[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: system upgrade by systemd

On 1 September 2015 at 03:43, Marco d'Itri <md@linux.it> wrote:
> On Aug 31, Dimitri John Ledkov <xnox@debian.org> wrote:
>> Ideally the update generators, targets and units should be split into
>> a separate package and not installed by default. Since those are
>> really unexpected on Debian.
> No, because the system update infrastructure stays idle until some other
> package tells it to do something and does not express policies by
> itself.
> If you do not like the policy being discussed here then you should work
> with the maintainer of the package that requests such updates.

huh?! inert things still contribute to the attack service.

And it is policy, as multiple update generators are not supported, and
are racy. And in Debian, we have multiple things that can do updates
(and in future provide implementations for the system updates).

furthermore, systemd-system-update-ggenerator is using early generator
location, thus all configuration in /etc and /usr is ignored, and one
cannot short-circuit system-update.target (to a specific
implementation, or a no-op target, or like normally default

Given above a mere presence of systemd-system-update-generator, when
inert, does apply policy on each boot. Not to mention delaying each
boot, whilst executing itself. And no upstream mechanisms are provided
to disable particular generators.

Thus for people who don't want to have their boot high-jacked into
force uninstalling packages, do dpkg diver away:




Reply to: