-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Still get "upgrade" suggestion when skip-upgrade-test=yes #1538
Comments
That is intended behavior. The first part of Lynis checks if there is actually an update available and as you saw you can disable that part. The second one is a simple "Lynis might be outdated" test. It is merely a suggestion for people to check if there is a newer version available. Up to the user to deal upon that suggestion or accept that a possibly outdated version is being used. |
If that's the intended behavior, then I can't really argue, but I disagree with that intention. It basically makes it where there's no way to truly ignore the version upgrade test. The fact that you might be running a lynis release that is over four months old is directly related to upgrading (otherwise, why would you care if it's old). If I don't care about upgrading (because I'm managing it in some other way), I wouldn't care about seeing recommendations related to upgrading either. |
It's not a version upgrade test, but a pointer or a hint to the user. The reason for giving this is that there might not be a newer version in the first place available (e.g. if you use Ubuntu and got an older version from the repositories), or because the upgrade check itself failed (e.g. no connectivity). So it is not always because one does not care about upgrading, but typically being unaware about the possibility that there is a newer version. More importantly, to hint users to use a (fairly) recent version. If we want to allow the user to also skip this "Lynis is possibly outdated" test, then we could consider adding a new option. This way both checks can be disabled. |
"skip-upgrade-test" is singular, but there are multiple upgrade tests, so
that's already vague. Singular can be interpreted as "all" of something,
but how are both of these two tests...
- one checking for the positive existence of a newer version (which could
result in an upgrade action), and...
- one that is triggered based on time (which could be a false positive, as
perhaps there wouldn't have been any upgrades available, in which case it's
something of a fishing expedition)...
...equivalent to all upgrade tests? The first test seems neccesary while
the second seems extraneous. From a dualistic sort of perspective, that
could equate to "any and all," but that would be "all" plus something
additional.
The "skip-upgrade-test" option leads the user to expect one option, or
oneness among options.
There isn't any guarantee that in any (approximately) four month period any
project at all would release a newer version, so why give the user any
reason to expect a new release? If there weren't a new release within the
set time frame, how would that reflect upon the project in terms of... are
these people missing their deadlines? ...is this project still active?
...was that security-related suggestion inaccurate?
"Lynis might be outdated," "Lynis is possibly outdated," are very
different statements from "Check the website or GitHub to see if there is
an update available." The first two are non-commital suggestions; the third
is written using the imperative (ie, command) verb tense.
Why send people on a fishing expedition? If they look on github as they
were directed to do, and there aren't any upgrades available, couldn't they
begin to wonder about the accuracy of Lynis' instructions to them?
Can you tell I've been on this particular fishing expedition a few times
myself? ;-)
Wiley
…On Thu, Sep 26, 2024, 10:17 AM Michael Boelen ***@***.***> wrote:
It's not a version upgrade test, but a pointer or a hint to the user. The
reason for giving this is that there might not be a newer version in the
first place available (e.g. if you use Ubuntu and got an older version from
the repositories), or because the upgrade check itself failed (e.g. no
connectivity). So it is not always because one does not care about
upgrading, but typically being unaware about the possibility that there is
a newer version. More importantly, to hint users to use a (fairly) recent
version.
If we want to allow the user to also skip this "Lynis is possibly
outdated" test, then we could consider adding a new option. This way both
checks can be disabled.
—
Reply to this email directly, view it on GitHub
<#1538 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AUF2F22XIELDNHWFZ3DYJ23ZYQ6S3AVCNFSM6AAAAABNNBJN2GVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNZXGUYTGMRSGI>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Version
Describe the bug
When setting
skip-upgrade-test=yes
, it will skip the actual version test, but it will still report the suggestion due to this code:Line 791 in lynis:
In my opinion, the if statement that wraps ReportSuggestion should take into consideration whether
skip-upgrade-test=yes
and not show that message if that is the case. I can create a PR if others agree this is desirable.Expected behavior
I disabled upgrade test, so that means I don't need to see anything related to upgrades.
The text was updated successfully, but these errors were encountered: