Add a policy similar to DisableAppUpdate that allows manual updates, but without prompting
Categories
(Firefox :: Enterprise Policies, enhancement)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox87 | --- | fixed |
People
(Reporter: bytesized, Assigned: mkaply)
References
Details
Attachments
(1 file)
I would like to suggest a policy that prevent automatic updates, but allows manual ones. I don't think there is any desire from our enterprise users for this feature, but I have seen numerous requests for this from non-enterprise users (See bug 1420514 and bug 1643749 for examples).
I don't think putting such an option in about:preferences is the right decision simply because this option is dangerous. It puts a user at high risk if they set this and forget to ever update their browser manually. But enterprise policies are less accessible to less knowledgeable users and more accessible to power users. So perhaps this would be a good place for a setting like this to live.
I'm not sure yet one way or the other whether this is an option we definitely want to add, but I'm filing this bug so there is a place to discuss the possibility.
|
Assignee | |
Comment 1•4 years ago
|
||
Wouldn't setting the new AutoUpdate policy you wrote to false do that?
|
Reporter | |
Comment 2•4 years ago
•
|
||
Ah apologies, I wasn't clear enough. The difference would be that this would suppress update notifications. That is the complaint that I hear voiced the most often about the currently available options.
Another possibility, by the way, that might be a middle ground here: a policy that prevents update notifications from displaying more often than a particular frequency (maybe once every couple of months).
|
||
Comment 3•4 years ago
|
||
Meh, this has been mentioned so many times in the past few years that for many of us the whole issue has become kind of 'mute'. By now, for instance, personally I am very used to just disable the whole automatic update part of firefox all together, and just manually check for updates on regular basis. This also to avoid the heaps of issues that are (these days) usually paired with updates, so that 'first' a thorough check on reddit and other sites can be performed to see 'if' the update is safe to install. Only 'then' will an update be executed. As me, I understand that a lot of power users these days simply think alike, and do not allow automatic updates in the first place.
|
|
Assignee | |
Comment 4•4 years ago
|
||
Do you have code to support this if I created a policy?
|
|
Reporter | |
Comment 5•4 years ago
|
||
All the necessary capabilities are there. It would be a little more complicated than just turning the feature on, but I could quickly write a patch that would allow for this.
|
|
Assignee | |
Comment 6•4 years ago
|
||
This is still in my triage, so deciding what to do.
How would user get these updates? They would have to go to the about dialog? (Or is the new check for updates feature coming)
I think in combination with the check for updates feature , this is a great idea. Basically don't tell me about updates, just let me check.
How do you want to prioritize?
|
|
Reporter | |
Comment 7•4 years ago
|
||
(In reply to Mike Kaply [:mkaply] from comment #6)
How would user get these updates? They would have to go to the about dialog? (Or is the new check for updates feature coming)
Yeah, one of the current places where they can check for update: the about dialog or about:preferences. I think there is (will be?) some way to check for updates from the megabar as well.
How do you want to prioritize?
I think the real issue is figuring out an exact mechanism and getting the Update team onboard. We're always reluctant to allow for a situation where, without un-prompted, manual intervention, users won't get potentially important security updates.
Personally, I think that how inaccessible enterprise policies are to a non-technical audience makes this reasonable. It's substantially less likely that a user could end up in this situation without understanding the implications of what they are doing. I also believe that we aren't doing ourselves any favors by pestering users that are only ever going to update on their own schedule anyways. I suspect that the notifications aren't changing the frequency that those users update at, and succeed only in annoying them.
But I know that these views are not universally shared.
Molly- Would you mind weighing in with your opinion on this? IIRC, you had expressed some reluctance about this idea. If not this mechanism, does the mechanism I mentioned in comment 2 sound appealing?
|
||
Comment 8•4 years ago
|
||
(In reply to Kirk Steuber (he/him) [:bytesized] from comment #7)
Molly- Would you mind weighing in with your opinion on this? IIRC, you had expressed some reluctance about this idea. If not this mechanism, does the mechanism I mentioned in comment 2 sound appealing?
I don't think I actually have any objection anymore to the original proposal. My concern was was based on security: it's true that making this feature exclusively available via policy would make it difficult enough for a user to accidentally mess themselves up, but it would still be simple for an attacker to set the policy and effectively block updates because policies can exist in user-writable locations. But, I mean, that's true for the other app update policies that we already have, and some of those are even worse, so this doesn't actually open any new vectors. So I think I'd be willing to take this patch if it isn't too unwieldy.
|
|
Reporter | |
Comment 9•4 years ago
|
||
(In reply to Molly Howell (she/her) [:mhowell] from comment #8)
because policies can exist in user-writable locations
I believe this actually is not true. Unless your installation directory is user-writable, in which case we can't stop users from just editing Firefox directly, so securing against processes with user permissions is basically meaningless.
But my understanding is that policies in the registry require administrator privileges to modify. Bug 1507291 has a bit more explanation of this.
|
|
||
Comment 10•4 years ago
|
||
The registry is what I was thinking of, but it seems you're right about that, I didn't realize the ACLs were set up that way. Thanks for the correction.
|
|
Assignee | |
Comment 11•3 years ago
|
||
|
||
Updated•3 years ago
|
|
||
Comment 12•3 years ago
|
||
Pushed by ksteuber@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/7bed6ad326ff Add policy for manual update only. r=bytesized,fluent-reviewers,flod
|
||
Comment 13•3 years ago
|
||
| bugherder | ||
|
||
Updated•2 years ago
|
|
|
||
Updated•2 years ago
|
Description
•