Re: unattended-upgrades by default

upgrades package? That's the kind of thing I was thinking of, yes. I'm proposing unattended-upgrades as a default only for systems that don't already have their own mechanism for upgrades... -- Steve McIntyre, Cambridge, UK.st...@einval.com < sladen> I actuall

Re: unattended-upgrades by default

Lars Wirzenius wrote: > >Distro development is difficult, let's go shopping. > >Sarcasm aside, here's a summary of the situation, as I understand it. >tldr: let's not despair, we have a mostly technical problem that's >simpler to solve than choosing a default editor, we can handle this. > >We'd

Re: unattended-upgrades by default

On Sat, Jan 07, 2017 at 12:04:54PM +0100, Santiago Vila wrote: > Now we can't be the Universal OS, no matter what we do :-) Distro development is difficult, let's go shopping. Sarcasm aside, here's a summary of the situation, as I understand it. tldr: let's not despair, we have a mostly

Re: unattended-upgrades by default

On Fri, Jan 06, 2017 at 02:29:12PM -0800, Nikolaus Rath wrote: > On Jan 06 2017, Santiago Vila wrote: > > If we want to be the Universal OS, we can't assume that any time > > (not chosen by the user) is ok to do an upgrade. > > If we want to be the Universal OS, we can't assume

Re: unattended-upgrades by default

On Fri, Jan 06, 2017 at 02:13:58PM +0100, Julian Andres Klode wrote: > Two months ago, Steve wrote: > > * enable it for installation via d-i by default. At installation > [it being unattended-upgrades] > What's the status of this? I do not like this idea, it interacts > poorly with desktops which

Re: unattended-upgrades by default

top that is installed that installs upgrades on shutdown and suggests upgrades when available. Cloud users should get unattended-upgrades by default. etc -- bye, pabs https://wiki.debian.org/PaulWise

Re: unattended-upgrades by default

On Jan 06 2017, Santiago Vila wrote: > If we want to be the Universal OS, we can't assume that any time > (not chosen by the user) is ok to do an upgrade. If we want to be the Universal OS, we can't assume that users will explicitly trigger an install of security upgrades

Re: unattended-upgrades by default

On Fri, Jan 06, 2017 at 02:13:58PM +0100, Julian Andres Klode wrote: > Two months ago, Steve wrote: > > * enable it for installation via d-i by default. At installation > [it being unattended-upgrades] > > What's the status of this? I do not like this idea, it interacts > poorly with desktops

Re: unattended-upgrades by default

Two months ago, Steve wrote: > * enable it for installation via d-i by default. At installation [it being unattended-upgrades] What's the status of this? I do not like this idea, it interacts poorly with desktops which handle upgrades via PackageKit (which is the default) and since there are

Re: unattended-upgrades by default?

On Wed, 2016-12-28 at 04:13 +, Scott Kitterman wrote: > > On December 27, 2016 11:10:55 PM EST, Adam Borowski > wrote: > > On Wed, Dec 28, 2016 at 04:04:21AM +, Scott Kitterman wrote: > > > > FTR, it's #739636. > > > > > > > > > > Postfix has no way to know it's

Re: unattended-upgrades by default?

Op 26-12-16 om 23:44 schreef Paul Wise: > On Tue, Dec 27, 2016 at 12:35 AM, Paul van der Vlis wrote: > >> I use a script on a few servers to realize this, it's not perfect: >> http://vandervlis.nl/files/updateafter > > It might be interesting to contribute this to unattended-upgrades. I use the

Re: unattended-upgrades by default?

On Wed, Dec 28, 2016 at 04:13:13AM +, Scott Kitterman wrote: > > > On December 27, 2016 11:10:55 PM EST, Adam Borowski > wrote: > >On Wed, Dec 28, 2016 at 04:04:21AM +, Scott Kitterman wrote: > >> >FTR, it's #739636. > >> > > >> Postfix has no way to know it's

Re: unattended-upgrades by default?

On December 27, 2016 11:10:55 PM EST, Adam Borowski wrote: >On Wed, Dec 28, 2016 at 04:04:21AM +, Scott Kitterman wrote: >> >FTR, it's #739636. >> > >> Postfix has no way to know it's temporary, so I think a temporary >error >> would be wrong. > >It's easy to tell apart

Re: unattended-upgrades by default?

On Wed, Dec 28, 2016 at 04:04:21AM +, Scott Kitterman wrote: > >FTR, it's #739636. > > > Postfix has no way to know it's temporary, so I think a temporary error > would be wrong. It's easy to tell apart "can't connect to SQL" from "query succeeded and returned 'no such user'". -- Autotools

Re: unattended-upgrades by default?

On December 27, 2016 1:26:24 PM EST, Samuel Thibault <sthiba...@debian.org> wrote: >Ian Jackson, on Sun 25 Dec 2016 23:45:37 +, wrote: >> Samuel Thibault writes ("Re: unattended-upgrades by default?"): >> > SZALAY Attila, on Sun 25 Dec 2016 20:54:26

Re: unattended-upgrades by default?

Ian Jackson, on Sun 25 Dec 2016 23:45:37 +, wrote: > Samuel Thibault writes ("Re: unattended-upgrades by default?"): > > SZALAY Attila, on Sun 25 Dec 2016 20:54:26 +0100, wrote: > > > If we replace postgresql with postfix, that is much more closer to the

Re: unattended-upgrades by default?

On Tue, Dec 27, 2016 at 12:35 AM, Paul van der Vlis wrote: > I use a script on a few servers to realize this, it's not perfect: > http://vandervlis.nl/files/updateafter It might be interesting to contribute this to unattended-upgrades. > I use "at" to reboot very early in the morning:

Re: unattended-upgrades by default?

Op 25-12-16 om 01:43 schreef Paul Wise: > On Sun, Dec 25, 2016 at 8:34 AM, Paul van der Vlis wrote: > >> I am doing this myself already on desktop systems so I have some >> experiences with it. > > Thanks for sharing your experience. > >> What I would really like is a mechanism where the user

Re: unattended-upgrades by default?

Op 25-12-16 om 06:36 schreef Samuel Thibault: > Paul van der Vlis, on Sun 25 Dec 2016 01:34:15 +0100, wrote: >> I would like it when >> desktop users could get a message that programms has to be restarted. >> Not sure this is important for servers too, I would think so. > > In a mail server we

Re: unattended-upgrades by default?

Samuel Thibault writes ("Re: unattended-upgrades by default?"): > SZALAY Attila, on Sun 25 Dec 2016 20:54:26 +0100, wrote: > > If we replace postgresql with postfix, that is much more closer to the > > standard. And I guess, that postgresql is just a "misspelling"

Re: unattended-upgrades by default?

SZALAY Attila, on Sun 25 Dec 2016 20:54:26 +0100, wrote: > Hi All, > > On Sun, 2016-12-25 at 08:18 +0100, Samuel Thibault wrote: > > Scott Kitterman, on Sun 25 Dec 2016 01:27:58 -0500, wrote: > > > On Sunday, December 25, 2016 06:36:52 AM Samuel Thibault wrote: > > > > Paul van der Vlis, on Sun

Re: unattended-upgrades by default?

Hi All, On Sun, 2016-12-25 at 08:18 +0100, Samuel Thibault wrote: > Scott Kitterman, on Sun 25 Dec 2016 01:27:58 -0500, wrote: > > On Sunday, December 25, 2016 06:36:52 AM Samuel Thibault wrote: > > > Paul van der Vlis, on Sun 25 Dec 2016 01:34:15 +0100, wrote: > > > > I would like it when > > >

Re: unattended-upgrades by default?

On 25.12.2016 08:18, Samuel Thibault wrote: > Yes, but that's a data point to have in mind: blindly upgrading software > is not always without consequences. Do we actually communicate a proper way of running services on a Debian machine, with services coming from Debian packages? If so, what is

Re: unattended-upgrades by default?

Scott Kitterman, on Sun 25 Dec 2016 01:27:58 -0500, wrote: > On Sunday, December 25, 2016 06:36:52 AM Samuel Thibault wrote: > > Paul van der Vlis, on Sun 25 Dec 2016 01:34:15 +0100, wrote: > > > I would like it when > > > desktop users could get a message that programms has to be restarted. > > >

Re: unattended-upgrades by default?

On Sunday, December 25, 2016 06:36:52 AM Samuel Thibault wrote: > Paul van der Vlis, on Sun 25 Dec 2016 01:34:15 +0100, wrote: > > I would like it when > > desktop users could get a message that programms has to be restarted. > > Not sure this is important for servers too, I would think so. > >

Re: unattended-upgrades by default?

Paul van der Vlis, on Sun 25 Dec 2016 01:34:15 +0100, wrote: > I would like it when > desktop users could get a message that programms has to be restarted. > Not sure this is important for servers too, I would think so. In a mail server we have, the mysql upgrades are problematic: while the sql

Re: unattended-upgrades by default?

On Sun, Dec 25, 2016 at 8:34 AM, Paul van der Vlis wrote: > I am doing this myself already on desktop systems so I have some > experiences with it. Thanks for sharing your experience. > What I would really like is a mechanism where the user can tune after > how many days the upgrade will occur.

Re: unattended-upgrades by default?

Op 03-11-16 om 19:47 schreef Steve McIntyre: > Thoughts? I am doing this myself allready on desktop systems so I have some experiences with it. What I would really like is a mechanism where the user can tune after how many days the upgrade will occur. Maybe a default could be after 2 days.

Re: unattended-upgrades by default?

On Wed, 2016-11-09 at 23:06 +0200, Adrian Bunk wrote: > Any "solution" for the reboot problem that assumes that there is a > user who regularly logs into the machine misses the problem. Any solution that is the same for every device is completely wrong. Cloud images should probably auto-reboot

Re: unattended-upgrades by default?

On Tue, Nov 08, 2016 at 11:16:53AM +0800, Paul Wise wrote: > On Tue, Nov 8, 2016 at 4:26 AM, Adam Borowski wrote: > > > Forced reboot on upgrade is damage. Let's learn from errors of others. > > needrestart has a mechanism (needrestart-session) to hook into user > sessions, perhaps that could

Re: unattended-upgrades by default?

On Tue, Nov 8, 2016 at 4:26 AM, Adam Borowski wrote: > Forced reboot on upgrade is damage. Let's learn from errors of others. needrestart has a mechanism (needrestart-session) to hook into user sessions, perhaps that could be extended to request users reboot for security updates. -- bye, pabs

Re: unattended-upgrades by default?

Steve McIntyre schrieb: > Definitely. I think we've got general consenus here, and we should do > the following: > > * work on fixing some of the highlighted bugs in unattended-upgrades > > * enable it for installation via d-i by default. At installation >time, it should

Re: unattended-upgrades by default?

On 11/04/2016 12:33 AM, Martin Zobel-Helas wrote: > One side mark: once we start that, we might expose users to the public > that they run this, as then a lot of users will send a similar sized > packets to the internet! But i see no real security concern with that. where is the difference

Re: unattended-upgrades by default?

On Fri, Nov 04, 2016 at 10:51:15PM +0200, Adrian Bunk wrote: > On Thu, Nov 03, 2016 at 06:47:28PM +, Steve McIntyre wrote: > >... > > * it will be a different experience compared to what people will get > >when installing Debian normally, using d-i / debootstrap. Most > >(all?) of our

Re: unattended-upgrades by default?

On Mon, 07 Nov 2016 16:15:34 +0100, Michael Biebl wrote: > Am 07.11.2016 um 15:55 schrieb Felipe Sateler: >> On Mon, 07 Nov 2016 15:07:50 +0100, Michael Biebl wrote: >> >> >>> See >>> https://blogs.gnome.org/lkundrak/2015/08/27/networkmanager-1-0-6- brings- >> metered-connections-api-and-more/

Re: unattended-upgrades by default?

Lars Wirzenius wrote: >On Thu, Nov 03, 2016 at 06:47:28PM +, Steve McIntyre wrote: >> One of the topics that we've been talking about yesterday is automatic >> software upgrades of cloud images. Some of the cloud platform >> providers really want this so that unsophisticated / inexperienced >>

Re: unattended-upgrades by default?

Michael Biebl wrote: > >NetworkManager (since 1.0.6) exposes the information whether a >connection is metered. > >See >https://blogs.gnome.org/lkundrak/2015/08/27/networkmanager-1-0-6-brings-metered-connections-api-and-more/ > >This can be set explicitly by the user, e.g. for a WiFi connection. >

Re: unattended-upgrades by default?

Am 07.11.2016 um 15:55 schrieb Felipe Sateler: > On Mon, 07 Nov 2016 15:07:50 +0100, Michael Biebl wrote: > >> See >> https://blogs.gnome.org/lkundrak/2015/08/27/networkmanager-1-0-6-brings- > metered-connections-api-and-more/ >> >> This can be set explicitly by the user, e.g. for a WiFi

Re: unattended-upgrades by default?

at we should switch to installing unattended-upgrades by >>> default (and enabling it too) *unless* something else in the >>> installation is already expected to deal with security updates. >>> >>> Thoughts? >> >> Is there a way to mark netwo

Re: unattended-upgrades by default?

Am 07.11.2016 um 14:48 schrieb Felipe Sateler: > On Thu, 03 Nov 2016 18:47:28 +, Steve McIntyre wrote: > >> To solve the issue and provide security updates by default, I'm >> proposing that we should switch to installing unattended-upgrades by >> default (and

Re: unattended-upgrades by default?

Quoting Felipe Sateler : Is there a way to mark network connections as "expensive", and thus u-a does nothing if only connected via that? It would be very annoying to have packages automatically downloaded when tethering my phone connection. Good point! Even Wifi might

Re: unattended-upgrades by default?

On Thu, 03 Nov 2016 18:47:28 +, Steve McIntyre wrote: > To solve the issue and provide security updates by default, I'm > proposing that we should switch to installing unattended-upgrades by > default (and enabling it too) *unless* something else in the > installation is alre

Re: unattended-upgrades by default?

On Fri, Nov 04, 2016 at 02:56:59PM +0100, Jonas Smedegaard wrote: > Quoting Guido Günther (2016-11-04 12:26:51) > > We should also enable needsrestart, whatmaps, checkrestart or similar > > to restart affected services after these upgrades otherwise the e.g. > > openssl update might go without

Re: unattended-upgrades by default?

On Sat, Nov 5, 2016 at 1:25 PM, Michael Vogt wrote: > Thanks for this reminder Paul! #828215 is fixed in git and will be > part of the next upload (which should happy early next week). Thanks! If you have time, a fix for jessie/wheezy would be appreciated too. -- bye, pabs

Re: unattended-upgrades by default?

On Thu, Nov 03, 2016 at 06:47:28PM +, Steve McIntyre wrote: > Hey folks, > > I'm in Seattle for the Debian Cloud sprint and it's going really > well. I'll post a report in a few days summarising what we've > done. But, in the meantime, there's something that has come up which I > think merits

Re: unattended-upgrades by default?

On Fri, Nov 04, 2016 at 02:36:27PM +0100, Alexandre Detiste wrote: > 2016-11-04 13:29 GMT+01:00 Roland Mas : > > Tangentially related: is there something similar for kernels? My > > monitoring setup currently compares the age of the most recent file in > > /boot with the

Re: unattended-upgrades by default?

On Fri, Nov 04, 2016 at 03:38:38PM +0800, Paul Wise wrote: > On Fri, Nov 4, 2016 at 2:47 AM, Steve McIntyre wrote: [..] > > To solve the issue and provide security updates by default, I'm > > proposing that we should switch to installing unattended-upgrades by > > default

Re: unattended-upgrades by default?

avoid the problem of sending notifications. But his solution cannot work properly without notifications. It is very valuable that Steve started the discussion, but his suggested solution might not be the best one. Is "unattended-upgrades by default" actually a "very good" soluti

Re: unattended-upgrades by default?

Rhonda D'Vine wrote: > * Steve McIntyre [2016-11-03 19:47:28 CET]: > > One of the topics that we've been talking about yesterday is automatic > > software upgrades of cloud images. Some of the cloud platform > > providers really want this so that unsophisticated / inexperienced

Re: unattended-upgrades by default?

On Fri, Nov 04, 2016 at 10:51:15PM +0200, Adrian Bunk wrote: > Should Debian also default to automatically reboot? > > If the answer is "no", then nothing is a solution that does not also > solve how to notify the user when a new security update of the kernel > was automatically installed on

Re: unattended-upgrades by default?

On Thu, Nov 03, 2016 at 06:47:28PM +, Steve McIntyre wrote: >... > * it will be a different experience compared to what people will get >when installing Debian normally, using d-i / debootstrap. Most >(all?) of our desktop environments already have some automatic >notification of

Re: unattended-upgrades by default?

On Fri, Nov 04, 2016 at 04:15:58PM +0100, Rhonda D'Vine wrote: > In theory I'm all for it, but there definitely should be some more fine > tuning for that. Please don't auto-restart varnish by needrestart, it > puts a lot of load on the backend which might be a very bad idea. And > the downtime

Re: unattended-upgrades by default?

On Fri, Nov 4, 2016 at 9:13 AM, Luca Capello wrote: > > I still think that a non-manual upgrade (i.e. an upgrade which has not > been checked by a manual process, which means that a scripted upgrade is > not part of it) should not be a default on any OS, but it seems I am the > only

Re: unattended-upgrades by default?

Hi! * Steve McIntyre [2016-11-03 19:47:28 CET]: > One of the topics that we've been talking about yesterday is automatic > software upgrades of cloud images. Some of the cloud platform > providers really want this so that unsophisticated / inexperienced > users of Debian

Re: unattended-upgrades by default?

Steve McIntyre <st...@einval.com> writes: > To solve the issue and provide security updates by default, I'm > proposing that we should switch to installing unattended-upgrades by > default (and enabling it too) *unless* something else in the > installation is already expected to

Re: unattended-upgrades by default?

On Fri, Nov 04, 2016 at 02:13:35PM +0100, Luca Capello wrote: > I still think that a non-manual upgrade (i.e. an upgrade which has not > been checked by a manual process, which means that a scripted upgrade is > not part of it) should not be a default on any OS, but it seems I am the > only one

Re: unattended-upgrades by default?

Quoting Guido Günther (2016-11-04 12:26:51) > We should also enable needsrestart, whatmaps, checkrestart or similar > to restart affected services after these upgrades otherwise the e.g. > openssl update might go without effect until openssh, bind, > get restarted manually or rebooted.

Re: unattended-upgrades by default?

2016-11-04 13:29 GMT+01:00 Roland Mas : > Tangentially related: is there something similar for kernels? My > monitoring setup currently compares the age of the most recent file in > /boot with the uptime, but I feel there must be something more proper > somewhere.

Re: unattended-upgrades by default?

Hi there!, On Fri, 04 Nov 2016 12:26:51 +0100, Guido Günther wrote: > On Thu, Nov 03, 2016 at 06:47:28PM +, Steve McIntyre wrote: > > To solve the issue and provide security updates by default, I'm > > proposing that we should switch to installing unattended-upgrades

Re: unattended-upgrades by default?

Roland Mas, on Fri 04 Nov 2016 13:29:02 +0100, wrote: > Guido Günther, 2016-11-04 12:26:51 +0100 : > > Please do. We should also enable needsrestart, whatmaps, checkrestart > > or similar to restart affected services after these upgrades otherwise > > the e.g. openssl update might go without

Re: unattended-upgrades by default?

Guido Günther, 2016-11-04 12:26:51 +0100 : [...] > Please do. We should also enable needsrestart, whatmaps, checkrestart > or similar to restart affected services after these upgrades otherwise > the e.g. openssl update might go without effect until openssh, bind, > get restarted manually or

Re: unattended-upgrades by default?

no desktop for the system to show a pop-up or similar. > > To solve the issue and provide security updates by default, I'm > proposing that we should switch to installing unattended-upgrades by > default (and enabling it too) *unless* something else in the > installation is already exp

Re: unattended-upgrades by default?

ault, I'm > proposing that we should switch to installing unattended-upgrades by > default (and enabling it too) *unless* something else in the > installation is already expected to deal with security updates. I think that would be acceptable once the fix for #828215 is uploaded. Until then, e

Re: unattended-upgrades by default?

no desktop for the system to show a pop-up or similar. > > To solve the issue and provide security updates by default, I'm > proposing that we should switch to installing unattended-upgrades by > default (and enabling it too) *unless* something else in the > installation is alrea

Re: unattended-upgrades by default?

On Thu, Nov 03, 2016 at 06:47:28PM +, Steve McIntyre wrote: > To solve the issue and provide security updates by default, I'm > proposing that we should switch to installing unattended-upgrades by > default (and enabling it too) Please do. I've been doing this for ages on all

Re: unattended-upgrades by default?

On Thu, 2016-11-03 at 18:47 +, Steve McIntyre wrote: > To solve the issue and provide security updates by default, I'm > proposing that we should switch to installing unattended-upgrades by > default (and enabling it too) *unless* something else in the > installation is alre

Re: unattended-upgrades by default?

On Thu, Nov 03, 2016 at 06:47:28PM +, Steve McIntyre wrote: > One of the topics that we've been talking about yesterday is automatic > software upgrades of cloud images. Some of the cloud platform > providers really want this so that unsophisticated / inexperienced > users of Debian images on

Re: unattended-upgrades by default?

2016-11-03 19:47 GMT+01:00 Steve McIntyre <st...@einval.com>: > Hey folks, Hello, [...] > To solve the issue and provide security updates by default, I'm > proposing that we should switch to installing unattended-upgrades by > default (and enabling it too) *unle

unattended-upgrades by default?

, but (a) not everybody uses them; and (b) that's not so useful on a remote server installation where there's no desktop for the system to show a pop-up or similar. To solve the issue and provide security updates by default, I'm proposing that we should switch to installing unattended-upgrades by default