Brian's Blog Homepage
Automatic updates are bad

There is a growing trend for software to automatically update without any notification, authorisation or backup. This sucks!!! Let me tell you why.

A Joomla! website typically consists of the core application and many extensions, which include modules, plug-ins, components and templates. It is not possible for the developer of each of those elements to test their changes with all possible combinations of extensions.

When any one of those extensions, or the core of Joomla itself, are upgraded then it is perfectly possible that your website will break or need a small change. If this happens without your knowledge or assent how long will it be before you discover that all yours sites are down. If you are not there to observe it then your website may be broken and even off-line for a period of time until either you notice it yourself or someone tells you.

However if it is you yourself who updates the extension or even the core of joomla then you're able to:

  1. take a backup before you perform the upgrade - and test it!
  2. take remedial action immediately if there is any error
  3. choose the most convenient time for the upgrade to take place, preferably when your target user base is off-line. You don't want to risk an upgrade going wrong at the busiest time of the day.
  4. test the upgrade on a non-production site such as a test/dev/local server

I believe that blindly performing updates remotely is just as dangerous. 

It is perfectly possible to detect if an upgrade is available and remotely trigger the upgrade process. This can appear to be very attractive if you're maintaining several websites and need to upgrade them all at the same time. But in my opinion the time saved by mass remote updates in the short-term has the potential to create considerable heartache and work.

There are many times when after performing the update a message may be displayed from the developer informing you of some additional steps that need to take place before the upgrade can be considered to be complete. This may be a simple as clicking a button to convert some tables but I've also seen manual instructions to remove files from the web server that are no longer needed and can be considered as dangerous. If the update is performed remotely, with no backup first, then you may never see those messages and your website may be left broken. Even worse, the minimum server requirements might change between releases. An automatic or remote update can't know about this until perhaps some day in the future when Joomla implements some sort of dependency checking.

You definitely do not want to find out at 2 a.m. on a Saturday night that an update has gone wrong when a furious client calls you and demands to have that fixed immediately.

How often do we read an extension developer moaning that users are submitting support tickets immediately after an update which they never should have performed if only they had read the release notes.

Is it really such a big task to log into websites and perform the update in situ, after you have taken a backup, and read the release notes? Especially when virtually all extensions allow for single-click updates, either with their own code or through Joomla!'s extensions updater.

What about security?

There is definitely an argument to be made that critical high level security issues can and should be made automatically. The recent Drupal vulnerability suggests that any site not patched within 7 hours of announcement should be considered as hacked. But how often does that occur?

For me the risks outweigh the benefits.

J o o m l a !

Brian Teeman

Brian Teeman

Who is Brian?

As a co-founder of Joomla! and OpenSourceMatters Inc I've never been known to be lacking an opinion or being too afraid to express it.

Despite what some people might think I'm a shy and modest man who doesn't like to blow his own trumpet or boast about achievements.

Where is Brian?