[cmeacham98]

I'll give you the same answer I gave people when Microsoft started doing the same nonsense with Win10:

I totally agree your average end user is poor at managing updates themselves and thus it is justified to enable auto-updates by default. What that does not justify is totally removing the ability to turn them off. Feel free to make it a little harder to disable: the user has to run a CLI command or something, but the option should be there.

> How can these be addressed if upgrades are not forced, are there standard processes followed that provide the best compromise for both vendors and end users?

If you go through the extra effort to disable updates and don't grab a security fix, that's on you. How is "you have to do exactly what I tell you - wait why is nobody using my software?????" a best compromise for users? What are users expected to do when an upgrade breaks something and they can't downgrade?

[ctxc]

Sensible defaults, but built for the power user. Makes sense.

[anonymousab]

The old argument is that anything a power user can do, a malicious script can do too. So such options must be removed entirely if there is any chance of a less technically inclined user being tricked into doing it.

[DangitBobby]

This argument doesn't hold water. At the point malicious software is already on the machine, an automated update doesn't help. And if someone is inducing you to manually turn off automatic updates for malicious reasons... they could just as easily be inducing you to install malicious software directly.