On Wed, Oct 07, 2020 at 10:10:57AM -0000, Julian Andres Klode wrote:
> We could mark bootloader packages as Protected: yes (Important: yes
> before groovy). That would not only prevent autoremoval, it would also
> add another step to manual removal as it triggers the same removal
> prompts as essential packages.
> Arguably top-level kernel packages, oem metapackages should have those
> set too.
I'm not sure it's a good idea to use this for kernel packages since it makes
it more difficult to change kernel flavors. It would definitely have
knock-on effects on various image build infrastructure.
But setting this for shim-signed and grub-pc sounds like a good idea to me.
On Wed, Oct 07, 2020 at 10:10:57AM -0000, Julian Andres Klode wrote:
> We could mark bootloader packages as Protected: yes (Important: yes
> before groovy). That would not only prevent autoremoval, it would also
> add another step to manual removal as it triggers the same removal
> prompts as essential packages.
> Arguably top-level kernel packages, oem metapackages should have those
> set too.
I'm not sure it's a good idea to use this for kernel packages since it makes
it more difficult to change kernel flavors. It would definitely have
knock-on effects on various image build infrastructure.
But setting this for shim-signed and grub-pc sounds like a good idea to me.