Software updater snuck in a package that is unwanted
Colin Law
clanlaw at gmail.com
Tue Oct 17 09:43:25 UTC 2017
On 17 October 2017 at 10:24, Bret Busby <bret.busby at gmail.com> wrote:
> On 17/10/2017, Colin Law <clanlaw at gmail.com> wrote:
>> On 17 October 2017 at 09:32, Bret Busby <bret.busby at gmail.com> wrote:
>>> On 17/10/2017, Colin Law <clanlaw at gmail.com> wrote:
>>>> ..
>>>> So did you manage to find the settings to change it as I described?
>>>>
>>>
>>> Without information (details) otherwise, I think this was already
>>> covered in the thread, where all that I could do, was to stop the
>>> checking for updates, but I could not stop the automated installation
>>> of updates/upgrades, once they are found (whether they are found
>>> manually or by automation).
>>>
>>
>> On the Updates tab what options do you see against "When there are
>> security updates:"?
>>
>
> In Software Updater -> Settings, which takes me to Software & Updates,
> in the Updates tab, in the line with the box with the label "When
> there are security updates", three options are displayed:
> Display immediately
> Download automatically
> Download and install automatically
>
> It has occurred to me, from that, that you might suggest that I
> restore the options to automatically check for updates, and, in that
> box, select the option
> Display immediately
>
> and that I should thence be safe from the updates being automatically installed.
>
> But, with the package
> " unattended-upgrades", with the
> description "automatic installation of security upgrades"
> I am not confident that anything other than the removal of that
> package, would prevent "automatic installation of security upgrades".
The best way to get confidence is to try it. If you find it does still
upgrade without asking then file a bug. I have it as you suggest and
as far as I know it has never installed anything behind my back.
I would also query your use of the word 'safe' in "that I should
thence be safe from the updates being automatically installed". If
you choose not to install security upgrades then by definition you are
not safe. I accept the slight increase in risk by selecting it to just
notify me as mostly I believe I know what I am doing, but for less
knowledgeable users the default of automatically installing security
upgrades is the best option. To call this a Trojan is ludicrous,
particularly as it is so easily disabled.
Colin
More information about the ubuntu-users
mailing list