Comment by hansvm

That sort of thing is part of my usual spiel against automatic updates in most scenarios (and, when that's hard, pushing back on the reasons why it's hard rather than adding automatic updates):

- What security problems are we trying to prevent with automatic updates? The worst-case would be allowing an untrusted third-party to run arbitrary code on your computer.

- How did we fix it? We allow a different untrusted third-party to run arbitrary code on our computers.

Toss in a healthy dose of developers using "security updates" to enshittify a product, or even just screwing up releases from time to time and introducing more attack vectors than they fixed, and automatic updates don't look very attractive.