Bug#479431: Should D-I upgrade packages during pkgsel?
reassign 479431 pkgsel
retitle 479431 pkgsel: Upgrade packages if (security) updates are available
On Sunday 04 May 2008, Thijs Kinkhorst wrote:
> * a default install with only "standard system" has two open ports:
> 111 (rpc) and 113 (identd), both of which I think should not be
> open on a default install. rpc/portmap does have a debconf question
> to ask to be bound to lo only, but this isn't asked and defaults to No.
This should be discussed with the maintainer(s) of the responsible packages
(if it needs changing at all). it's outside the scope of the D-I team.
> * after the install I had a number of packages already there to upgrade,
> including a new kernel from security. Especially the latter is a bit
> cumbersome, requiring another reboot before the system is ready to
> use. Can't the installer already at some point install the most up
> to date kernel from the archives, before the first reboot?
Not sure if this is really something the installer should do. It's somewhat
inherent in choosing a CD that contains packages IMO.
One issue might be that we could not limit it to security updates if the
user has also selected a mirror. An upgrade would include any package that
has a new version available. OTOH, if he did select a mirror, he probably
wants updates anyway.
If we do want to do this, I guess it would have to be a separate step in
pkgsel, preferably _before_ running tasksel. Maybe we should somehow check
if there are updates available and then run an
in-target aptitude --without-recommends safe-upgrade
possibly after prompting the user whether he wants to do the upgrade or not.
What do others think of this?
> * hardware-summary log file gives an error at the end (dmidecode command
> not found). Maybe related to this command being in /usr/sbin?
> Overall, everything runs very smoothly as I've come to expect from the
> Debian Installer, congratulations on a great job :-)
Thanks (and also for the report).