[Bug 1700930] [NEW] Default action policy for "Security Updates" changed between 14.04 and 16.04
Etienne Papegnies
etienne.papegnies at univ-avignon.fr
Wed Jun 28 09:03:33 UTC 2017
Public bug reported:
In Ubuntu 14.04.5, the default policy under the "Updates" tab for
"Security Updates" is set to "Display Immediately".
In Ubuntu 16.04+, the default policy is now "Download and Install
Immediately".
I think this occurred due to the fix rolled out for bug #1554099.
This has the following consequences:
- Users may be denied apt lock when trying to install software because
unattended-upgrades is running in the background.
- If a shutdown is forced when the background update is running, users
may be left with an unstable system
- In case the update server is compromised and made to deliver malware,
the blow to the userbase will be massive
- From a PR standpoint, this moves away from the previous "your system
won't ever do stuff without your permission" default policy.
I'm of the opinion that the "Display Immediately" default should be
rolled back. Failing that at least an official policy change
announcement should be published so that users are made aware of this
new default.
** Affects: software-properties (Ubuntu)
Importance: Undecided
Status: New
** Tags: xenial yakkety zesty
** Description changed:
In Ubuntu 14.04.5, the default policy under the "Updates" tab for
"Security Updates" is set to "Display Immediately".
In Ubuntu 16.04+, the default policy is now "Download and Install
Immediately".
I think this occurred due to the fix rolled out for bug #1554099.
This has the following consequences:
- Users may be denied apt lock when trying to install software because
unattended-upgrades is running in the background.
- If a shutdown is forced when the background update is running, users
may be left with an unstable system
- In case the update server is compromised and made to deliver malware,
the blow to the userbase will be massive
- From a PR standpoint, this moves away from the previous "your system
won't ever do stuff without your permission" default policy.
- I'm in the opinion that the "Display Immediately" default should be
+ I'm of the opinion that the "Display Immediately" default should be
rolled back. Failing that at least an official policy change
announcement should be published so that users are made aware of this
new default.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to software-properties in Ubuntu.
https://bugs.launchpad.net/bugs/1700930
Title:
Default action policy for "Security Updates" changed between 14.04 and
16.04
Status in software-properties package in Ubuntu:
New
Bug description:
In Ubuntu 14.04.5, the default policy under the "Updates" tab for
"Security Updates" is set to "Display Immediately".
In Ubuntu 16.04+, the default policy is now "Download and Install
Immediately".
I think this occurred due to the fix rolled out for bug #1554099.
This has the following consequences:
- Users may be denied apt lock when trying to install software because
unattended-upgrades is running in the background.
- If a shutdown is forced when the background update is running, users
may be left with an unstable system
- In case the update server is compromised and made to deliver
malware, the blow to the userbase will be massive
- From a PR standpoint, this moves away from the previous "your system
won't ever do stuff without your permission" default policy.
I'm of the opinion that the "Display Immediately" default should be
rolled back. Failing that at least an official policy change
announcement should be published so that users are made aware of this
new default.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1700930/+subscriptions
More information about the foundations-bugs
mailing list