Ubuntu
unattended-upgrades package

Auto-updates should be enabled by default

Bug #1031098 reported by BUGHUNTER
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
unattended-upgrades (Debian)
Fix Released
Unknown
unattended-upgrades (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

situation:
minimal ubuntu server image, installation of this package done manually with "aptitude install unattended-upgrades".

problem:
unattended-upgrades actually do not happen, because I have to edit config files before - but the system does not give me any hint about this - so I just install this package and think "great feature, can sleep now very good" - evil guys are just waiting for the first remote exploit and they know that I am sleeping well while my system gets more vulnarable with every missed security update...

[Additionally, the documentation about "Automatic updates" - btw, why the irritating change of terminology here? - is flawed, see bug filed there by me today.]

I do not understand why unattended-upgrades do not just happen after I install this package. This looks like a design error to me and should be corrected - this security related feature should be as easy as possible to get working. This package should just start working with reasonable defaults without any need for the user to edit config files.

And if there is a need to edit config files after installation, the user should be informed about this fact right after installation - from what I see from doing tests with 12.04 this feature does not just start working ootb, but needs manual config file editing after installation.

It would be even better if the installation process will not end successfully, if it just installs this package without proper config - there is no sense in having an installed package named "unattended-upgrades" if these upgrades are actually not going to happen.

My observations may be wrong. I hope so.

Thank you very much for your attention!

Revision history for this message
Michael Vogt (mvo) wrote :

Thanks for your bugreport and for sharing your concern.

The package has a "debconf" prompt with the priority "medium" that asks if the feature should be automatically
be enabled. I agree though that its not ideal, I wonder what do to make it more obvious, maybe a text displayed
after install if no config is setup? Or split the package into unattended-upgrades-core and unattended-upgrades
and the -core package contains the code the unattended-upgrades the implementation.

Ideas welcome.

Revision history for this message
BUGHUNTER (bughunter) wrote :

A text after install if no config is setup should be the minimum and is absolutely necessary - as I described it is very easy to install this package and leave the system NOT upgrading itself unattended.
IMHO the user already gives a clear order to make unattended upgrades functional by installing this package - so the state after installation should be a system, that is doing unattended upgrades - the logic should be reverted: if somebody installs this package and does NOT want unattended upgrades to happen, (s)he should edit config files, noot the other way around.
BTW after this long period of time I still do not know a way, how to enable unattended upgrades for 12.04 server - could you please point me to some 100% correct information about this? I can not use Ubuntu Server if there is no clear public documentation about the procedure of activating unattended upgrades.
Thanks for your attention!

Revision history for this message
Michael Vogt (mvo) wrote :

Thanks for your suggestions.

The package is installed by default on most ubuntu system, this is why its not enabled by default.
But I do agree that its not ideal, maybe splitting in unattended-upgrades-core that would contain
the binary and support files etc (and that would be installed by default). And then unattended-upgrades
that is not installed by default and that would on install automatically activate the feature.

How does that sound?

Revision history for this message
Michael Vogt (mvo) wrote :

As for enabling it:
$ sudo dpkg-reconfigure -pmedium unattended-upgrades
should work.

summary: - Design flaw: does nothing after install?
+ Design flaw: does nothing after install? split package into {,-core} ?
Changed in unattended-upgrades (Ubuntu):
importance: Undecided → High
status: New → In Progress
Revision history for this message
Mathew Hodson (mhodson) wrote : Re: Design flaw: does nothing after install? split package into {,-core} ?

I believe this is fixed in Xenial and auto-updates should be enabled by default.

---
unattended-upgrades (0.90) unstable; urgency=medium

  [ Alexandre Detiste ]
  * tweak a bit the French translations

  [ Michael Vogt ]
  * debian/templates: set unattended-upgrades/enable_auto_updates to
    "true" (Closes: #707055)
  * debian/config: set debconf questions about origin/enable to low

 -- Michael Vogt <email address hidden> Thu, 18 Feb 2016 14:05:58 -0800

Changed in unattended-upgrades (Ubuntu):
importance: High → Wishlist
status: In Progress → Fix Released
summary: - Design flaw: does nothing after install? split package into {,-core} ?
+ Auto-updates should be enabled by default
Bug Watch Updater (bug-watch-updater)
Changed in unattended-upgrades (Debian):
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.