Default action policy for "Security Updates" changed between 14.04 and 16.04

Status changed to 'Confirmed' because the bug affects multiple users.

Reassigning to unattended-upgrades which is what has the configuration, software-properties is just a frontend allowing to edit it

you might want to write about that to the ubuntu-devel@ mailing list which is better discussed for such discussions

bug #1690980 is about the lack of feedback when trying to shutdown or reboot

This issue affects me directly. I have been using 16.04.x for about 1.5 years and for most of that time updates (security and otherwise) have been carried out just as I have directed. However, not long ago I discovered that updates were being carried out in the background with disregard for the options I have chosen. Unattended Updates has been enabled and working in the background. I had never heard of it and could not find an interface to affect it.

I discovered it a few weeks ago when firefox 55.0.2 was pushed out. Some one hadn't done enough beta testing and introduced a pretty severe bug to a very large community of users. I quickly rolled it back only to find it reinstalled the next day. And, again the next. Some one decided that FF needed to be updated every day, without permission and without notification.

After some investigation I found that some in the Ubuntu community have openly supported this policy in order to "better serve" the community. Apparently, the sentiment is that the average user can not be trusted to keep their own computer updated and thereby exposing the community to risk. It is for the good of the community as a whole.

The FF issue is a perfect example of a continuous distributed denial of service imposed by policy. The people who turned "on" the unattended upgrade policy are not listening to the feedback. As of today, FF 55.0.2 is still severely broken (on my platform) and is still being pushed out on any automatic or manual update unless unattended upgrades are disabled completely or FF eliminated from apt upgrades manually.

Conclusion: I did not turn this tool on. In fact, I had selected to turn everything automatic "OFF". No one asked me for permission. No one notified me that a policy had been chosen for me that over rides MY CHOICE - did I say that loud enough?.

I installed 16.10.x on a new laptop a month ago and I see that unattended updates is installed and active - overriding my choices by default. In Software and Updates, I have all automatics turned off and yet every night that system downloads and updates my computer. Who the hell are you people?

Yes, of course there is a way to turn it off - before some one tries to tell me "all you have to do is...."

That is not the issue! You turned it on! I sincerely urge you to back off your holly-er than thou point of view and honer end user choices. NO more secret policy changes! And, no more unintended consequences resulting from those policies. Should we not be able to trust you?

I spelled Honor wrong. How embarrassing!

Me too. Workaround at https://ubuntu-mate.community/t/firefox-55-0-2-doesnt-start-crashes-on-ubuntu-mate-raspberrypi-3/14637/4

Unattended-upgrades is for server images and is not usually installed with a desktop. You should be moaning to Martin Wimpress about this.

@adamsmith: you're wrong, the package is installed in stock ubuntu.
This is an ubuntu problem.

Sorry, yes you are right. I've been working with lubuntu too much which doesn't. Ubuntu-mate didn't used to ship with it either, but that seems to have changed in recent versions.

Carry on.

So, errata. Turns out I was wrong too.

I met @kirkland Dustin Kirkland at ubuncon-europe last week end and we talked about this.

It turns out this change IS official policy and is advertised here:

https://insights.ubuntu.com/2016/12/08/ubuntu-16-04-lts-security-a-comprehensive-overview/
https://wiki.ubuntu.com/Security/Features

I still feel this was somewhat under reported and that the classic media sources that cover Ubuntu have dropped the ball big time but I can't fault Ubuntu for that so I'm closing this issue.

I'll just have to remember to turn this off on any new install or mention it to
the machine's owner and explain the possible consequences.