Re: unattended-upgrades by default

To: debian-devel@lists.debian.org
Cc:
Subject: Re: unattended-upgrades by default
From: Steve McIntyre <steve@einval.com>
Date: Mon, 09 Jan 2017 13:15:32 +0000
Message-id: <[🔎] E1cQZnQ-0000yW-IX@mail.einval.com>
In-reply-to: <[🔎] 20170107113621.ovkxmwwjergl7ct2@exolobe3>
References: <E1c3mE4-0003Vp-FI@mail.einval.com> <[🔎] 20170106140741.GA24828@debian.org> <[🔎] 20170106203323.2ark6tuux632qahb@nuc> <[🔎] 871swfbz5z.fsf@thinkpad.rath.org> <[🔎] 20170107110454.xfcxkxd623tyt2el@cantor.unex.es> <[🔎] 20170107110454.xfcxkxd623tyt2el@cantor.unex.es>

Lars Wirzenius wrote:
>
>Distro development is difficult, let's go shopping.
>
>Sarcasm aside, here's a summary of the situation, as I understand it.
>tldr: let's not despair, we have a mostly technical problem that's
>simpler to solve than choosing a default editor, we can handle this.
>
>We'd like most hosts running Debian to get security updates as soon as
>possible after the updates have been received. This would make Debian
>users more secure, and also the whole of the Internet. A simplistic
>approach (unattended-upgrades plus automatic rebooting) is not going
>to work. However, we can do less simplistic approaches, we just need
>to design and implement those.
>
>This is a big change, and it's way too late in the stretch cycle to
>make it now. However we do it, we'll want months of use on real hosts
>to find corner cases and special cases. It will have to wait for the
>next release of Debian. Thus we're not in any great hurry and can take
>the necessary time to do this right.
>
>So far we've identified at least cloud images as a case where
>automatic upgrades and related reboots are probably not particularly
>painful. Even for those there's going to be cases where they're
>unwanted. However, having the necessary software to do upgrades +
>reboots and enabling them would still be a good default. Add an easy
>and well-documented way to disable upgrades, and we should be good.
>
>Arguably the same approach should work on any system without a
>graphical desktop installed. On those, using the interactive features
>for notifying the user is probably good enough, with the exception of
>hosts where a desktop is installed but never used, and the server
>solution is enough for those.

Thanks Lars - that's an excellent summary of the situation. I was
hoping to have made some progress on unattended-upgrades already, but
$stuff... :-/

What we *will* try to do is enable it for cloud images for Stretch.

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
< sladen> I actually stayed in a hotel and arrived to find a post-it
          note stuck to the mini-bar saying "Paul: This fridge and
          fittings are the correct way around and do not need altering"

Reply to:

References:
- Re: unattended-upgrades by default
  - From: Julian Andres Klode <jak@debian.org>
- Re: unattended-upgrades by default
  - From: Santiago Vila <sanvila@unex.es>
- Re: unattended-upgrades by default
  - From: Nikolaus Rath <Nikolaus@rath.org>
- Re: unattended-upgrades by default
  - From: Santiago Vila <sanvila@unex.es>
- Re: unattended-upgrades by default
  - From: Lars Wirzenius <liw@liw.fi>

Prev by Date: Re: Feedback on 3.0 source format problems
Next by Date: Re: unattended-upgrades by default
Previous by thread: Re: unattended-upgrades by default
Next by thread: Re: unattended-upgrades by default
Index(es):
- Date
- Thread