On 1 September 2015 at 03:43, Marco d'Itri <m...@linux.it> wrote: > On Aug 31, Dimitri John Ledkov <x...@debian.org> wrote: > >> Ideally the update generators, targets and units should be split into >> a separate package and not installed by default. Since those are >> really unexpected on Debian. > No, because the system update infrastructure stays idle until some other > package tells it to do something and does not express policies by > itself. > If you do not like the policy being discussed here then you should work > with the maintainer of the package that requests such updates.
huh?! inert things still contribute to the attack service. And it is policy, as multiple update generators are not supported, and are racy. And in Debian, we have multiple things that can do updates (and in future provide implementations for the system updates). furthermore, systemd-system-update-ggenerator is using early generator location, thus all configuration in /etc and /usr is ignored, and one cannot short-circuit system-update.target (to a specific implementation, or a no-op target, or like normally default multi-user.target). Given above a mere presence of systemd-system-update-generator, when inert, does apply policy on each boot. Not to mention delaying each boot, whilst executing itself. And no upstream mechanisms are provided to disable particular generators. Thus for people who don't want to have their boot high-jacked into force uninstalling packages, do dpkg diver away: /lib/systemd/system-generators/systemd-system-update-generator -- Regards, Dimitri.
