Re: unattended-upgrades by default?
On Thu, Nov 03, 2016 at 06:47:28PM +0000, Steve McIntyre wrote:
> Hey folks,
>
> I'm in Seattle for the Debian Cloud sprint and it's going really
> well. I'll post a report in a few days summarising what we've
> done. But, in the meantime, there's something that has come up which I
> think merits wider discussion.
>
> One of the topics that we've been talking about yesterday is automatic
> software upgrades of cloud images. Some of the cloud platform
> providers really want this so that unsophisticated / inexperienced
> users of Debian images on their platforms will be secure by
> default. But there are potential issues here:
>
> * if users are providing a service like a database from a cloud
> instance, there may be unexpected (potentially lengthy) downtime if
> upgrades happen. Of course, this can be mitigated by disabling the
> upgrade job on those machines if desired but that needs people to
> know to do this. Experienced users will probably be dealing with
> upgrades already, so this should not be an issue.
>
> * it will be a different experience compared to what people will get
> when installing Debian normally, using d-i / debootstrap. Most
> (all?) of our desktop environments already have some automatic
> notification of available updates, but (a) not everybody uses them;
> and (b) that's not so useful on a remote server installation where
> there's no desktop for the system to show a pop-up or similar.
>
> To solve the issue and provide security updates by default, I'm
> proposing that we should switch to installing unattended-upgrades by
> default (and enabling it too) *unless* something else in the
> installation is already expected to deal with security updates.
Please do. We should also enable needsrestart, whatmaps, checkrestart or
similar to restart affected services after these upgrades otherwise the
e.g. openssl update might go without effect until openssh, bind,
<younameit> get restarted manually or rebooted.
Cheers,
-- Guido
Reply to: