Rich Kulawiec <rsk@gsp.org> wrote
a message of 10 lines which said:
Watch what you wish for: you might get it. The number of
attack/abuse vectors (and the severity of their consequences for
security and privacy) involved in doing auto-update may rival those
involved in not doing auto-update.
Also, there is the risk of getting updates that will disable some
features, if there is a change in the commercial strategy of the
vendor
<https://boingboing.net/2016/09/19/hp-detonates-its-timebomb-pri.html>.
All these risks are documented in RFC 8240, a highly recommended
reading.