When a patch is released, how soon should you install it?

[domineaux]

I thought to share this little tidbit of info, which I hope can help others. :up:

Like most people I have always been reluctant to download updates and patches, etc. to my computer.

It's not like I needed them, right?  I mean when everything is working fine why poke with my stuff.

The reason I say that here, is because I have put off installing SMF patches until things kinda caught up on TP or themes.  I don't think I'm alone in this.

I was surfing around the past few days on sites that deal with security issues, virus scans, system scans, etc. 

Bam... one poster nailed me.

He said,
"There are some things most people don't pay attention... when security vulnerabilities are made known to a dev the usual thing is the dev puts up security patch to resolve the issue ASAP.  Most people get the notices through updating protocols or other means ASAP.  The information about security patches is put out there for sure."

Actually, by informing his users the dev is also telling the world of hackers and crackers that his code has a security issue.

This poster went on to say.

"Most viruses, hacks, cracks, etc. are created "AFTER" the developer notifys his users there is a security vulnerability.  "AFTER" the fact the hackers and crackers jump onto the issue and put out exploits.  The hackers and crackers know the reluctance of users to upgrade and patch."

The proper response to "patch or not patch" could be related to whether the patch is dealing with any security issue/s.  If the patch isn't dealing with security issues I could probably, saftely wait a bit.

Otherwise, I plan to install patches and upgrades...posthaste from now on.

[bloc]

Indeed that is the dilemma - that would-be-hackers picks it up and target all those that haven't updated yet.

The option is probably to issue an update that has security fixes, but is just announced an a minor update. But then everyone will just wait..thus more sites will delay the crucial update as it is.

A dilemma.

[Assistance]

personally I believe patching a secuirty flaw over rides any mod

I would rather wait for an update on the mod, then have to re do my site or be subject to a hack-attack.

if its just a bug fix, then yes, I normally wait if its something that is not that 'important'.

[eldacar]

If you use the package manager your mods should still be fine. There's no good reason not to update immediately.

[RoarinRow]

I also think it depends on what the patch addresses.  Security is high on the list, but if the patch also addresses bugs, bugs that I have to constantly address, then I would definitely upgrade.

I normally don't have an issue if mods don't work so long as the foundation of the forum, which is posting, works, then everything else is fluff.   :up:

[Shadow]

If you use the package manager your mods should still be fine. There's no good reason not to update immediately.

Yes, THey would be fine if you go throw package manager.  I have to update my to 1.1.2 and TP to 0.9.7.1 because i have 0.97 install on my forum...