I think there is a very real lack of respect for what Debian Stable means. Lets for a moment briefly explore why someone would choose to run Debian Stable. FIrst of all Stable is notoriously out of date though at this moment in time Wheezy is still in its glory days where its barely out of date at all. The reason to run Debian Stable is because it doesn't change. It is a very predictable system and users of Debian Stable select it because while its generally out of date that can be good enough for 98% of things while the rest is maintained outside of the scope of Debian. Debian Stable is the tool you can grab and have a solid base. All changes to Stable impact this. > It'd be great to see Debian lead the way among distros of changing the > default expectation to "I get security updates automatically and > therefore don't have to spend time worrying about tracking and > applying security patches for my apps". This isn't necessarily a bad thing. The problem is that this kind of change does not belong in Stable. There is no easy solution here and its also not a cloud specific problem: all of Debian would benefit from an automatic update process. If all of Debian has an automatic update process the cloud one won't be a surprise. This is not a cloud specific issue and there should not be unpredictable behavior in Debian Stable. Please make changes to Stable the way every other individual does: by starting in experimental, having it validated in testing, and deploying at the next iteration of stable. Tyler On Apr 11, 2014, at 11:43 AM, Matt Alexander <matta@google.com> wrote: > It'd be great to see Debian lead the way among distros of changing the > default expectation to "I get security updates automatically and > therefore don't have to spend time worrying about tracking and > applying security patches for my apps". I don't see this as "trying > to think for our users", but more about making their OS easier to > manage and staying secure by default. > > > On Fri, Apr 11, 2014 at 10:30 AM, Tyler Riddle <triddle@socialflow.com> wrote: >> There has been a discussion regarding enabling the automatic updates of packages by default in the Google Compute Engine specific Debian Cloud image where no clear consensus has been formed. I have a number of concerns I would like to express: >> >> 1) This topic has been under a thread with the wrong title. It has evolved from the original purpose into a discussion about changing behavior of the default install of Debian. I've corrected this with a new thread correctly titled. >> >> 2) Debian is the universal operating system. Debian Stable doesn't change. The Debian cloud images have been anything but stable. What is being released as Debian/Wheezy cloud images is forming into a Debian derivative with a far faster release cycle than anyone who is familiar with Debian Stable would be expecting yet the labeling is still Debian. >> >> 3) The suggestions appear to be kludges to work around fundamental problems that root in #2 >> >> The amount of churn on the Debian Cloud project makes it feel like participating in the Testing version of Debian - you don't know what is going to happen and have to be ready to turn on a moments notice because of upstream changes. Thats exactly what Debian Stable is supposed to prevent. I would argue that all behavior changes to a stock install should be minimized so that a Debian Stable is as predictable as possible. Enabling automatic updates is mutually exclusive to this. >> >> This type of development cycle belongs on Testing. No one is going to complain when they have to pivot immediately to deal with a problem in testing (or if they do they don't have any standing). Delivering surprises onto Debian Stable is against the spirit. Performing development work on Debian Stable is against the spirit. The argument can be made that the cloud evolves too fast to be stable. I would argue that Debian Stable should be stable, allow the users of Debian Stable to blow their feet off, and do not blow off the feet of people who are expecting Debian Stable to behave like its label. >> >>> Maybe this should be discussed with the security team? >> >> Yes please do. I would encourage a large amount of discussion around this topic. I think a very valid question to include when asking the security team if this change should be applied is to ask to what degree Debian would like to change behavior to work around vendor specific issues. Not all cloud infrastructure is insecure by default and I don't really agree that Debian should be signing up for the pain of trying to bridge that gap in GCE. As well in the future if GCE implements the ability to control network egress policies (or if that feature exists now) automatic updates could very well break for users out of the box. Exactly how do you want to break things in the future? This is why trying to think for the users is not a good idea and why Debian Stable should remain stable. >> >> Tyler >> >> >> On Apr 11, 2014, at 9:29 AM, Mathieu Parent <math.parent@gmail.com> wrote: >> >>> 2014-04-11 15:47 GMT+02:00 Tyler Riddle <triddle@socialflow.com>: >>>> >>>>> >>>>> However, given that there is no consensus on this, I am wondering what's the best way to move forward on this. >>>>> >>>> >>>> Best case: don't enable automatic updates. Specifically don't have the images perform any action that the stock OS install media will not do. In fact the goal of the Debian Cloud project should be to write the bare minimum additional integration required to support operation on the cloud so that a Debian based OS is consistent and uniform. >>>> >>>> Please do not attempt to think for users. Please do not attempt to create a cloud OS. Please coordinate with the CD and DVD image release team to learn how to test and avoid the severe mistakes that have happened with the cloud releases. Please leave Debian alone. >>> >>> Maybe this should be discussed with the security team? Having the >>> Debian cloud images insecure by default is not very good. Cloud VMs >>> are very exposed and security updates should probably be opt-out >>> rather than opt-in. >>> >>> Regards >>> -- >>> Mathieu >>
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail