Strategy to deal with Canonical's increasingly poor QA?

Question

My installed (local or obsolete) category is filling up because Canonical lately has been pushing out updates and then pulling them back. It's happened with two kernels in the recent past and it happened again with cups this morning. I've been using Ubuntu for about three years now and I do not remember this happening as often as it has this year.

So, how to rationally deal with this?

I thought about only installing updates once per week, but that would not protect against grabbing that bad update that they pushed out right before I checked that week.

Is a good strategy to only install updates on the weekend? It seems that system updates are not often pushed out on weekends. I suppose they could push a bad update on Friday afternoon and pull it on Monday morning.

Or, somehow not install updates until they have been pushed out for a certain time period - like two days? Is there an automated way to do that?

Edit: One of the affected systems runs Lubuntu 16.04 with the linux-generic kernel, the other runs Lubuntu 16.04 with the linux-generic-hwe-16.04 kernel. Both were affected by a cups version 2.13-4ubuntu0.2 update that was pushed out and then pulled back on March 27th, 2017. The linux-generic machine received a kernel update version 4.4.0.67.12 that was subsequently pulled back. This update also orphaned snapd version 2.23.1 The linux-generic-hwe-16.04 machine received a kernel version 4.8.0.42.14 that was then orphaned.

Answer 1

The drastic alternative is to switch to Debian Stable, rather than any *buntu or derivative thereof, because Debian Stable has been through its full QA process, whereas Ubuntu is derived from Debian Testing, which has some way to go before it becomes Stable.

Almost all knowledge is directly transferable, but Debian will not give you all the latest cosmetic "bells and whistles". However, it has more packages in its repository...

I switched to Debian, in my case with KDE, coming from Kubuntu, about 5 years ago, having had similar problems. But it comes down to personal choice.

Answer 2

Roll back a package update to an older version

If you have the version number, or the target release, apt-get supports choosing a particular version or target release.

1. Install aptitude

   sudo apt-get install aptitude
   

2. Show old versions of the package.

   aptitude versions <package-name> | less # use less to display only the top of the list of versions
   

3. Roll back the selected package to an older version.

   sudo apt-get -t=<target release> install <package-name>  # target release is old version
   

4. Uninstall the bad update of the selected package.

   sudo apt-get -t=<target release> remove <package-name> # target release is new version
   

5. Prevent the rolled back package version from being automatically updated using apt-mark hold. apt-mark hold is used to mark a package as held back, which will prevent the package from being automatically installed, upgraded or removed.

   sudo apt-mark hold <package-name>  
   

Roll back a kernel update to an older version

Follow the same steps as in the preceding section except that you have to follow the additional steps of testing that you still have a kernel version installed that works before uninstalling the broken kernel package. Unfortunately this requires rebooting the system. I'm sorry about the rebooting, because I know this can be bothersome and time-consuming when you are maintaining multiple systems.

---

aptitude versions <package-name> does not show all currently installed kernel versions, however you can show all currently installed kernel versions with this command:

dpkg-query -W -f='${Package}\n' | grep -f <(ls -1 /boot/vmlinuz* | cut -d- -f2,3)  

The results of this command will list the package names of all the non-working kernel packages which should be uninstalled.

After you uninstall the packages that belong to the non-working kernel version, you will get this message:

The link /vmlinuz.old is a damaged link
Removing symbolic link vmlinuz.old 
 you may need to re-run your boot loader[grub]

This message is shown because vmlinuz.old is linked to removed files, so you need to update grub by running this command:

sudo update-grub

Answer 3

Your best strategy, like any OS, is to check for updates a minimum of once per day.

From a security point of view, it is unrealistic for a single user to run on delayed updates while they are individually tested and prioritised. And an urgent update is always more important than a pulled one.

Therefore, unless you have the time on your hands to investigate every update, the best strategy is to apply the updates as they are released, even if this results in many pulled updates. These can always be cleaned up later.

As a backup strategy, you should always... backup! Backup often, backup everything. Bad updates is one of the reasons for this. This is especially handy if you keep your important documents in the cloud.

EDIT: My answer is based on the assumption that you are a single person with at-home personal computers.