From: "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de>
To: Matthew Brooks <matthewfbrooks@mailbox.org>,
Arne Babenhauserheide <arne_bab@web.de>,
Ricardo Wurmus <rekado@elephly.net>
Cc: 36659@debbugs.gnu.org
Subject: bug#36659: There should be an unattended upgrades service
Date: Tue, 16 Jul 2019 16:04:12 +0200 [thread overview]
Message-ID: <20190716140412.b24vfd5jfr6vgydg@pelzflorian.localdomain> (raw)
In-Reply-To: <20190716022907.534539fc@mailbox.org>
This is just my opinions/ideas:
On Tue, Jul 16, 2019 at 02:29:07AM -0500, Matthew Brooks wrote:
> If an automatic updater is included by default (which I think would
> be a rather bad idea), it absolutely needs to be very easy for a
> user to disable.
Guix System should target non-power users too. It is already much
easier to install packages and services than in Debian, especially if
no sudo were ever needed as Arne wrote in his reply.
Perhaps if the unattended upgrades service were not included in
%desktop-services but selectable in the Guix System graphical
installer and selected by default, users would feel more in control
and existing users would not be surprised.
If unattended-upgrades-service-type checked with NetworkManager for
metered connections *and* if substitutes are available *and* the power
user can configure a blacklist/whitelist of trusted connections, the
only downside I see is less internet bandwidth during upgrades and
slightly more battery drain, but security is more important and the
more responsible default.
Maybe make it configurable if upgrades should be performed when on
battery.
Maybe users could stop an upgrade via libnotify notification?
On Tue, Jul 16, 2019 at 03:23:35PM +0200, Arne Babenhauserheide wrote:
> I would most of all like to see a CVE-checking service that tells me
> about security updates. Sometimes I’ll ignore updates for a few weeks
> because I have a setup that absolutely must keep working, because I
> could not even afford half an hour of brokenness, but I must still do
> security updates, and I would like Guix to tell me about those.
>
A CVE notification service would be right for %desktop-services, I
think.
Regards,
Florian
next prev parent reply other threads:[~2019-07-16 14:05 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-15 10:17 bug#36659: There should be an unattended upgrades service pelzflorian (Florian Pelz)
2019-07-16 7:29 ` Matthew Brooks
2019-07-16 12:46 ` Ricardo Wurmus
2019-07-16 13:23 ` Arne Babenhauserheide
2019-07-24 16:35 ` Ludovic Courtès
2019-07-16 14:04 ` pelzflorian (Florian Pelz) [this message]
2020-11-30 16:40 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190716140412.b24vfd5jfr6vgydg@pelzflorian.localdomain \
--to=pelzflorian@pelzflorian.de \
--cc=36659@debbugs.gnu.org \
--cc=arne_bab@web.de \
--cc=matthewfbrooks@mailbox.org \
--cc=rekado@elephly.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).