I meant easily AND tidily AND without risk.
Is your example supposed to demonstrate that there’s never risk?
That it’s tidy to have to check every day if the numbers/sources of notifications have changed, because you masked some, but not all, because of many possible reasons?
If you think it does (demonstrate), then I can’t demonstrate otherwise to you.
Easy? Yes, just don’t click update.
Tidy? Yes, since the update notification sits in your Settings area and does not impead on your dashboards at all.
Without risk? That comes down to the particular update, which in fact basically stands in the face of your entire argument since any ‘risky’ update would only be a risk if you don’t update, say if there was a security hole. In that case you would want to update as soon as possible. If you think an update is risky to proceed with, I’d say this is very unlikely with ESPhome since the updates (unless an accidental bug is introduced, unlikely) only affect the particular ESPhome component that your device uses. IE: If I update a downlight and the ESPhome update has new feature regarding a temperature sensor, nothing actually changes on the downlight.
No one is making you check for updates daily. This should not be a high cause of concern in your life. Go and enjoy yourself and check for updates when you are bored.
You are sparky
And I mean that in a good way.
If only every good thing had an advocate like you…
HA used to update every 3 weeks, so they did stretch it to monthly. (I know the thread is about esphome, not HA, but just sayin’)
Afaik the last security update (fixing some upstream bug) was (somewhere) in ESPHome 1.15 in the year 2020.
Since then all updates are feature updates, like shipped monthly and on top bug fixes for that.
Personally I have the update notifications disabled because it is just not practical for ~100 esphome nodes.
I do “regular” updates myself every few month - because I see no urgency in feature updates.
Also I hope/expect that when a critical/security update get’s rolled out that HA actually uses the “repair” channel to “warn” about that independently from the (for me disabled) update notification channel.
I think you are wrong. It can be done easily, tidily and if you take into account that over the last 3 years there were no security bugs discovered (and fixed) it should be even a low effort/risk for you
But as always: From great power comes great responsibility!
Welcome to the rabbit hole Long story short: You don’t need to - in case there is no security updates you just don’t need to. And if you skipped a month, or two or three you just update to the latest and don’t need to keep track of old versions (just don’t forget to read all intermediate change logs and pay special attention to breaking changes!)
I don’t find the binary option to ignore updates to be either good UX or good security practice. The issue is less that the project itself is being updated regularly, and more with the end-user experience of applying updates so frequently. This is an issue across the entire Home Assistant ecosystem, though the pain is felt most acutely with ESPHome due to the volume of devices many people deploy.
Why not have the ability to either snooze updates or only be notified of updates where the patch number is higher than X? Or perhaps only notify of the most recent prior-month patch version when a new month’s .0 version comes out.
This way there would be fewer updates to apply for those who aren’t willing or able to invest the time to be on the bleeding edge. It also would not put users in the position of having to choose between remembering to go back to find and apply updates OR going for so long without updates that many devices require extensive research to get functional again when a critical issue comes up.
@nickrout My “complaint” was because of updates every few days. Like 3. Could have been a few more, as I did try to delay a little, just in case, then updated, then next day there was another update.
@orange-assistant I don’t think you can state that just because things went OK for you (and so many others) with ignoring updates they will continue to be so. And I find it hard to believe that none of the libraries used had any security update in the 3 years. Luckily, our security has many layers and nothing happens when one breaks but that doesn’t mean it’s OK to keep letting them break, one by one.
@TheWanderingTurkey I’m glad I’m not the only one; thank you.
Yeah, it is hard to hit the happy place between a quickly moving software project on the one hand and peace and quiet on the other. I am sympathetic, but I also like the rate of new features and fixes.
@nickrout Come on! Looking at the release history here https://github.com/esphome/esphome/releases/ I can’t see dates, but there are four stamped “2 weeks ago”, one “3 weeks ago”, and another “1 week ago”. That makes SIX within a two weeks period (give or take)!
Is that really what you want?
You are including beta releases. Which you will not see update notifications for unless you specifically join the ESPHome beta program.
I didn’t know that; so I looked again.
It seems if we eliminate the ones with “bn” (I suppose meaning beta), we get 4 within 1 week ( give or take, between last week and 2 weeks ago).
Am I wrong again?
Two. Count the ones without “b” in the minor version number.
- It was 2023.9.0, 2023.9.1, 2023.9.2 and 2023.9.3
Four but within more or less one week (last week, two weeks ago).
Sorry thought you meant in the 2 week ago period. Yes 4 in the last 2 weeks.
None of which you have to update to. Just ignore them. Unless you are affected by the bug fixes.
As per what Tom just said, you need the updates unless your ESP devices are using the affected components as per:
I thought we (some of us) agreed that not having to update when notifications come is not a solution.
Thank you Sparky for that image.
So why did the dev feel he had to release 9.1 with no obvious benefit (unless you need tuya scaling) just to release another one 4 days later, that does seem to have some obvious benefits?
And then he probably knew he was going to work on the other “benefits” of 9.3 and even if he didn’t think he could finish them in ONE DAY; we could have waited for it a few days.
So all those could have been one, in my opinion.
I keep saying “he” when it should be “they”; thank them all
I guess it comes down to how many people (worldwide remember) that were affected by the bug. If you were someone who had a bunch of devices that no longer worked, you would have been pretty keen for that update.
Which are the bug-fixes in 9.1 that might have fixed broken anything for anybody?
I didn’t want to get so deep into details here; it feels like it’s a race! It shouldn’t be like a race; it’s what makes bugs more likely in the first place; maybe that’s why so many bug-fix-releases are necessary.
I’m very happy when there’s new stuff I may use, but my happiness is lessened by broken stuff; I’d rather be happier later but without so many shadows.