Yesterday we discussed once more this topic, and after exchanges with several stakeholders there was agreement to increase the allowed window in which refreshes may be scheduled.
The agreed semantics to be implemented are the following:
- Refreshes may be scheduled at an arbitrary weekday and time within the month (e.g. second Tuesday between 1pm and 2pm).
- Refreshes may be deferred for up to another month so that missed windows and re-scheduling may happen without strange side effects. For example, if it was scheduled for the first day, and then gets scheduled for the end of the month just before it happens, there may effectively be a two months window without refreshes.
- If the system remains out-of-date after the two months window, the system will start attempting to refresh out of the window.
- That maximum window is reset every time the system is refreshed, so out-of-band updates may performed at a convenient maintenance window.
These changes should greatly improve the behavior when using third-party snaps in servers, while not giving up on the goal of encouraging systems to remain up-to-date and secured.
Please let us know if you have any comments on the topic or the proposed changes.