Hey folks, I'm in Seattle for the Debian Cloud sprint and it's going really well. I'll post a report in a few days summarising what we've done. But, in the meantime, there's something that has come up which I think merits wider discussion.
One of the topics that we've been talking about yesterday is automatic software upgrades of cloud images. Some of the cloud platform providers really want this so that unsophisticated / inexperienced users of Debian images on their platforms will be secure by default. But there are potential issues here: * if users are providing a service like a database from a cloud instance, there may be unexpected (potentially lengthy) downtime if upgrades happen. Of course, this can be mitigated by disabling the upgrade job on those machines if desired but that needs people to know to do this. Experienced users will probably be dealing with upgrades already, so this should not be an issue. * it will be a different experience compared to what people will get when installing Debian normally, using d-i / debootstrap. Most (all?) of our desktop environments already have some automatic notification of available updates, but (a) not everybody uses them; and (b) that's not so useful on a remote server installation where there's no desktop for the system to show a pop-up or similar. To solve the issue and provide security updates by default, I'm proposing that we should switch to installing unattended-upgrades by default (and enabling it too) *unless* something else in the installation is already expected to deal with security updates. Thoughts? -- Steve McIntyre, Cambridge, UK. st...@einval.com "I suspect most samba developers are already technically insane... Of course, since many of them are Australians, you can't tell." -- Linus Torvalds
