Maybe a hot take but I usually update my Librem 5 from command line using apt, and today I got a notification about PureOS Store wanting to do automatic updates while in an airport.
Obviously PureOS on mobile with Phosh is better than android, but I had an Android do weird updates that changed the home screen one time at an airport. I just feel really edgy about Automic Updates at the Airport.
So I wanted to say: I think Automatic Updates at the Airport should not be a default on PureOS. Power of defaults!!
That brings an interesting scenario. Your phone (Android or Apple) is inspected at at airport customs. You surrender your pin. Then it asks the Customs Agent to do an update and it wonât go further or back out of it.
Doies the Customs Agent perform the update?
(The pin surrender is for purposes of this scenario, not an additional debate here. Not even sure those phone types would do this.)
I think automatic updates are a good idea for a consumer device, but I agree that certain users may want to disable them at specific times or even disable them altogether. I donât think thereâs any way for Purism to determine that youâre at an airport and disable them for you, so maybe you should leave them turned off if youâre worried about that.
I do think the store should have an option to periodically check for and alert on updates without applying them automatically.
What about disabling automatic updates for the first 3 hours of getting a data connection from any one source? Wouldnât that be conceptually easy and simply a matter of implementation?
I think my biggest concern is the case of connecting to something you never connected to before, and having it tell you its time for a new update as a result.
What is a data connection âsourceâ? A cell tower? A wifi network? Should it never update if youâre on a road trip? I feel like this is a niche request that would be better served by custom scripts on your end. It should be possible to write a script (run via systemD timer) that checks for network changes and changes the auto-update setting accordingly.
Personally, I try to avoid updating any device in any way while away. But I donât change any settings. I just decline to install updates when it badgers me. (That assumes that you never just set the device to download and install updates without your intervention.)
With that simpler requirement, it may be possible to have the effect of disabling automatic updates except when on the home LAN. However apt doesnât seem to have a config option to achieve that directly. A hack way may be to force apt to use a proxy (and make sure that the proxy only exists on your home LAN). A related hack way may be to operate a local apt repository and simply configure to use that local repository for updates (assuming you have a server at home, with enough disk space and enough internet bandwidth).
This is part of my entire point, though. I like to believe updates happen only when I opt in to doing them, and this should probably be the default. But it seems that PureOS store has a setting in the menus for whether to update automatically, and the setting is on by default so maybe it simply isnât applicable to most things. But for those things it is applicable to, why is it on by default? Can we get that default changed?
Obviously I can use that settings page and toggle it myself, but itâs what I might consider a bad default. I do not think at all that I would have manually turned it on. This is very unlikely.
Iâm not certain what the default behaviour is but in any case there are a range of theoretical choices:
donât even ever try to do any part of the update process automatically
check automatically whether updates are available but donât download anything without asking (and hence by definition nothing gets installed automatically)
check automatically whether updates are available and, if so, download them but donât install anything without asking
just do the whole process without asking
Perhaps you are asking for #1. Probably it can be achieved for you personally by disabling some service (and then updates would only ever be checked for when you specifically request it, either via the GUI or via the command line).
I suspect most denizens of this forum would not approve of #4. It is the only one that is potentially dangerous, and isnât really consistent with user control of the device and user informed consent. #4 is more the Microsoft vibe (and I think that even Microsoft mostly lets the user control whether and how updates are installed).
The counterargument regarding âdangerousâ is of course that occasionally it is the case that not installing a critical security update is actually dangerous. That doesnât mean that the user should be denied the possibility of shooting him/herself in the foot; and in some niche scenarios it may actually not be dangerous for that specific user.
But then talking about what should be âdefaultâ, the discussion needs to take into account appropriate and desirable behaviour in the context of a wide range of users.
I think that #2 is what actually happens by default. Nothing is installed or even downloaded by default but it does badger (aka notify) you by default. Iâm unclear on what you see as wrong or inappropriate in that behaviour.
However what you originally asked for (behaviour depends on whether phone is âawayâ or âat an airportâ) is way beyond the above behaviours, and hence has led to the suggestion that this is a niche requirement that you should personally cater for using scripts or other hacks.
If âAutomatic Updatesâ is toggled âonâ in the PureOS store, it will automatically install updates to flatpaks! In my experience, it does not affect PureOS main updates (eg. apps installed via apt or .deb âŚetc).