Hi there!, On Fri, 04 Nov 2016 12:26:51 +0100, Guido Günther wrote: > On Thu, Nov 03, 2016 at 06:47:28PM +0000, Steve McIntyre wrote: > > To solve the issue and provide security updates by default, I'm > > proposing that we should switch to installing unattended-upgrades by > > default (and enabling it too) *unless* something else in the > > installation is already expected to deal with security updates. > > Please do.
I still think that a non-manual upgrade (i.e. an upgrade which has not been checked by a manual process, which means that a scripted upgrade is not part of it) should not be a default on any OS, but it seems I am the only one thinking like this... > We should also enable needsrestart, whatmaps, checkrestart or > similar to restart affected services after these upgrades otherwise the > e.g. openssl update might go without effect until openssh, bind, > <younameit> get restarted manually or rebooted. Should not we recycle how the debpkg:libc6 handles affected-debpkgs or, better, should not we unify libc6 behavior with the tools Guido suggested? Thx, bye, Gismo / Luca
signature.asc
Description: Digital signature
