Software updater snuck in a package that is unwanted

Bret Busby bret.busby at gmail.com
Tue Oct 17 19:50:22 UTC 2017 

On 18/10/2017, Oliver Grawert <ogra at ubuntu.com> wrote:
> hi,
> Am Mittwoch, den 18.10.2017, 00:03 +0800 schrieb Bret Busby:
>> On 17/10/2017, Oliver Grawert <ogra at ubuntu.com> wrote:
>>
>> <snip>
>>
>> >
>> >  you can easily remove the package)
>> ?
>
> ogra at styx:~$ sudo apt-get purge unattended-upgrades
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> The following packages will be REMOVED:
>   unattended-upgrades*
> 0 upgraded, 0 newly installed, 1 to remove and 1 not upgraded.
> After this operation, 315 kB disk space will be freed.
> Do you want to continue? [Y/n]
> ...
>
> (just press Y there)
>
> but as i said ... with this you take away the ability to know if your
> system is vulnerable for attacks by any malicious software, trojans,
> rootkits, zero-day-exploits etc ... i'd leave it in place and switch
> the config to "notify only" so you can manually update at a convenient
> time.
>
> ciao
> 	oli

One thing that I should have mentioned - before this thing installed,
on that system, as on this system, which does not have that package
installed, I had the Software & Updates configured so as to check
daily for updates, and, the applet set up to warn me of system
updates, so that I would be notified by the System Updater, that
updates were available/required, and, apart from that package being in
there, not as an update, but, as an unnecessary intrusion to trap the
unwary, the updating process worked fine.

Now, because that package is specified as automatically installing
packages, even against the will of the computer administrator, I have
had to disable software updating, including notifications of updates,
on that computer.

Meanwhile, on this computer, which does not have that package
installed, software updates, and, notifications of software updates,
are occurring as they should be.

Why Ubuntu misrepresents that package as a system update, rather than
as an optional extra, is not explained.

That package should never have been included in the system updates in
the Software Updater, and instead, should have been a package that
could be installed as an optional extra, via the Ubuntu Software
centre, if a syatem administrator really wanted to install that
package.

And, therefore, importantly, regarding the text above;

"
> but as i said ... with this you take away the ability to know if your
> system is vulnerable for attacks by any malicious software, trojans,
> rootkits, zero-day-exploits etc ... i'd leave it in place and switch
> the config to "notify only" so you can manually update at a convenient
> time.
"

without that package, I could quite happily, and, confidently, deal
with system updates and security patches. And, apart from that package
getting installed, updating the computers, to keep up with updates,
worked.

Now, with that package installed, system updates, including checking
for updates, have had to be stopped, on that computer.

-- 

Bret Busby
Armadale
West Australia

..............

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
 Chapter 28 of Book 1 of
 "The Hitchhiker's Guide to the Galaxy:
 A Trilogy In Four Parts",
 written by Douglas Adams,
 published by Pan Books, 1992

....................................................

More information about the ubuntu-users mailing list