unatttended-upgrades 0.92ubuntu3 installs all updates but update-manager is set to only install security automatically on development release

I tested this on yakkety and on yakkety it appears to do the right thing. My guess it that it's confused when the security pocket is empty?

I just ran into this on my KDE Neon system when I noticed this morning that a full upgrade of the neon packages was running that I hadn't triggered myself.

From what I can tell, adding "${distro_id}:${distro_codename}" to /etc/apt/apt.conf.d/50unattended-upgrades has the effect of enabling unattended updates for any changes to the main release archive (xenial, in this case).

In the context of a released distro like xenial or yakkety, this works because there are few if any changes to the main archive. But in the case of Zesty, which is presumably under heavy development, changes *are* being made to the main archive, so those updates are being applied.

So I don't think unattended-upgrades is confused - it's doing exactly what the configuration tells it to do: install updates either from the main repository or -security. This doesn't happen in xenial or yakkety simply because there are no updates in the main repo to apply.

That's my guess, anyway, based on my quick crash-course in unattended-upgrades. :-)

Status changed to 'Confirmed' because the bug affects multiple users.

This bug has been reported on the Ubuntu ISO testing tracker.

A list of all reports related to this bug can be found here:
http://iso.qa.ubuntu.com/qatracker/reports/bugs/1649709

I've added a new config option to 50uanattended-upgrades which will by default prevent the development release of Ubuntu from being upgraded.

// This option will controls whether the development release of Ubuntu will be
// upgraded automatically.
Unattended-Upgrade::DevRelease "false";

This bug was fixed in the package unattended-upgrades - 0.93.1ubuntu6

---------------
unattended-upgrades (0.93.1ubuntu6) artful; urgency=medium

  * unattended-upgrades: Do not automatically upgrade the development release
    of Ubuntu unless Unattended-Upgrade::DevRelease is true. (LP: #1649709)

 -- Brian Murray <email address hidden> Wed, 17 May 2017 16:28:32 -0700

I think this is not really a bug.

> update-manager is set to the default settings:
> - Download and install security updates automatically
> - Display other updates weekly
>
> I assume this is a regression caused by the fix for bug 1624641.
>
> Allowed origins are: ['o=Ubuntu,a=zesty', 'o=Ubuntu,a=zesty-security']
>
> And obviously zesty-security isn't open yet.

The default settings are confusing in this case since zesty-security is not open thus security-updates can't be separated from the rest of updates in zesty during the development period.

If one does not want to run unattended-upgrade on a system running development release the package can simply be removed.

So I agree with Terry's comment.

Stable releases have frozen release suite (e.g. "xenial") and all package changes land in pocket suites - "xenial-updates", "xenial-security".

During development of a series, the pocket suites are not in use, and the release suite e.g. "artful" today is the one where all the changes land.

Not upgrading people in devel suite, creates a limbo state where people are stuck on a snapshot of a devel release which is not supported at all. And get a massive dist-upgrade on release date, when it's no longer a dev-series. Also, how would one get the update to unmark oneself to no longer be a dev-series, if u-a is not doing anything?

I think we need to revert this change, and mark it as won't fix. There is no security support for devel series, and pretending that we install security only updates on devel series is silly.