Bug#875858: pkgsel: Offer to install/manage unattended-upgrades

To: Moritz Mühlenhoff <jmm@inutil.org>
Cc: Raymond Burkholder <ray@oneunified.net>, Steve McIntyre <steve@einval.com>, Wouter Verhelst <wouter@debian.org>, 875858@bugs.debian.org, 'Holger Levsen' <holger@layer-acht.org>, team@security.debian.org
Subject: Bug#875858: pkgsel: Offer to install/manage unattended-upgrades
From: Raphael Hertzog <hertzog@debian.org>
Date: Thu, 4 Jan 2018 13:31:25 +0100
Message-id: <[🔎] 20180104123125.GE15207@home.ouaza.com>
Reply-to: Raphael Hertzog <hertzog@debian.org>, 875858@bugs.debian.org
In-reply-to: <[🔎] 20180102215115.GA7775@pisco.westfalen.local>
References: <20171210161312.rale5h2kg2nwljbl@layer-acht.org> <150546871303.4559.13969797016748677490.reportbug@x260-buxy.home.ouaza.com> <5ec001d371d3$06eb5300$14c1f900$@oneunified.net> <20171211154138.GD15516@grep.be> <20171211155103.ypdvhai7qe6ulw23@tack.einval.com> <b3c7302a-f674-39b4-0e0f-1db3feb90edd@oneunified.net> <20171212082350.GB21570@home.ouaza.com> <20171217142845.emwgy7blty4envu5@pisco.westfalen.local> <20171218111208.GA25481@home.ouaza.com> <[🔎] 20180102215115.GA7775@pisco.westfalen.local> <150546871303.4559.13969797016748677490.reportbug@x260-buxy.home.ouaza.com>

On Tue, 02 Jan 2018, Moritz Mühlenhoff wrote:
> Even more reason not to enable it if desktops are already catered for.

There's more than GNOME in Debian.

> > Right, there are cases where a service restart is required. There are also
> > many cases where it's not at all required because the library is only used
> > by short-lived processes. And there are security updates of applications
> > too. In all those cases, there are security benefits.
> 
> But it also provides a completely false sense of security as in "Debian takes
> care of this by default, no need to bother".

I think we can document the limitations of our current update procedure.

> > Or we could have a way to tag such breaking upgrades and teach
> > unattended-upgrades to skip them? And the unattended upgrades would notify
> > the admin about the need to manually upgrade?
> 
> Possibly, yes.

Can you file a wishlist bug suggesting this so that a more concrete
proposal can be hashed out with the unattended-upgrades maintainers ?

> > In any case, I'm not convinced that not installing updates and keeping a
> > running vulnerable service is better than breaking the service and letting
> > the admin fix it. If the admin is really concerned with the occasional
> > breakage then he will use another process and deinstall
> > unattended-upgrades.
> 
> unattended-upgrades is a crude hack at best, it's _not_ suitable for a default
> installation. There might be scenarios where it's fine to apply (e.g.
> in some test/staging environment or a desktop where breakage is acceptable and
> where people can install unattended-upgrades), but not for Debian installations
> per se.

Besides service reloading, and a way to skip breaking upgrades, what else
would be needed so that you don't call it a "crude hack"?

> It also totally changes the dynamics from "Debian releases updates and it's
> my responsibility to test and deploy them within the parameters of my setup"
> to "updates are installed by default and the inevitable random regression 
> broke our systems, it's Debian's fault".

I don't see the relationship. This is really a question of documentation
and of setting the expectations straight.

> Providing security support for the biggest distro on a volunteer basis
> is complex enough, no need for unattended-upgrades to interfere further.

We certainly don't want to make it more complex for you, we just want more
people to benefit from your work, all those that are not paying attention
at all on the cloud servers that they brought up and then forgot about
when they were doing what they were supposed to do.

> > Because it was largely discussed on debian-devel already and I was not
> > aware that the security team had any reservation about this. I would
> > rather that we keep going and improve where needed instead of reverting
> > the change.
> 
> Random mailing discussions are not a useful consensus building mechanism,
> most of us don't follow them on a timely basis. This primarily affects the
> Security Team and such changes need to be brought to the attention of
> team@security.debian.org

OK, putting team@security in copy now. I would like to hear the opinion of
other team members. Do you all agree with what Moritz said? Do you expect
more work for the security team just because we enable unattended-upgrades
by default? What kind of problems do you foresee?

At this point, if you all agree that this needs to be reverted, then you
will have to open a new bug report making your case. It would be even
better if you filed bugs against unattended-upgrades so that there is a
chance that the tool grows the missing features.

For the actual decision of reverting this default value, IMO we should
wait until later in the buster cycle, just to see if your concerns about
unattended-upgrades are fixed and to see how this works out in practice
(although the lack of security updates for testing makes it a bit
pointless as an experiment).

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

Reply to:

References:
- Bug#875858: pkgsel: Offer to install/manage unattended-upgrades
  - From: Moritz Mühlenhoff <jmm@inutil.org>

Prev by Date: Re: [i18n-sme] debian-installer: call to update translations - Northern Sami --- looking for new translators -- NOW WEBLATE ONLINE
Next by Date: Re: debian-installer: call to update translations - Malayalam -- NOW WEBLATE ONLINE
Previous by thread: Bug#875858: pkgsel: Offer to install/manage unattended-upgrades
Next by thread: Bug#885712: marked as done (libdebian-installer should not use -Werror)
Index(es):
- Date
- Thread