depending on the complexity of the package); after
> that, there may sometimes be an embargo of hours or days agreed with
> other OS vendors; after it is released from embargo, it will be between
> 0 and 60 minutes before the new package is published in the Ubuntu
> archive; and after that, it will be between 0 and 24 hours until your
> computer next checks for security updates. This is all true regardless
> of whether that last step involves a notification area icon or the
> updates window itself.
I can't file a bug report on something I don't know exists. Like I 
stated, I may well have simply closed the window in a fit of 
desktop-cleaning, without realizing what the window was. I will probably 
never know, because once the window is closed, there is no further 
indication that I need to update my system unless I manually invoke 
Update Manager or another security update comes along (assuming I don't 
once again dismiss the window after it pops up and annoys me). With the 
notification icon (aka. "old behavior"), there is nothing I can do to 
dismiss the icon short of updating my system; nor would I have any 
reason to dismiss the icon prematurely, since it is completely unobtrusive.

As for your point about my system never being truly secure: I understand 
that. I was being facetious. but the FOSS community has generally been 
far more responsive to discovering and patching security flaws than 
certain monoliths (*cough*Microsoft*cough*) who have gone on record for 
leaving major security flaws unaddressed for about nine months or so ( 
/http://blog.washingtonpost.com/securityfix/2007/01/internet_explorer_unsafe_for_2.html)/...

Ubuntuupdate-notifier package

Comment 327 for bug 332945

Ubuntu
update-notifier package