Re: unattended-upgrades by default?
Lars Wirzenius wrote:
>On Thu, Nov 03, 2016 at 06:47:28PM +0000, Steve McIntyre wrote:
>> One of the topics that we've been talking about yesterday is automatic
>> software upgrades of cloud images. Some of the cloud platform
>> providers really want this so that unsophisticated / inexperienced
>> users of Debian images on their platforms will be secure by
>> default. But there are potential issues here:
>I am in favour of enabling automatic updates, particularly security
>updates, on clould images by default. In fact, I wouldn't mind having
>them on all types of installation by default. In my opinion, the
>ecosystem-wide security benefits of having Debian systems keep up to
>date with security updates by default overweigh any inconvenience of
>having to tweak system configuration on hosts where the automatic
>updates are problematic.
>If we do this, we should prominently note it in release notes and have
>a (wiki) page that explains how to turn off the automatic updates.
Definitely. I think we've got general consenus here, and we should do
* work on fixing some of the highlighted bugs in unattended-upgrades
* enable it for installation via d-i by default. At installation
time, it should be enabled by default with a clear message to the
user saying so and giving them the choice to disable if preferred.
* document these changes, and give clear guidance for people on what
to do about it if they want to disable u-u.
Who's in for helping with this, please?
Steve McIntyre, Cambridge, UK. firstname.lastname@example.org
Armed with "Valor": "Centurion" represents quality of Discipline,
Honor, Integrity and Loyalty. Now you don't have to be a Caesar to
concord the digital world while feeling safe and proud.