[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: unattended-upgrades by default?

Lars Wirzenius wrote:
>On Thu, Nov 03, 2016 at 06:47:28PM +0000, Steve McIntyre wrote:
>> One of the topics that we've been talking about yesterday is automatic
>> software upgrades of cloud images. Some of the cloud platform
>> providers really want this so that unsophisticated / inexperienced
>> users of Debian images on their platforms will be secure by
>> default. But there are potential issues here:
>I am in favour of enabling automatic updates, particularly security
>updates, on clould images by default. In fact, I wouldn't mind having
>them on all types of installation by default. In my opinion, the
>ecosystem-wide security benefits of having Debian systems keep up to
>date with security updates by default overweigh any inconvenience of
>having to tweak system configuration on hosts where the automatic
>updates are problematic.
>If we do this, we should prominently note it in release notes and have
>a (wiki) page that explains how to turn off the automatic updates.

Definitely. I think we've got general consenus here, and we should do
the following:

 * work on fixing some of the highlighted bugs in unattended-upgrades

 * enable it for installation via d-i by default. At installation
   time, it should be enabled by default with a clear message to the
   user saying so and giving them the choice to disable if preferred.

 * document these changes, and give clear guidance for people on what
   to do about it if they want to disable u-u.

Who's in for helping with this, please?

Steve McIntyre, Cambridge, UK.                                steve@einval.com
  Armed with "Valor": "Centurion" represents quality of Discipline,
  Honor, Integrity and Loyalty. Now you don't have to be a Caesar to
  concord the digital world while feeling safe and proud.

Reply to: