Correctly install security updates on Debian #129
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently, whilst Debian is advertised as supported, the
unattended-upgrades
configuration doesn't actually install security updates, which could leave users with vulnerable servers, even though they've installed a package designed to install security updates automatically.This PR adds the Debian syntax for their security Origin, in a way which supports both Debian and Ubuntu-based distributions. Currently, it special-cases Debian, but I'm not opposed to special-casing both Debian and Ubuntu explicitly.
I would have gone through responsible-disclosure channels, as this has severe security ramifications with this change, however this is a very public issue already, but hasn't been resolved:
#126 is a great start, however the default configuration should still install security updates, as mentioned in the README.