From mboxrd@z Thu Jan 1 00:00:00 1970 From: "pelzflorian (Florian Pelz)" Subject: bug#36659: There should be an unattended upgrades service Date: Tue, 16 Jul 2019 16:04:12 +0200 Message-ID: <20190716140412.b24vfd5jfr6vgydg@pelzflorian.localdomain> References: <20190715101711.gejdpqkyaq2yri3p@pelzflorian.localdomain> <20190716022907.534539fc@mailbox.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:34568) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hnO4m-0000IQ-KC for bug-guix@gnu.org; Tue, 16 Jul 2019 10:05:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hnO4l-00087e-Kp for bug-guix@gnu.org; Tue, 16 Jul 2019 10:05:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:42095) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hnO4k-00087D-Ih for bug-guix@gnu.org; Tue, 16 Jul 2019 10:05:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hnO4k-0001cg-BP for bug-guix@gnu.org; Tue, 16 Jul 2019 10:05:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Content-Disposition: inline In-Reply-To: <20190716022907.534539fc@mailbox.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Matthew Brooks , Arne Babenhauserheide , Ricardo Wurmus Cc: 36659@debbugs.gnu.org This is just my opinions/ideas: On Tue, Jul 16, 2019 at 02:29:07AM -0500, Matthew Brooks wrote: > If an automatic updater is included by default (which I think would > be a rather bad idea), it absolutely needs to be very easy for a > user to disable. Guix System should target non-power users too. It is already much easier to install packages and services than in Debian, especially if no sudo were ever needed as Arne wrote in his reply. Perhaps if the unattended upgrades service were not included in %desktop-services but selectable in the Guix System graphical installer and selected by default, users would feel more in control and existing users would not be surprised. If unattended-upgrades-service-type checked with NetworkManager for metered connections *and* if substitutes are available *and* the power user can configure a blacklist/whitelist of trusted connections, the only downside I see is less internet bandwidth during upgrades and slightly more battery drain, but security is more important and the more responsible default. Maybe make it configurable if upgrades should be performed when on battery. Maybe users could stop an upgrade via libnotify notification? On Tue, Jul 16, 2019 at 03:23:35PM +0200, Arne Babenhauserheide wrote: > I would most of all like to see a CVE-checking service that tells me > about security updates. Sometimes I’ll ignore updates for a few weeks > because I have a setup that absolutely must keep working, because I > could not even afford half an hour of brokenness, but I must still do > security updates, and I would like Guix to tell me about those. > A CVE notification service would be right for %desktop-services, I think. Regards, Florian