On Wed, Oct 5, 2016 at 3:53 PM, Adam Williamson <adamwill(a)fedoraproject.org>
I honestly think GNOME has this exactly right for the
the safe thing to do is to strongly encourage offline updates, i.e.
don't offer any online update mechanism through the desktop. In a
completely practical sense, given the current state of the tools and
the fact that we know bugs like this crop up - not *often*, but more
than *never* - I think it's a more responsible approach than running
the update process inside the desktop session.
Could KDE perhaps look into making it so the update process runs
outside of the desktop session somehow, if it's not going to go to
full-on offline updates 'any time soon'? I know this decision has its
own complexities, though.
OK, I just think we need to do a reality check here. I initially was
trying to find
out exactly what was the risk... all the posts I read was more or less 99%
of the time
you'll be fine, but "be afraid, be very afraid". I then asked for more
clarification.... "oh, it
is too big to clarify, but be afraid, be very afraid... this is a serious
issue". (Oh but by the
way, most of the people who claim it is a serious issue go ahead and do
online updates anyway...)
OK, I can see the value in offline updates, so I create a RFE to DNF, which
I thought was suppose
to be THE STANDARD FEDORA SOLUTION. The response, which I completely
agreed with was basically, yeah, this is a good idea... but it is a low
priority. The implication is that
they believe there are more important items which demand their attention.
First of all, if this was such a serious issue, Fedora completely failed in
making it known. From
what I gather the target audience for "offline" updates was novice users.
What follows are rhetorical
Where was the campaign to communicate this "serious issue" to the Fedora
Do you think you're going to get the message out by posting to the
development mailing lists?
Where was this discussion when we went from YUM to DNF if it was such an
If this is such a huge issue, why doesn't the DNF team consider it a higher
Why are we asking that each DE reinvent the wheel on this when we have
DNF? That just seems
to be a complete waste of resources.
Every software has risks. I have yet to have an issue using YUM or DNF for
online updates. The only
time I have experienced an issue (which BTW was a complete PITA) was with
PackageKit. So much
If Fedora collectively believes this is a serious enough issue then get the
DNF team to change their
priorities - otherwise people need to consider the risk in association with
the exposure. Everything that
I have read indicates that it is minimal. That isn't to say it shouldn't
be done... what I am saying is
people need to stop being alarmist and be worried about more serious