> Separating security patches from feature updates is better but doesn't 100% guarantee there are no data-losing bugs.
It's a nice thought to separate "security" and "feature" updates, but I'm not sure if its realistically achievable.
----
Looking at the bigger picture, I think the issue is that once developers/managers got into the habit of forcing updates on users, it became an excuse for skimping on QA/QC. "If there's any bugs, we can just fix them in the next release". But there's a huge difference between internally finding a bug, analyzing its potential impact, then deciding it isn't a blocker and expecting your users to find bugs for you.
That would be really, really hard and would require a tremendous amount of additional organization in the dev process. Either that or fixes would need to be back ported to every running supported version. That's insane.
It's a nice thought to separate "security" and "feature" updates, but I'm not sure if its realistically achievable.
----
Looking at the bigger picture, I think the issue is that once developers/managers got into the habit of forcing updates on users, it became an excuse for skimping on QA/QC. "If there's any bugs, we can just fix them in the next release". But there's a huge difference between internally finding a bug, analyzing its potential impact, then deciding it isn't a blocker and expecting your users to find bugs for you.