[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

unattended-upgrades by default?

Hey folks,

I'm in Seattle for the Debian Cloud sprint and it's going really
well. I'll post a report in a few days summarising what we've
done. But, in the meantime, there's something that has come up which I
think merits wider discussion.

One of the topics that we've been talking about yesterday is automatic
software upgrades of cloud images. Some of the cloud platform
providers really want this so that unsophisticated / inexperienced
users of Debian images on their platforms will be secure by
default. But there are potential issues here:

 * if users are providing a service like a database from a cloud
   instance, there may be unexpected (potentially lengthy) downtime if
   upgrades happen. Of course, this can be mitigated by disabling the
   upgrade job on those machines if desired but that needs people to
   know to do this. Experienced users will probably be dealing with
   upgrades already, so this should not be an issue.

 * it will be a different experience compared to what people will get
   when installing Debian normally, using d-i / debootstrap. Most
   (all?) of our desktop environments already have some automatic
   notification of available updates, but (a) not everybody uses them;
   and (b) that's not so useful on a remote server installation where
   there's no desktop for the system to show a pop-up or similar.

To solve the issue and provide security updates by default, I'm
proposing that we should switch to installing unattended-upgrades by
default (and enabling it too) *unless* something else in the
installation is already expected to deal with security updates.


Steve McIntyre, Cambridge, UK.                                steve@einval.com
"I suspect most samba developers are already technically insane... Of
 course, since many of them are Australians, you can't tell." -- Linus Torvalds

Reply to: