all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
From: "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de>
To: Matthew Brooks <matthewfbrooks@mailbox.org>,
	Arne Babenhauserheide <arne_bab@web.de>,
	Ricardo Wurmus <rekado@elephly.net>
Cc: 36659@debbugs.gnu.org
Subject: bug#36659: There should be an unattended upgrades service
Date: Tue, 16 Jul 2019 16:04:12 +0200	[thread overview]
Message-ID: <20190716140412.b24vfd5jfr6vgydg@pelzflorian.localdomain> (raw)
In-Reply-To: <20190716022907.534539fc@mailbox.org>

This is just my opinions/ideas:

On Tue, Jul 16, 2019 at 02:29:07AM -0500, Matthew Brooks wrote:
> If an automatic updater is included by default (which I think would
> be a rather bad idea), it absolutely needs to be very easy for a
> user to disable.

Guix System should target non-power users too.  It is already much
easier to install packages and services than in Debian, especially if
no sudo were ever needed as Arne wrote in his reply.

Perhaps if the unattended upgrades service were not included in
%desktop-services but selectable in the Guix System graphical
installer and selected by default, users would feel more in control
and existing users would not be surprised.

If unattended-upgrades-service-type checked with NetworkManager for
metered connections *and* if substitutes are available *and* the power
user can configure a blacklist/whitelist of trusted connections, the
only downside I see is less internet bandwidth during upgrades and
slightly more battery drain, but security is more important and the
more responsible default.

Maybe make it configurable if upgrades should be performed when on
battery.

Maybe users could stop an upgrade via libnotify notification?

On Tue, Jul 16, 2019 at 03:23:35PM +0200, Arne Babenhauserheide wrote:
> I would most of all like to see a CVE-checking service that tells me
> about security updates. Sometimes I’ll ignore updates for a few weeks
> because I have a setup that absolutely must keep working, because I
> could not even afford half an hour of brokenness, but I must still do
> security updates, and I would like Guix to tell me about those.
>

A CVE notification service would be right for %desktop-services, I
think.

Regards,
Florian

  parent reply	other threads:[~2019-07-16 14:05 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-15 10:17 bug#36659: There should be an unattended upgrades service pelzflorian (Florian Pelz)
2019-07-16  7:29 ` Matthew Brooks
2019-07-16 12:46   ` Ricardo Wurmus
2019-07-16 13:23     ` Arne Babenhauserheide
2019-07-24 16:35       ` Ludovic Courtès
2019-07-16 14:04   ` pelzflorian (Florian Pelz) [this message]
2020-11-30 16:40 ` Tobias Geerinckx-Rice via Bug reports for GNU Guix

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190716140412.b24vfd5jfr6vgydg@pelzflorian.localdomain \
    --to=pelzflorian@pelzflorian.de \
    --cc=36659@debbugs.gnu.org \
    --cc=arne_bab@web.de \
    --cc=matthewfbrooks@mailbox.org \
    --cc=rekado@elephly.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.