[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: unattended-upgrades by default

On Sat, Jan 07, 2017 at 12:04:54PM +0100, Santiago Vila wrote:
> Now we can't be the Universal OS, no matter what we do :-)

Distro development is difficult, let's go shopping.

Sarcasm aside, here's a summary of the situation, as I understand it.
tldr: let's not despair, we have a mostly technical problem that's
simpler to solve than choosing a default editor, we can handle this.

We'd like most hosts running Debian to get security updates as soon as
possible after the updates have been received. This would make Debian
users more secure, and also the whole of the Internet. A simplistic
approach (unattended-upgrades plus automatic rebooting) is not going
to work. However, we can do less simplistic approaches, we just need
to design and implement those.

This is a big change, and it's way too late in the stretch cycle to
make it now. However we do it, we'll want months of use on real hosts
to find corner cases and special cases. It will have to wait for the
next release of Debian. Thus we're not in any great hurry and can take
the necessary time to do this right.

So far we've identified at least cloud images as a case where
automatic upgrades and related reboots are probably not particularly
painful. Even for those there's going to be cases where they're
unwanted. However, having the necessary software to do upgrades +
reboots and enabling them would still be a good default. Add an easy
and well-documented way to disable upgrades, and we should be good.

Arguably the same approach should work on any system without a
graphical desktop installed. On those, using the interactive features
for notifying the user is probably good enough, with the exception of
hosts where a desktop is installed but never used, and the server
solution is enough for those.

I want to build worthwhile things that might last. --joeyh

Attachment: signature.asc
Description: PGP signature

Reply to: