Why all of the upgrades

Ethan Blanton elb at pidgin.im
Wed Jun 2 16:46:32 EDT 2010

Joelle Crepsac spake unto us the following wisdom:
> I've suggested that 150 people (that do not have administrative
> privileges) use this application; an application that has had something
> close to 8 version changes in a few months. 

If you're deploying Pidgin to a large group, you should probably be
turning off the release notification plugin and handling updates via
whatever your normal software distribution method is.  Pidgin updates
are non-destructive to user settings (and, in *most* cases, so are
reversions), so if you were to simply update the software on users'
desktops whenever you do your normal system updates, they would not be
bothered.  (Except, of course, that they would receive bug fixes and
feature updates.)

> I don't consider that SO MANY revisions "active development"... 

Perhaps you are simply unfamiliar with open source software.  However,
I think your characterization is simply incorrect.  2.7.1 and 2.7.0
were only about three weeks apart, it is true; however, there were
three months between 2.6.6 and 2.7.0.  For each of the releases going
back to 2.6.1, there were 1-2 months in between.  I don't think this
is at all unreasonable.  (2.6.0 *did* follow within 24h of 2.6.1,
because there were severe bugs in 2.6.0 for some users.)

> I thought that I could actually get useful answer here; something that I
> could share with the 150 people I suggested this program to; something
> they could understand and relate to, and assist in creating some kind of
> trust and security in changing from their former instant messaging
> program. 

The answer is that updating versions isn't a problem.  In addition,
except for the versions which correct security vulnerabilities for
services users are actively using (and most of those aren't critical,
being only non-exploitable crashes or DoSes, such that users only need
to upgrade if they're having problems), users don't need to upgrade
just because a release is made.  The release notification plugin
presents the changelog for the new release, and it is also available
on the web site shortly after the release.  If a perusal of the
changelog doesn't show anything interesting, skip the update.  Or,
just update -- I'm not sure where the fear of bug fixes and new
features is coming from.

The bottom line is that Pidgin will quite possibly *never* go six
months or more without release.  You should be VERY suspicious of any
network client which claims it will be -- if nothing else, that means
that the authors of the client are unconcerned about possible security
vulnerabilities.  In the case of Pidgin, we add features and
functionality, and fix bugs, more rapidly than that.


The laws that forbid the carrying of arms are laws [that have no remedy
for evils].  They disarm only those who are neither inclined nor
determined to commit crimes.
		-- Cesare Beccaria, "On Crimes and Punishments", 1764
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
URL: <http://pidgin.im/pipermail/support/attachments/20100602/283bf579/attachment.sig>

More information about the Support mailing list