Hi I'm aiming to auto install security updates, and have configured unattended-upgrades like this:
Unattended-Upgrade::Origins-Pattern { "origin=Debian,codename=${distro_codename},label=Debian-Security"; }; Unattended-Upgrade::Package-Blacklist { }; While this works _most_ of the time, it does not work _all_ of the time. A common issue is when a security update depends on another, new package that is not in Debian-Security. Since a few days, this is the case again: WARNING package linux-image-cloud-amd64 upgradable but fails to be marked for upgrade () It appears that linux-image-cloud-amd64 is the security update, but it depends on linux-image-4.19.0-17-cloud-amd64 which is not a security update. If I add "origin=Debian,codename=${distro_codename},label=Debian"; to the Unattended-Upgrade::Origins-Pattern list (basically the default), it works but then all packages get updated - which I don't want. I saw there is a Unattended-Upgrade::Package-Blacklist option, which has the granularity I need (package name regex), but that is to *restrict* what can be auto installed. I think I'm looking for the opposite. Any ideas on how one would auto install security updates including any dependencies that are not in Debian-Security? If this is the wrong forum, apologies, and what would be a more suitable place to ask. thx! -- Dick Visser Trust & Identity Service Operations Manager GÉANT