Bug#778873: apt: make /etc/cron.daily/apt (and it's options) runnable more than daily
Package: apt
Version: 1.0.9.6
Severity: wishlist
Tags: security
/etc/cron.daily/apt and it's related options provide some very nice
means to keep one's archive up to date (e.g. doing regular apt-get
updates) which in turn is particularly handy for either just monitoring
(via Icinga or friends) whether package updates are available or
unattended updating.
However, unfortunately the script runs at most daily and also it's
related options are with the time unit "days".
Given recent things like GHOST, heardbleed, shell shock and so on, where
upgrade (thanks to our security team!) were often avialable within just
hours after publications (but exploits as well) it seems more and more
crucial that package management lifecycle (i.e. update times) get
shorter and shorter.
Having to wait a full day, just to see that new security packages are
there, when these might have gotten pushed to the servers by the
security team just minutes after the last run of /etc/cron.daily/apt is
IMHO simply too long.
So my wish would be that this goes at least to hourly or even better
cron.d/ so that people can chose whatever they want.
Now apparently it's more than just moving cron script. ;)
One solution wrt to the current definition of the options (which should
of course remain backwards compatible with respect to the "day" unit)
would be that each option get's an corresponding unit-option which
defaults to "1 day"
so e.g. for APT::Archives::MaxAge
there would be a corresponding
APT::Archives::MaxAge::Unit, which defaults to say 86400s and
internally the script works with 1s resolution.
Cheers,
Chris.
Reply to: