> Read up on help.ubuntu.com about Ubuntu archive we have a few sections > & a few repositories. I'm talking about distro repository e.g. > karmic-security. Whatever enters that by default is picked up by > unattended-upgrades.
I'll try to read a bit more how this stuff works. I find it difficult because it is all over the place, and not always up to date e.g. manpages. > It's not all software which has security bugs =) we don't know that. > It's all packages which have been updated and are deemed important / > high-risk security vulnerabilities by Ubuntu security team, e.g. CVE > fixes. Yeah, but these would include e.g. Firefox XUL files? > Yes but -upgrades and -security do not allow API/ABI changes / so-name > bumps. So we are safe here for majority of programming languages. Read > up about sonames. Just google. Okay I will, I thought this was handled different in Ubuntu. > No. Theoretically someone can get access to your system and whipe your > whole hardrive or get you into denial of service. It is more important > to prevent you from becoming a spam sending slave then to prevent > programs from crashing. Also dpkg writes files atomically so in the > file system for a given package you either have old files & new files > or pending / unavailable (e.g. python). And there are no soname > changes in these upgrades. So there has been a lot of work done to > make it as harmless as possible. Except for the program and libraries in memory. > Crashing programs is not a problem. Loosing user data is, like for > example the email you have been typing in the browser for an hour is > important that why programs are not shudown. Just because firefox > looks weird it doesn't prevent you to save the email into draft before > restarting firefox. How can you ever be sure of this? For example in the case of firefox it would change the XUL/Javascript files. As i said, i noticed the interface would get messed up, but it could get messed up in a way your data couldn't be send anymore. > Potentially anything can happen =) but because of dpkg & sonames & > ldconfig and massive testing of security fixes & them actually being > really small crashing is hightly unlickly. > > If firefox did crash on upgrade instead of "firefox needs restarting" > you will get "firefox has just crashed" and apport will kick in to > start collecting backtraces to send a bug report to launchpad ;-) I think this is a really bad policy. Most (All?) programs don't expect their resources to be changed while they are running. Knowingly bringing programs in an unknown state seems like a reallly really bad idea to me. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss