This isn't a bug, this is a request to change behavior.
Ignoring the snarky tone of the author, this request hits at a fundamental compromise we make when using computers: We have to trust the software we run. there's no reasonable way for us to manually review every line of code that's running on our computer.
Should Signal make this change? I personally don't see how allowing users to manually disable automatic updates makes a product any more secure. We normally consider installing updates periodically part of good security, so disabling what is considered a good security practice in order to have security just seems like a contradiction.
Agree with everything you've said here except for:
> I personally don't see how allowing users to manually disable automatic updates makes a product any more secure
There's tangible security benefits allowing users to update at will, not everyone lives in the same world or faces the same threats, a gay peace activist in Azerbaijan doesn't live the same life as a software developer in Atherton, CA.
A simple notification of security updates is sufficient for the most part to ride ahead of the never-ending wave of vulnerabilities.
Having the simple choice to do so is quite desirable for many people.
Ignoring the snarky tone of the author, this request hits at a fundamental compromise we make when using computers: We have to trust the software we run. there's no reasonable way for us to manually review every line of code that's running on our computer.
Should Signal make this change? I personally don't see how allowing users to manually disable automatic updates makes a product any more secure. We normally consider installing updates periodically part of good security, so disabling what is considered a good security practice in order to have security just seems like a contradiction.