Please don't automatic upgrade

[Vincenzo Ciancia]

> By the way, when was the last time an update (in a stable release) broke X?  
> September 2006 is the last (and only!) one I remember.  Ever since then, 
> there's this horrible fear...come on, the lesson was learned, and kernels 
> aren't being released until their accompanying modules are done building now. 
> Shouldn't Jaunty's DKMS prevent issues with people who aren't using 
> repository-sourced graphics drivers anyway?
> 

It happens from time to time, e.g. the post-installs of nvidia drivers
(ok I have an nvidia, but notice that they are auto-configured and
maintained by ubuntu itself) sometimes screw up. The very famous cases
are not the only one.

> > Notice that you first have to solve the problem of the dpkg database
> > breaking, which actually happens and breaks the upgrade system,
> 
> How common is that?  And isn't it something that only happens if you manually 
> kill -9 an apt process or if your hard drive is failing (which is expected to 
> cause everything to break anyway)?  Do your parents know about kill -9?
> 

Dpkg database breaking is common, don't know why but had various friends
fall into that. Exhausting disk space is also common, and currently apt
or synaptic DO NOT recover gracefully as they should. Exactly because
that is going to break everything, we should avoid the risk of this
happening automatically. This is made worse because upgrades are runned
as root hence they do not leave the 5% "reserve" of disk space that user
applications are constrained to - by the default format options.

> > and of
> > the system running out of space in /var and /tmp. Which you BET will
> > happen soon, or later.
> 
> Not if you use that wonderful little setting in Software Sources so that it 
> doesn't hold onto old packages until the end of time (and then some).  As long 
> as you let it auto-delete old debs, / shouldn't be filling up.

The "/" will fill-up as soon as you install new applications, and also
either that wonderful setting is not enabled by default or it doesn't
work, because I ran out of disk space during an upgrade yesterday :)


>   Also, if you 
> use the default Ubuntu install mode, /var, /tmp, and / will not be separate 
> partitions.  You'd need to fill the entire drive, at which point I wonder how 
> you're getting anything done at all.
> 

There is also /var/lib, and that partition may definitely fill in in a
number of curious ways. A power loss may happen, but much simpler: a
deadlock in a post-install may happen too, constraining the user to
either kill or reboot. Not that I expect this for security upgrades. I
think all of us, (and I bet you included), experienced at least one case
in which the system consistency was lost during an upgrade. This may not
look like, but robustness to big failures is a serious problem of the
dpkg/apt combination. If the system is made "transactional" in this kind
of maintenance operations I will have no further objections :)

It seems to me that you have never experienced a failure in a machine
which is miles away from you, and that your parents need absolutely to
work "today". It's a huge problem then, because your ordinary PC
technician will either laugh in your face, or promise you to re-install
linux and not do it. My mother had both the experiences and both times
agreed with the technician that I was crazy in insisting parents should
use linux. What a shame parents believe to technicians (perhaps with
moustaches?) more than their childrens :)

What I advocate is that machines that can't be repaired by someone
should not be touched unless you are sure that your users are able to
rollback, and this is not our case.

> > My best suggestion if you want e.g. your parents to use ubuntu without
> > risk when you are miles away from home, is to give them an USER account,
> > not an ADMINISTRATOR one, so they will not be bothered with upgrades
> > they don't understand. The USER accounts have been designed with your
> > parents in mind. The ADMINISTRATOR accounts, they are for You!
> 
> So um...when do the security updates get installed?  When you visit for 
> Christmas?

Of course! Not joking. My mother uses an "user" account, and let me
insist, I don't see why I should call my mother an "administrator". She
is an ex-teacher of humanities, and she is 70. The last thing on earth I
want to see is her fiddling with system upgrades.

If you would like, we can design a survey and try to gather historical
information on how many times our ordinary home users have faced
security problems due to missing upgrades, and how many times a system
upgrade broke an user's system. The only time I remember in my life to
have heard of a machine infected because of not having been properly
updated... it was a server of the _debian_ project. You should remember
the circumstances :)

If worms will appear for ubuntu, serious consideration for on-time
security upgrades may be taken, but until now I don't think the risk is
worth the benefit.

> 
> > OTOH, thanks to the power of the command line that only us unix freaks
> > understand :) you can install ssh and eventually do upgrades remotely.
> > But when your mom calls and says "hey the computer is broken" you know
> > what you did the night before.
> 
> Assuming you copy down the package list and changelogs on a piece of paper, 
> right?

What I mean is that you know why it's broken as opposed to "I don't
remember but perhaps it broke on Saturday" (and how can you know there
where updates on friday?). Finding how to repair it is another problem
(ssh may be keeping to work, though). No need for paper, we all
have /var/lib/dpkg/status-old, just it is NOT used to recover from
broken package databases.

Vincenzo

-- 
It is also important to note that hedgehogs do not actually hurt each 
other when they get close to one another. Actually, when living in 
groups, hedgehogs often sleep close to each other. 
http://en.wikipedia.org/wiki/Hedgehog%27s_dilemma