fligth 5 testing

[Colin Watson]

On Thu, Mar 16, 2006 at 11:56:18PM +0000, Paul Sladen wrote:
> On Wed, 15 Mar 2006, மு.மயூரன்  wrote:
> > 2. downloading updates on installation time is annoying. atleast put an
> > option to get rid of it.
> 
> This is to ensure that you're being exposed to the internet, that your
> machine is uptodate with any security fixes between when the CD you have was
> released and the present.
> 
> Aswell as the normal security updates for the linux kernel and other daemons
> this ensures that people still using CDs with the security update that came
> out last week will be covered by the time they've finished installing.

I do not believe that this is true; I believe that people must upgrade
manually after installation before creating any other local users (which
is a sensible precaution anyway, since we have fixed other
local-privileges-escalation vulnerabilities since Breezy). Have you
tested this claim to make sure it's really true? I think we need to be
very careful about what we say about this.

One reason I don't think it's true is that the packages in question are
installed as part of the first stage, and, while we might manage to
download updated versions of packages being installed fresh in the
second stage rather than using the versions on the CD, I'm pretty sure
we don't upgrade anything that was currently installed unless versioned
dependencies force us to do so.

Cheers,

-- 
Colin Watson                                       [cjwatson at ubuntu.com]