We discussed this on a Foundations internal call this afternoon, and several counterarguments came up:
- this is inconsistent with how other Ubuntu installers work today (e.g. ubiquity doesn't do this) - the point at which security updates can be installed is very late in the installation process, so installing updates before reboot is very likely to increase the time it takes to install a system - curtin already has to apt install the kernel, and should prefer the one from the security pocket if network updates are possible, so the 99% case for reboot-requiring security updates is already handled for subiquity installs without additional changes here - we don't have a clear idea of what's "expected" (do we want no updates? only security updates? all updates?) and we don't want to just punt the question to the user by making them answer this question as part of the install. I think one thing it is reasonable to do is start the background downloading of the security updates once the rootfs is configured ('systemctl start apt-daily.service'). Maybe we should also consider special-casing apt-daily-upgrade.service on first boot so that it runs immediately instead of waiting until 6am. But I think the justification for enforcing that security updates are applied specifically before first login is weak; if there were security bugs so grave that we are worried about the user launching an insecure browser (the example given), we should equally be worried about this insecure browser being shipped in the live images (both desktop and server). ** Changed in: subiquity (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1817049 Title: Subiquity should install security updates before first login To manage notifications about this bug go to: https://bugs.launchpad.net/subiquity/+bug/1817049/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs