unattended-upgrades by default?
I'm in Seattle for the Debian Cloud sprint and it's going really
well. I'll post a report in a few days summarising what we've
done. But, in the meantime, there's something that has come up which I
think merits wider discussion.
One of the topics that we've been talking about yesterday is automatic
software upgrades of cloud images. Some of the cloud platform
providers really want this so that unsophisticated / inexperienced
users of Debian images on their platforms will be secure by
default. But there are potential issues here:
* if users are providing a service like a database from a cloud
instance, there may be unexpected (potentially lengthy) downtime if
upgrades happen. Of course, this can be mitigated by disabling the
upgrade job on those machines if desired but that needs people to
know to do this. Experienced users will probably be dealing with
upgrades already, so this should not be an issue.
* it will be a different experience compared to what people will get
when installing Debian normally, using d-i / debootstrap. Most
(all?) of our desktop environments already have some automatic
notification of available updates, but (a) not everybody uses them;
and (b) that's not so useful on a remote server installation where
there's no desktop for the system to show a pop-up or similar.
To solve the issue and provide security updates by default, I'm
proposing that we should switch to installing unattended-upgrades by
default (and enabling it too) *unless* something else in the
installation is already expected to deal with security updates.
Steve McIntyre, Cambridge, UK. firstname.lastname@example.org
"I suspect most samba developers are already technically insane... Of
course, since many of them are Australians, you can't tell." -- Linus Torvalds