Automatic and silent installation of security updates

[HC Brugmans]

Wouter Stomp wrote:
> It was suggested on bugzilla by Michael Vogt to discuss this here, so
> here it is:
> 
> The original bug (11856):
> The pretty red icon seems not to be sufficient for end-users, they
> often do not install security fixes. I suggest to open a popup at
> startup wich propose to install updates and allow to install them or
> deporte the upgrade.
> 
> Of course this is very close to update-manager. The update-manager
> should be able to BE that popup if the list of upgrades are in an
> expander and with a phrase more like : « %i updates are available, for
> security reasons, you should install them now. Click on « install » to
> install them. ».
> 
> If the user chooses to upgrade, the upgrade should be silent. A
> blinking/breathing icon in the tray is enough.
> 
> A problem is also that people that do not belong to the admin group
> have this mechanism (icons, etc.) but at the last moment, they realize
> they are not allowed to do such operations.
> 
> --
> 
> My thoughts on this:
> I think the update-manager should also have an option to do it
> completely automatically, without any user-intervention. As long as I
> am not on a development version, the system should just install the
> updates and don't ask anything. As a stable version only gets security
> updates, I see no reason for not installing those updates for almost
> all home users. Make it so that it runs no matter which user is using
> the system, no need for a password, just install the updates in the
> background.
> 
> I would even suggest to make this the default for a desktop install
> (of course only for the official repositories), so every user gets the
> security updates as fast as possible.
> 
> --
> 
> Comments from Michael:
> This is a pretty far reaching change and will need to be discussed in
> a wider audience (e.g. on the ubuntu-devel mainlisting). If we could
> do that, we would have to add a python-apt application that would make
> sure that it only upgrades packages from official ubuntu repositories
> and that it does not change the system state (e.g. not
> installing/removing any packages, only upgrading already installed
> stuff).
> 
> Wouter.
> 

While I agree with the original bug, in that silent installation would 
be a definite plus, I'd not like to see a *totally* silent/automatic 
installation. Not that I mind the software being installed, but it is 
*my* pc, my *tool*, and *I* am in control. Pop up a dialog, let me know 
that updates are needed, and give me the option to do it later, and I'm 
fine with it.

I suspect that a lot of users feel this way. A PC is not supposed to 
think for itself, unless told to do so by the user, at least in my opinion.
Furthermore, a totally silent installation of the kernel seems like a 
very bad thing to me. At the very least it'd make me quite nervous.

Hidde