I was going to say this yesterday... In response to the issue of unexpected service restarts after a patch is installed - like the mysql example - why not simply *NOT* restart any service after the patch is installed?
There are numerous ways to deliver a message - such as "Application of $PATCH on $HOST requires service restarts, please restart them A.S.A.P." - to an administrator and/or contact, no limitations there, send an SMS... It is much less than 140-160 characters SMS is limited to. Thats how i do it. Any reboot, cronjob, logrotate config, *or anything else the administrator put in place* may restart the service on its own, at which time the patch is then applied. At least provide a mechanism for this to be controlled. Perhaps something in /etc/apt/apt.conf.d. Debian is Free as in Freedom, right? I think we should be free to enable such a configuration, does this not apply? Regards, Matthew On Thu, 2014-04-10 at 12:23 -0700, Jose R R wrote: > On Thu, Apr 10, 2014 at 11:24 AM, Himanshu Vasishth > <[email protected]> wrote: > > > > I agree that there are scenarios where automatic updates are not the right > > thing. I also understand that Debian users may already be familiar with the > > fact that Debian doesn't have automatic updates turned on. > > > > However, I don't think it is fair to assume that users of Debian on GCE > > fall in the category > > That is highly speculative... > > > of folks who are already familiar with Debia and thus expect things to work > > a specific way. For starters, the quick- > start guide on GCE uses Debian > > image. Also, the first two images in the UI dropdown that lets users select > > > images are Debian images. As a result it is likely that a > > significant number of users are not familiar with Debian. > > > > There is no README for GCE images, so this is not something we can document > > there. As I said, I agree that automatic updates may not be the right thing > > for all users. > > > > The question I have is, if we turn on automatic security updates and add a > > warning in motd clearly pointing out that automatic security updates are > > turned on and that it may cause long running instances to restart at > > arbitrary times, would that be sufficient information for users who are > > running long running tasks to turn it off or would that not be sufficient? > > > > > > On Wed, Apr 9, 2014 at 8:22 PM, olivier sallou <[email protected]> > > wrote: > >> > >> > >> > >> > >> 2014-04-10 0:45 GMT+02:00 Anders Ingemann <[email protected]>: > >> > >>> On 9 April 2014 23:14, Himanshu Vasishth <[email protected]> wrote: > >>>> > >>>> Good point. It would certainly not be desirable of a long running > >>>> process was restarted. We could definitely add a note to image > >>>> description. > >>>> > >>>> How about also adding a message to motd so that when users login they > >>>> are made aware of the fact that automatic security updates are turned on > >>>> and that users should review the settings if they are running long > >>>> running processes? Let me know if motd is not the right mechanism for > >>>> this and if there is a different way this should be done. I am still > >>>> learning about various aspects of Debian. > >>>> > >>>> > >>>> On Wed, Apr 9, 2014 at 1:59 PM, Tomasz Rybak <[email protected]> > >>>> wrote: > >>>>> > >>>>> Dnia 2014-04-09, śro o godzinie 11:06 -0700, Himanshu Vasishth pisze: > >>>>> > Hey everyone > >>>>> > > >>>>> > > >>>>> > I just wanted to give a quick heads up. We have pushed new images on > >>>>> > GCE which includes the latest version of openssl package (1.0.1e-2 > >>>>> > +deb7u6) which addresses CVE-2014-0160. The new images are named > >>>>> > debian-7-wheezy-v20140408 and backports-debian-7-wheezy-v20140408. > >>>>> > > >>>>> > > >>>>> > We have also provided instructions to users no how they can update > >>>>> > their running instances > >>>>> > at https://developers.google.com/compute/docs/security-bulletins. > >>>>> > > >>>>> > > >>>>> > Now that the images are out, one of the questions that this brings up > >>>>> > is - should we have automatic upgrades turned on for security issues > >>>>> > by default on Debian images running on GCE? > >>>>> > > >>>>> > > >>>>> > The unattended-upgrades package is configured to only do security > >>>>> > updates by default, and for most users this would be a good thing to > >>>>> > turn on. I suspect most users won't mind, and for the small set that > >>>>> > do care about every update, it would be easy enough for them to turn > >>>>> > it off. > >>>>> > >>>>> On one hand having security fixes applied is a Good Thing. > >>>>> On the other hand - if I would start some long-running process > >>>>> during which something (here apt) would restart my database, > >>>>> it would not be nice. > >>>>> > >>>>> But adding some note (to README, or image description) about > >>>>> such autoupdate should fix the problem; e.g. Amazon shows times > >>>>> when it can update PostgreSQL and such a knowledge allows > >>>>> for planning longer jobs. > >>>>> > >>>>> Best regards. > >>>>> > >>>>> -- > >>>>> Tomasz Rybak <[email protected]> GPG/PGP key ID: 2AD5 9860 > >>>>> Fingerprint A481 824E 7DD3 9C0E C40A 488E C654 FB33 2AD5 9860 > >>>>> http://member.acm.org/~tomaszrybak > >>>>> > >>>> > >>> > >>> > Now that the images are out, one of the questions that this brings up > >>> > is - should we have automatic upgrades turned on for security issues by > >>> > default on Debian images running on GCE? > >>> > >>> I think that is a really bad idea (sorry for being blunt), not only > >>> because of what Tomasz mentioned but also because you may have customers > >>> who have closed down all incoming connections on their machines and only > >>> allow outgoing ones (configuration through puppet/chef etc., work being > >>> done by fetching from a queue etc.). Those machines will pretty much > >>> never need any updates. > >>> I think the unix principle of least surprise applies here: When users > >>> boot up a vanilla official debian image, do they expect unattended > >>> security upgrades to be turned on by default? > >>> The debian installer doesn't do that and neither do most ready to go > >>> debian installations I have encountered. > >>> Just my two cents :-) > >> > >> > >> +1 > >> why not simply specify in the README that there is NO automatic security > >> update and that if user wishes to do so , he can simply activate it. Image > >> should not launch any unattended action by default. > >> > >> Olivier > >>> > >>> > >>> Anders > >> > >> > >> > >> > >> -- > >> > >> gpg key id: 4096R/326D8438 (keyring.debian.org) > >> > >> Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438 > > > > > > > > -- > Jose R R > http://www.metztli-it.com > --------------------------------------------------------------------------------------------- > NEW Apache OpenOffice 4.0.1! Download for GNU/Linux, Mac OS, Windows. > --------------------------------------------------------------------------------------------- > Daylight Saving Time in USA & Canada ends: Sunday, November 02, 2014 > --------------------------------------------------------------------------------------------- > > -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/1397159715.3780.25.camel@Void
