On 2015-06-20, Johannes Weißl wrote: > On Wed, Jun 17, 2015 at 06:44AM -0700, Vagrant Cascadian wrote: >> Obviously individual users can manually upgrade unattended-upgrades >> manually via proposed-updates, but that leaves all the users expecting >> unattended-upgrades to be installing upgrades unattended without >> security updates. >> >> It may make sense to get unattended-upgrades updated through security >> updates, rather than waiting until a point release to propegate this >> fix... > > This does not work: The buggy version of unattended-unattended won't > upgrade itself, even if the package comes through security updates.
New installs will still end up with a broken unattended-upgrades. Machines where unattended-upgrades hasn't been upgraded (e.g. due to conffile prompts) will have an easier time of upgrading to a working version... jessie-proposed-updates seems a bit of a cumbersome way to get a working package. Given that the default configuration of unattended-upgrades is to install security updates, it seems like a security issue to have a non-working configuration installed by default... Maybe others don't agree. Thanks! live well, vagrant
signature.asc
Description: PGP signature
