[Bug 1817049] Re: Subiquity should install security updates before first login

Tue, 09 Apr 2019 17:46:19 -0700 

We discussed this on a Foundations internal call this afternoon, and
several counterarguments came up:

 - this is inconsistent with how other Ubuntu installers work today (e.g. 
ubiquity doesn't do this)
 - the point at which security updates can be installed is very late in the 
installation process, so installing updates before reboot is very likely to 
increase the time it takes to install a system
 - curtin already has to apt install the kernel, and should prefer the one from 
the security pocket if network updates are possible, so the 99% case for 
reboot-requiring security updates is already handled for subiquity installs 
without additional changes here
 - we don't have a clear idea of what's "expected" (do we want no updates? only 
security updates? all updates?) and we don't want to just punt the question to 
the user by making them answer this question as part of the install.

I think one thing it is reasonable to do is start the background
downloading of the security updates once the rootfs is configured
('systemctl start apt-daily.service').  Maybe we should also consider
special-casing apt-daily-upgrade.service on first boot so that it runs
immediately instead of waiting until 6am.  But I think the justification
for enforcing that security updates are applied specifically before
first login is weak; if there were security bugs so grave that we are
worried about the user launching an insecure browser (the example
given), we should equally be worried about this insecure browser being
shipped in the live images (both desktop and server).

** Changed in: subiquity (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1817049

Title:
  Subiquity should install security updates before first login

To manage notifications about this bug go to:
https://bugs.launchpad.net/subiquity/+bug/1817049/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to