[Bug 158715] Periodically call home to check for need for update due to security vulnerability
bugzilla-daemon at bugs.documentfoundation.org
bugzilla-daemon at bugs.documentfoundation.org
Sat Dec 16 09:24:10 UTC 2023
https://bugs.documentfoundation.org/show_bug.cgi?id=158715
--- Comment #19 from Eyal Rozenberg <eyalroz1 at gmx.com> ---
(In reply to Mike Kaganski from comment #18)
> Note that appstore-provided versions have it *good enough*. Please avoid
> confusing appstore versions, and things like MSIs.
I disagree, perhaps in two respects.
First, it depends on the appstore's update mechanism. Is the user prompted to
update at all? And even if they are - it is probably a prompt which says
something like "12 applications can be updated", which gives you no sense of
urgency about security problems.
Second, about LO itself. With an appstore in the back, or anything which calls
home, it should be possible for LO to know that the current version has a
security vulnerability. And when this happens, I think the user should see more
than an "update available" icon. It should be something more dramatic. A red
bar, a warning dialog which pops up etc.
And I'll again say that users should be able to opt out of all of this stuff in
case they really don't want to be bothered; but I'm certain that for the
majority of our users the benefit of such nuisance when a security
vulnerability is discovered far outweighs the detriment. Right now things don't
seem too dramatic, because the exploit requires the user to actually go get the
malicious code and run it; but another time it may be something more severe
when we really want users to update fast and not be stuck with vulnerable
versions.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the Libreoffice-ux-advise
mailing list