GNU bug report logs - #36659
There should be an unattended upgrades service

Previous Next

Package: guix;

Reported by: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>

Date: Mon, 15 Jul 2019 10:18:02 UTC

Severity: normal

Done: Tobias Geerinckx-Rice <me <at> tobias.gr>

Bug is archived. No further changes may be made.

Full log

Message #20 received at 36659 <at> debbugs.gnu.org (full text, mbox):

From: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>
To: Matthew Brooks <matthewfbrooks <at> mailbox.org>,
 Arne Babenhauserheide <arne_bab <at> web.de>,
 Ricardo Wurmus <rekado <at> elephly.net>
Cc: 36659 <at> debbugs.gnu.org
Subject: Re: bug#36659: There should be an unattended upgrades service
Date: Tue, 16 Jul 2019 16:04:12 +0200

This is just my opinions/ideas:

On Tue, Jul 16, 2019 at 02:29:07AM -0500, Matthew Brooks wrote:
> If an automatic updater is included by default (which I think would
> be a rather bad idea), it absolutely needs to be very easy for a
> user to disable.

Guix System should target non-power users too.  It is already much
easier to install packages and services than in Debian, especially if
no sudo were ever needed as Arne wrote in his reply.

Perhaps if the unattended upgrades service were not included in
%desktop-services but selectable in the Guix System graphical
installer and selected by default, users would feel more in control
and existing users would not be surprised.

If unattended-upgrades-service-type checked with NetworkManager for
metered connections *and* if substitutes are available *and* the power
user can configure a blacklist/whitelist of trusted connections, the
only downside I see is less internet bandwidth during upgrades and
slightly more battery drain, but security is more important and the
more responsible default.

Maybe make it configurable if upgrades should be performed when on
battery.

Maybe users could stop an upgrade via libnotify notification?

On Tue, Jul 16, 2019 at 03:23:35PM +0200, Arne Babenhauserheide wrote:
> I would most of all like to see a CVE-checking service that tells me
> about security updates. Sometimes I’ll ignore updates for a few weeks
> because I have a setup that absolutely must keep working, because I
> could not even afford half an hour of brokenness, but I must still do
> security updates, and I would like Guix to tell me about those.
>

A CVE notification service would be right for %desktop-services, I
think.

Regards,
Florian
This bug report was last modified 4 years and 170 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.