You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2024-04-13 13:06:07
- Kiergan
- Member
- Registered: 2017-05-31
- Posts: 11
should I use unattended-upgrades?
Hello everyone,
I run a few servers on Devuan, for fun, mostly.
It has come to my attention that there is such a thing as unattended-upgrades, mostly via the Ubuntu-people where it is pre-installed.
My question: Is this a good practice, to run this on my servers?
Normally I like to see what gets installed and not run anything that is not needed.
I do not run testing, just standard stuff, so that exploit of late, that affected some ssh-stuff would not have had any impact anyway.
O.t.o.h. some servers are off-site and a wrong update that somehow prevents me from logging in remotely would be quite inconvenient.
Love to see your thoughts on this.
-greetings
Offline
#2 2024-04-13 15:40:23
- Andre4freedom
- Member
- Registered: 2017-11-15
- Posts: 142
Re: should I use unattended-upgrades?
Just my 2 cents:
I would stay away from automatic updates, most certainly avoid them on servers.
To run stable is a very good thing.
Not too long ago there came a kernel update - one which had to be corrected rapidly after detecting a regression or security-problem. The corrected kernel was available some 2 or 3 days afterwards.
So doing updates manually and periodically, you have a chance to avoid these kind of problems. I suggest to follow the dev1galaxy forum and act sensibly. That's what I do.
On remote servers, one will be sure the updates are right and work well. So a test on a local server beforehand is advised.
Offline
#3 2024-04-14 17:17:15
- Kiergan
- Member
- Registered: 2017-05-31
- Posts: 11
Re: should I use unattended-upgrades?
Thanks for your reply.
So I will leave it for the time being.
So a test on a local server beforehand is advised.
Yes, I do that always.
Offline
#4 2024-04-15 12:15:39
- steve_v
- Member
- Registered: 2018-01-11
- Posts: 343
Re: should I use unattended-upgrades?
FWIW, I've been running unattended-upgrades on several machines for over a decade, and have no significant borkage (aside from a recent Devuan identity-crisis SNAFU with unattended-upgrades itself) to report.
Then again, the only machines I don't have convenient physical access to have IMPI. If SSH was the only way I could administer a box, I'd likely be doing updates manually... Or at least restricting unattended-upgrades so it doesn't touch anything critical.
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.
Offline
Pages: 1
