I think some of you may have misinterpreted the "It's time-consuming, technical, and inaccessible" bit. Sorry, but I should have been a little bit clearer about precisely WHAT is time-consuming, technical, and inaccessible.
Browsing and understanding the source (and even the release notes, and bug trackers) of open source projects is frequently time-consuming, technical, and inaccessible. Particularly when it's ensconced solely in a GIT or SVN repo, with no user-friendly web front-end, and is only accessible via a command line.
I disagree with "robin_reala".
Updating software at your leisure, ON YOUR OWN SCHEDULE AND NOT SOMEONE ELSE's, by downloading installers, patches and packages is often a pretty reasonable task. Especially when it's a browser like Firefox or Chrome. It's also better to have redistributable offline copies of installed software and updates that you can retain as backups (uninfected backups, of course), in the event that network connectivity is unavailable, or because the network was essentially the source of the infection in the first place.
Yeah, yeah, yeah... good security practices dictate that we are ALWAYS on someone else's schedule. Live in fear. Okay, yeah, that's great, I get it, we all get it.
Hello- Mozilla employee here, though not a Firefox developer. The good news is it's easy to change how we apply updates from completely silent to "download and choose" to "only check when I tell you". The bad news is, unlike many situations of security theater, we frequently ship security updates due to known existing and actively exploited security vulnerabilities. Staying up to date is the easiest and most practical way of keeping your browser secure. If you want the security updates but find the frequent feature changes jarring, we offer our Extended Support Releases here: http://www.mozilla.org/en-US/firefox/organizations/all.html. I hope you'll adjust your update settings to something that works well for you- we really are trying to keep users in control.
You're in the massive, massive, massively minor minority. People like you have plenty of options for suppressing auto-updates and updating on your own schedule. You can deal with the effects of doing so. Most people can't. I'm having a hard time believing that you're advocating what you are in honest good faith.
Browsing and understanding the source (and even the release notes, and bug trackers) of open source projects is frequently time-consuming, technical, and inaccessible. Particularly when it's ensconced solely in a GIT or SVN repo, with no user-friendly web front-end, and is only accessible via a command line.
I disagree with "robin_reala".
Updating software at your leisure, ON YOUR OWN SCHEDULE AND NOT SOMEONE ELSE's, by downloading installers, patches and packages is often a pretty reasonable task. Especially when it's a browser like Firefox or Chrome. It's also better to have redistributable offline copies of installed software and updates that you can retain as backups (uninfected backups, of course), in the event that network connectivity is unavailable, or because the network was essentially the source of the infection in the first place.
Yeah, yeah, yeah... good security practices dictate that we are ALWAYS on someone else's schedule. Live in fear. Okay, yeah, that's great, I get it, we all get it.