Thanks, Tomasz, for putting together the summary. Sorry I couldn't be there.
On Tue, Jul 31, 2018 at 12:37:51PM +0200, Tomasz Rybak wrote: > There was intensive discussion related to automated/unattended > upgrades of our images: whether we should do it at all (there may be > run in environment w/o internet access), when (usage needs, avoiding > killing mirror when thousands of machines try to perform upgrade at > once, etc.). I probably shouldn't be surprised by this, but I am. The installation of unattended-upgrades by default was something we decided on, and announced to -devel, two years ago. I'll restate my previous position on this: On a well-maintained system, u-u is trivial to disable if that's the admin's desire. On a non well-maintained system, u-u is essential for the safety of the user, the cloud provider, and the internet at large. If there are changes we can make to the configuration we install in cloud environments, those can be discussed, but as far as I'm concerned the basic default availability of u-u is beyond debate. > Some vendors upgrade during restart, but it lengthens boot time, which > matters when VM is run for short time (common use case for clouds). No > consensus was found - but we should check what Ubuntu does. Minor nit: Package updates are installed during *first* boot, not typically *reboot*. The distinction is important for two reasons: 1. cloud-init, which is typically what's handling this task, makes a distinction between first boot and subsequent reboots, and typically only installs updates on first boot. 2. Cloud instances are very often never rebooted. They boot once, and are replaced. (There are, of course, exceptions; we need to be aware of both use cases.) noah
signature.asc
Description: PGP signature
