:: Re: [DNG] unatternded upgrades by d…
Top Page
Delete this message
Reply to this message
Author: KatolaZ
Date:  
To: dng
Subject: Re: [DNG] unatternded upgrades by default in Debian
On Thu, Feb 14, 2019 at 09:14:45PM +0900, Olaf Meeuwissen wrote:

[cut]

>
> It's pulled in through a recommends by python3-software-properties which
> itself is depended on by libreoffice-kde by way of a dependency on the
> software-properties-kde package. The libreoffice-kde package is
> recommended by task-kde-desktop.
>


OK. noted, thanks.

[cut]

> > It's in my todo-list, but I would be grateful of you would be so kind
> > to please open a bug on bugs.devuan.org, so we are sure we don't
> > forget it.
>
> Against which package?
>


Against tasksel, please.

> BTW, why again are we trying so hard to not pull in unattended-upgrades?
> I think I lost track and considering my own Devuan (server) experiences,
> which have been good, I'm not quite sure I still understand :-/
>


Because this is something that users should be aware of, and clearly
notified about. We are neither Microsoft nor Apple.

Unattended upgrades should be used by people who know what they want
out of it. If you know (as you do, in this case), you also know how to
find, install, and configure it. If you don't know what this is about,
and unattended-upgrades is installed, you start believing in ghosts :)


> # It was my Debian server that needed a dbus cluebat ... ;-)
> # And then only because I insist on self-inflicted "pain" by telling APT
> # to not install recommended packages in the first place.
>
> Your average KDE/GNOME desktop user might actually appreciate their
> security upgrades getting applied "behind their backs" or "without user
> intervention", depending on your point of view.
>


Let's be honest: considering security an automatic process is just a
myth, and a quite misleading one, IMHO :)

There is no single size that fits all the possible uses of
unattended-upgrades, and while some users might find it desirable,
some others might find that the "smart" upgrade silently broke their
setup, in a way or another. This was the case with several important
upgrades of stuff like php or mysql/mariadb in the past (mainly due to
local customisations, I admit, but still, a sysadmin is free to do
what they want on the system they manage...).

In general, in a server environment an admin wants to make sure that
an upgrade actually does not stop the running services from doing
their job as planned. Especially if there are customisations and/or
other hacks put in place to hold things together.

IMHO, the reasonable solution is to make sure that unattended-upgrades
does not slip in a standard Devuan installation unnoticed, under any
circumstance. If a user know about it and want it running, it's just
an `apt-get install` away.

My2Cents

katolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab  ]  
[     "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[       @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[     @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]