[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#875858: pkgsel: Offer to install/manage unattended-upgrades


On Sun, 17 Dec 2017, Moritz Mühlenhoff wrote:
> unattended-upgrades are not an appropriate default. It's okay for a desktop
> system which gets powered down daily, so you can add it to tasksel lists for
> desktop roles, but not enable it by default for servers.

I think it's not really useful for GNOME since it already has the required
plumbing to install updates when you shut down.

> - It does not handle restarts. If you upgrade OpenSSL (or any library) with
> it, all your services will be left vulnerable until restarted. It will
> give people a warm fuzzy feeling, but not any actual security benefit.

Right, there are cases where a service restart is required. There are also
many cases where it's not at all required because the library is only used
by short-lived processes. And there are security updates of applications
too. In all those cases, there are security benefits.

> - We do need to make the occasional breaking change where people have to
> modify configuration settings or perform additional manual steps. With
> unattended-upgrades people don't have a chance to intervene. And if their
> setups break, we're the ones who get blamed.

If this is a real concern, we can maybe have some environment variable
indicating that the upgrade is automatic without any human watching it and
have the preinst fail?

Or we could have a way to tag such breaking upgrades and teach
unattended-upgrades to skip them? And the unattended upgrades would notify
the admin about the need to manually upgrade?

In any case, I'm not convinced that not installing updates and keeping a
running vulnerable service is better than breaking the service and letting
the admin fix it. If the admin is really concerned with the occasional
breakage then he will use another process and deinstall

> Why was this change made without contacting team@security.debian.org (as
> the ones who are affected the most)?

Because it was largely discussed on debian-devel already and I was not
aware that the security team had any reservation about this. I would
rather that we keep going and improve where needed instead of reverting
the change.

Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

Reply to: