The officially official Devuan Forum!

You are not logged in.

#1 2024-04-13 13:06:07

Kiergan
Member
Registered: 2017-05-31
Posts: 11  

should I use unattended-upgrades?

Hello everyone,

I run a few servers on Devuan, for fun, mostly.
It has come to my attention that there is such a thing as unattended-upgrades, mostly via the Ubuntu-people where it is pre-installed.

My question: Is this a good practice, to run this on my servers?
Normally I like to see what gets installed and not run anything that is not needed.

I do not run testing, just standard stuff, so that exploit of late, that affected some ssh-stuff would not have had any impact anyway.
O.t.o.h. some servers are off-site and a wrong update that somehow prevents me from logging in remotely would be quite inconvenient.

Love to see your thoughts on this.

-greetings

Offline

#2 2024-04-13 15:40:23

Andre4freedom
Member
Registered: 2017-11-15
Posts: 148  

Re: should I use unattended-upgrades?

Just my 2 cents:
I would stay away from automatic updates, most certainly avoid them on servers.
To run stable is a very good thing.
Not too long ago there came a kernel update - one which had to be corrected rapidly after detecting a regression or security-problem. The corrected kernel was available some 2 or 3 days afterwards.
So doing updates manually and periodically, you have a chance to avoid these kind of problems. I suggest to follow the dev1galaxy forum and act sensibly. That's what I do.
On remote servers, one will be sure the updates are right and work well. So a test on a local server beforehand is advised.

Offline

#3 2024-04-14 17:17:15

Kiergan
Member
Registered: 2017-05-31
Posts: 11  

Re: should I use unattended-upgrades?

Thanks for your reply.
So I will leave it for the time being.

So a test on a local server beforehand is advised.

Yes, I do that always.

Offline

#4 2024-04-15 12:15:39

steve_v
Member
Registered: 2018-01-11
Posts: 356  

Re: should I use unattended-upgrades?

FWIW, I've been running unattended-upgrades on several machines for over a decade, and have no significant borkage (aside from a recent Devuan identity-crisis SNAFU with unattended-upgrades itself) to report.
Then again, the only machines I don't have convenient physical access to have IMPI. If SSH was the only way I could administer a box, I'd likely be doing updates manually... Or at least restricting unattended-upgrades so it doesn't touch anything critical.


Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.

Offline

Board footer