Ok, let’s talk production environment. Do power plants have autoupdate on? Does your local grocery store have autoupdate on the devices in the store?
No.
Do people consider their home router to be production environment? Well, some do, because they rely on high-bandwidth internet access to do their work etc.
So if you consider your Omnias to be a part of production environment, you HAVE TO turn autoupdate off and switch to manual update approvals. Autoupdate is not for production! The router sends you an email when it has an update available, you find some time that is suitable for the production environment, when you can sit peacefully, let the update run and check all functionality you need. When the update breaks something, you have to either try to find a fix, or rollback and report the issue.
If you manage remote routers which are hard to access (e.g. 100s km far), there is schnapps savepoint and schnapps commit which allow you to do even risky updates with relative peace of mind.
You could file a bug against the previous version, stating that your misconfiguration wasn’t detected and TOS was carrying on despite having a misconfiguration.
But since that is now already fixed in the current version, I wouldn’t bother, iptables are no longer in use and we all have better things to do with our time.
Well, mine Omnia was updated about a week later as the first Omnias. and there were complains on this forum about DHCP and no internet access.
Someone with production thinking and smart enough, would stop updates until these, lets say not trivial bugs, are fixed before there are more affected devices. But what can I know about it…
In the past I used to set my Indiegogo Omnia even to HBL branch to test various things, but as the life goes on and children appear, there is no time for such playing with things as before. So in HBS, there should be everything OK as Omnia is not cheap piece of hardware and people expect problem-free operation for that price.
And maybe, Omnia is not “production device”, but we know that CZNIC is/was planning to develop and sell Omnia Enterprise. With such approach they don´t have to bother with that.
Don´t get me wrong, despite this all, I like Omnia and would by its successor when it will be ready. But HBS has to be rolled out only when it is really STABLE = all potential complains have to be fixed in HBT.
There is an additional point to mention regarding Autoupdate is not for production.
The turris team have said before that they do not support skipping updates.
When you disable auto-update to
find some time that is suitable for the production environment
and you have to rollback because a version doesn’t work for you, it directly means you will skip that version. It could also mean that you just miss out on a version because updates occasionally are rolled out more often than you may find the time for.
This caused my Omnia to break completely between major versions in the past because I missed one minor version which apparently contained important migration steps.
So in essence, reliable updates without auto-update can only be done through Medkits, i.e. complete reflashing and complete reconfiguration.
(Personally—for a typical home environment—I resorted to fixing the occasional breakage from auto-updates instead of going through that medkit effort.)