On 07/22/2010 04:50 PM, Robert Kaiser wrote: > Daniel schrieb: >> Ant wrote: >>> On 7/21/2010 8:32 PM PT, Daniel typed: >>> >>>> Antman, if you have a look at Edit->Preferences->Advanced->Software >>>> installation, you may may be able to set things up the way you want!! >>>> May!! >>> >>> Daniel, I don't see an option to automatically/silent install or prompt >>> before installing. >> >> When I brought up a similar line of discussion a while back, I think the >> line put out was "These are security updates, they are good for you, you >> don't need to know about it, it will just happen!". >> >> I can, sort of, see the point, but if there are still people using SM >> 1.x.x because they don't like some of the additional/subtractions, there >> might also be those that want to stick with 2.0.4 and not upgrade, but >> they don't get that option. > > Why? 2.0.x security updates don't introduce any functional changes, only > security and stability updates as well as fixes to annoying actual bugs. > I see no reason why anyone would want to stay on more broken releases > with the same functionality. > > 1.x vs. 2.0 has a lot of functionality changes, I see arguments there, > though IMHO none of them are good. ;-) > > Robert Kaiser > >
<Not snipped on purpose> You've already been told some time ago why in a previous thread regarding this: Message-ID: <rusdny0jtbqc5btrnz2dnuvz_h6dn...@mozilla.org> > This is also a security issue; the opposite of what Robert suggests. The > default of automatically downloading a SM update (2.0.4 to 2.0.5 for > example) without the user first authorizing the download is plain wrong. > I suspect that the update url's, app.update.url etc strings could easily > be changed by a trojan etc. > app.update.url. We of course _trust_ that the auto update urls are > secure and working, but the possibility still exists that these actions > could be redirected to a trojan update.xml > > Then of course, what if you are purposely keeping the rev at a > particular version (testing, problems with the updated version etc)? > Or worse yet, if the update that you hadn't planned on installing fails? > http://kb.mozillazine.org/Software_Update It's a system security issue! The update url's can easily be changed by a trojan et al. Further, the *user must* be in control of whether to perform an update or not. That said; Edit|Preferences|Advanced|Software Installation|Updates|uncheck 'SeaMonkey' will prevent this. This should be the default until SeaMonkey provides a proper "Do you want to download" type prompt. +1 to Ed Mullens post. _______________________________________________ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
