versions are quick and easy

The below is a duplicate from discourse (I suggest to focus the discussion there): https://discussion.fedoraproject.org/t/potential-security-issue-for-begin... I just became aware of another topic from a user who elaborates their problem and “by the way” mentions to use Fedora 35. The user provides this information in order to give an overview of his system configuration and thus does not consider this as part of the problem. I have seen many of these topics over time, and I guess there are many more users out there who use obsoleted Fedora releases (the less experienced they are, the more they are likely to end up with obsoleted releases, and the less likely they are to end up on ask.fedora so that we can make them aware). We officially want to make Fedora usable for average users (or beginners), but many (if not most) average users deploy their systems in a “fire and forget” manner: once they made it work, they maybe enable updates and such and then they no longer care if everything *seems* to work fine. I assume that many of these users are not aware that they no longer receive updates, which can be dangerous. First of all, I don’t use my Fedora installations until their *end of life*, so I don’t know if we have any means in place that shall make users aware once their release reaches *end of life*? *If not*, does it make sense to add some means? If we promote Fedora for average users/beginners, we have to also consider their behavior. On one hand, it would be cool to make them a month or two before *end of life* aware with a warning message that automatically forwards them to the GUI upgrade with a click and also allows them to click “warn me again tomorrow” or such. On the other hand, more easy to implement solutions like that of Tails could be sufficient solutions, too: once the Tails ISO image is started (live system) and online, it checks if there are new images available. If so, it opens a warning window that makes the user aware that this image should no longer be used and shows a link and a short elaboration of how to get the new one. Of course there are alternatives, too. Even an apparent bullet point on getfedora.org would be a good first step (we could link it to Fedora being always up to date with most modern technologies, to link it to something positive). In either case, I think a short discussion of this makes sense. This also applies to all Spins. Best, Chris _______________________________________________ devel mailing list -- devel(a)lists.fedoraproject.org To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

On Fri, Aug 11 2023 at 02:24:22 PM +0000, Christopher Klooz <py0xc3(a)posteo.net&gt; wrote: > First of all, I don’t use my Fedora installations until their end of > life, so I don’t know if we have any means in place that shall make > users aware once their release reaches end of life? Fedora Workstation will display a nag notification once per week when a newer release is available, so unless you uninstall GNOME Software or ignore all notifications, you should at least be aware that a newer version is available. I had thought we had daily nag notifications once the release has reached end of life, but maybe I was imagining it because I can't find any evidence that this actually exists. I think GNOME Software should look at SUPPORT_END in /etc/os-release and nag more frequently.

On Sat, Aug 12, 2023 at 12:07:05PM +0200, Leon Fauster via devel wrote: > Please do not clutter the user experience with such _additional_ > informations. The user on such workstations are not always the > administrator and such informations would not help/change the > situation either. I think it's reasonable that this should be something under admin control, but for the common default scenario where the single uesr is also the admin it seems reasonable to let the user know that they'll no longer receive security updates?

> look at SUPPORT_END in /etc/os-release and nag more frequently. > > Highly recommend other Fedora editions consider similar notifications. I don't think more nagging is going to help. It is just going to be considered yet another annoying nag to ignore or click away. Like it or not, non-technical users are NEVER going to upgrade to a new operating system release. Not now, not 10 years from now. Until their computer physically breaks down, at least. There is just nothing you can do about it.

Each of these groups have 'farms' of several hundred of each type of phone which get continual updates and they have a long certification process to make sure that they reach 'all the phones updated without problems and ran N hours without issues afterwards'. This is part of the reason it can take months for a release from The OS manufacturer (aka Android) to get pushed out to fleets of phones. It is fairly 'expensive' work with lots of little issues having to be tracked down and passed. [Because even when you 'built the phone' you find out that N% of that batch still acts slightly different from the rest on this update.] In the desktop/computer mode this is just outside of anything that I think a volunteer oriented organization could try to make work at scale.