I meant this about the stale mirror fact. You seemed to have looked up before(?) I did for Debian. I'll add it to the documentation but I am not sure a dev page is the place to put it. Use as a FAQ.
The "debian notices stale mirror attack by using valid-until for release files" fact is a detail. Probably fine to add to a dev page.
What could be documented in documentation is the “Release file expired” message. Here:
What it means, what could cause it and how recommended action.
Thanks for clarifying. I had the impression, you were looking for ways to make apt connect to the repo urls in a random order rather than having apt run at random times.
Ah. Okay.
Besides… Using random mirrors could make sense for load balancing. But that’s another discussion, no pressing issue yet and a fix not that simple.
[quote]One Debian unattended upgrades package is just a cron / shell script and adding a randomizing feature doable by any less than decent coder. What it needs are people who get the code done. Ideally merged into Debian. By suggesting a patch for Debian. As an option [so Whonix just turns this on] or even better turned on by default. I guess they'd like it randomized for other reasons (load balancing) anyway.[/quote]
I did not mean to imply that you do it. I thought it was something you wanted to implement in Whonix but needed more information/research on what you could use for it.
Okay.
I see explaining this is quite difficult. That dev page is aiming to provide to answer for people suggesting:
- One click upgrade button for Debian packages
- Unattended upgrades in background for Debian packages
- Adding GUI Updater
All sounds quite simple at first thought, but really isn’t that simple.
For example…
Reasons against Automatic Updates:
- Apparently mysterious [2] system load.
- Apparently mysterious [2] network load.
Aren’t unsolvable issues.
With a good user interface it would be possible to have a notification in X as well as in terminal as well as having options to stop / postpone updates. But it’s not worth adding that information. To solve it we need creative people with a lot self initiative and motivation to develop it. Writing a full concept with full problem analysis and proposed solution while not having someone to implement it would be a lot wasted work that is better spend on actual development. Because I think to the ones who would have the creativity, self initiative and motivation to develop it, will occur such a simple thought on how to implement it anyway. The ones implementing such things are mostly also not the ones reading and implementing a full concept, I think. It’s less about information, it’s more about dialogue. Also a lot text that leaves no room for questions often rather scares potential contributors away. Having them propose the solution and then talking about implementation details is better timing.
Upstream makes sense, but the inertia of development makes such a request pointless almost.
It depends on the maintainer. No matter how long it takes. Proposing the patch would be useful.