luci-app-attendedsysupgrade and owut by default?
Karl Palsson
karlp at tweak.au
Fri Sep 26 07:57:36 PDT 2025
> +1
>
> I think that if OpenWrt devices started *by default* to « phone home » (whether directly or via an in-browser query), that would certainly be a concern.
>
> Such a feature - while appealing - should *absolutely* be an opt-in, and not an opt-out.
> Opt-out may also have legal implications (e.g. GDPR?).
>
FWIW, CRA implies that it _should_ be _opt out_ for updates, and they
should be enabled by default. Yes, I know some people don't like that,
but people don't opt in :)
Annex I, 2c)
"ensure that vulnerabilities can be addressed through security updates,
including, where applicable, through automatic security updates that
are installed within an appropriate timeframe enabled as a default
setting, with a clear and easy-to-use opt-out mechanism, through the
notification of available updates to users, and the option to temporarily
postpone them;"
I would believe Hauke is looking at this from a CRA compliance
viewpoint, ... yeah, it should be opt out, not in....
Sincerely,
Karl Palsson
More information about the openwrt-devel
mailing list