[solatic]

If you compare to the Linux ecosystem, you can see why IoT upgrades are broken. In the Linux ecosystem, software releases are typically independent from packaging, as well as from package managers and their update configurations, allowing users the freedom of being somewhere on the spectrum from completely unstable rolling release distributions to highly stable releases like Debian Stable. Software which auto-updates itself, instead of relying on the package manager to update it, is widely considered to be an anti-pattern.

IoT needs a packaging ecosystem to protect the freedom of its users, instead of allowing IoT devices to independently connect upstream to the manufacturer to get updates. Of course, auto-updates should be the default, because most users won't pay attention, but the user's freedom should be protected and preserved.

[veli_joza]

The packaging system is only a part of puzzle. I can control what happens with my Linux laptop, but it's much harder when 10+ devices around you are constantly updating. There's also the thrust issue - we all want exploit patches to be applied automatically while feature changes are different thing altogether (remember when Sony pushed update to PS3 that disabled OtherOS support).

Maybe a good legal solution would be to allow automatic updates, but only if user is informed about changes and she can downgrade/revert at any time. Also, the stuff that Microsoft does with Win 8/10 upgrading should be punishable.