Lars Wirzenius wrote: >On Thu, Nov 03, 2016 at 06:47:28PM +0000, Steve McIntyre wrote: >> One of the topics that we've been talking about yesterday is automatic >> software upgrades of cloud images. Some of the cloud platform >> providers really want this so that unsophisticated / inexperienced >> users of Debian images on their platforms will be secure by >> default. But there are potential issues here: > >I am in favour of enabling automatic updates, particularly security >updates, on clould images by default. In fact, I wouldn't mind having >them on all types of installation by default. In my opinion, the >ecosystem-wide security benefits of having Debian systems keep up to >date with security updates by default overweigh any inconvenience of >having to tweak system configuration on hosts where the automatic >updates are problematic. > >If we do this, we should prominently note it in release notes and have >a (wiki) page that explains how to turn off the automatic updates.
Definitely. I think we've got general consenus here, and we should do the following: * work on fixing some of the highlighted bugs in unattended-upgrades * enable it for installation via d-i by default. At installation time, it should be enabled by default with a clear message to the user saying so and giving them the choice to disable if preferred. * document these changes, and give clear guidance for people on what to do about it if they want to disable u-u. Who's in for helping with this, please? -- Steve McIntyre, Cambridge, UK. st...@einval.com Armed with "Valor": "Centurion" represents quality of Discipline, Honor, Integrity and Loyalty. Now you don't have to be a Caesar to concord the digital world while feeling safe and proud.