unattended-upgrade(8)

Thu Apr 1 21:33:35 UTC 2010

(please keep the discussion on the mailing-list always use "reply-all"
in gmail ;-) or get a getter mail client)

On 1 April 2010 22:17, Alexander Schrijver
<alexander.schrijver at gmail.com> wrote:
>> By default it only installs -security updates. But it is configurable
>> see /etc/apt/apt.conf.d/50unattended-upgrades.
>
> I am not really familiar with Ubuntu so sorry for my ignorance, but this is all
> software which has security bugs?
>

Read up on help.ubuntu.com about Ubuntu archive we have a few sections
& a few repositories. I'm talking about distro repository e.g.
karmic-security. Whatever enters that by default is picked up by
unattended-upgrades.

It's not all software which has security bugs =) we don't know that.
It's all packages which have been updated and are deemed important /
high-risk security vulnerabilities  by Ubuntu security team, e.g. CVE
fixes.

>> Please use polite language =)
> okay :)
>
>> Generally you would want -security fixes as soon as possible.
>>
>> Program is still in memory and their dynamically loadable libraries as
>> well. So it is quite stable. Icons & pictorial data can become
>> inconsistent but I haven't seen unattended upgrade to crash firefox
>> yet.
>
> Not if the library would be loaded after the update has overwritten it.
> Dynamically loaded libraries can be loaded at anytime.
>

Yes but -upgrades and -security do not allow API/ABI changes / so-name
bumps. So we are safe here for majority of programming languages. Read
up about sonames. Just google.

> Isn't it more important that the program keeps running? I mean this
> theoretically could crash programs, it just seems wrong to me.
>

No. Theoretically someone can get access to your system and whipe your
whole hardrive or get you into denial of service. It is more important
to prevent you from becoming a spam sending slave then to prevent
programs from crashing. Also dpkg writes files atomically so in the
file system for a given package you either have old files & new files
or pending / unavailable (e.g. python). And there are no soname
changes in these upgrades. So there has been a lot of work done to
make it as harmless as possible.

Crashing programs is not a problem. Loosing user data is, like for
example the email you have been typing in the browser for an hour is
important that why programs are not shudown. Just because firefox
looks weird it doesn't prevent you to save the email into draft before
restarting firefox.

>> Also if you have low disk space things can get really interesting. I
>> once had less than 100MiB left on my harddrive and Firefox & Gtk look
>> really funky =))))) So is your free disk space fine?
>
> Yeah that is no problem.
>
>> I think I explained it in detail =)
>
> Yes, thank you for your answer :)
>

Your welcome.

>> security only & you get a popup
>> that firefox needs restarting after you as a user decide when to do
>> it. Because user data in the browser is important.
>
> But this is after the upgrade has been installed? Because the program could
> have potentially crashed.
>

Potentially anything can happen =) but because of dpkg & sonames &
ldconfig and massive testing of security fixes & them actually being
really small crashing is hightly unlickly.

If firefox did crash on upgrade instead of "firefox needs restarting"
you will get "firefox has just crashed" and apport will kick in to
start collecting backtraces to send a bug report to launchpad ;-)

> Regards,
>
> Alexander
>

See ya =)