Unverified Commit 2b9b5948 authored by
No longer install unattended-upgrades by default
This has been requested by the Debian security team: https://lists.debian.org/debian-boot/2018/05/msg00250.html Quoting Moritz Mühlenhoff: unattended-upgrades is a crude hack at best and _not_ suitable for a default installation. There are selected scenarios where it might be useful (such as a staging or test environment), but there will always be security updates which are not sufficiently resolved by simply installing a package or which will even break installations if no additional changes are made. The only supported way to deploy a security update issued by the Debian Security Team is to follow our advisories (which will provide instructions if an update requires subsequent steps) and test it before it gets rolled out to additional machines. While we have a very low regression rate, those are inevitable to a certain extent and there's always stuff you cannot test/cover (local packages, cruft from previous releases). u-u is also very rudimentary. It doesn't support service restarts e.g., so installing an openssl update is pretty pointless as it doesn't even attempt to warn/act on library restarts. It's also very brittle, only a few days ago I had to fix a stretch system where it uninstalled virtually all KDE packages after installing the VLC update (which installed a new version of libvlccore and all went kaboom). All this crap falls back to the security team, because people think our update broke the system. Or stuff like https://lists.debian.org/debian-security/2018/05/msg00011.html u-u breaks stuff (and would even more so if installed by default on servers, where it will cause unpredictable server downtimes during restarts etc.) and Debian should not be broken by default. If users make a concious decision to accept the consequences of unattended-upgrades, then they can install it explicitly and have to deal with the fallout, but it must not be part of a default installation.
Showing with 12 additions and 5 deletions