On Thu, Feb 14, 2019 at 09:14:45PM +0900, Olaf Meeuwissen wrote: [cut]
> > It's pulled in through a recommends by python3-software-properties which > itself is depended on by libreoffice-kde by way of a dependency on the > software-properties-kde package. The libreoffice-kde package is > recommended by task-kde-desktop. > OK. noted, thanks. [cut] > > It's in my todo-list, but I would be grateful of you would be so kind > > to please open a bug on bugs.devuan.org, so we are sure we don't > > forget it. > > Against which package? > Against tasksel, please. > BTW, why again are we trying so hard to not pull in unattended-upgrades? > I think I lost track and considering my own Devuan (server) experiences, > which have been good, I'm not quite sure I still understand :-/ > Because this is something that users should be aware of, and clearly notified about. We are neither Microsoft nor Apple. Unattended upgrades should be used by people who know what they want out of it. If you know (as you do, in this case), you also know how to find, install, and configure it. If you don't know what this is about, and unattended-upgrades is installed, you start believing in ghosts :) > # It was my Debian server that needed a dbus cluebat ... ;-) > # And then only because I insist on self-inflicted "pain" by telling APT > # to not install recommended packages in the first place. > > Your average KDE/GNOME desktop user might actually appreciate their > security upgrades getting applied "behind their backs" or "without user > intervention", depending on your point of view. > Let's be honest: considering security an automatic process is just a myth, and a quite misleading one, IMHO :) There is no single size that fits all the possible uses of unattended-upgrades, and while some users might find it desirable, some others might find that the "smart" upgrade silently broke their setup, in a way or another. This was the case with several important upgrades of stuff like php or mysql/mariadb in the past (mainly due to local customisations, I admit, but still, a sysadmin is free to do what they want on the system they manage...). In general, in a server environment an admin wants to make sure that an upgrade actually does not stop the running services from doing their job as planned. Especially if there are customisations and/or other hacks put in place to hold things together. IMHO, the reasonable solution is to make sure that unattended-upgrades does not slip in a standard Devuan installation unnoticed, under any circumstance. If a user know about it and want it running, it's just an `apt-get install` away. My2Cents katolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
