Tl;dr: Automatic updates on my home server caused 8 hours of downtime of all of renn.es’ docker services including email and public websites

    • Unattended updates are 10x better because those programs allow you to only do security updates. Plus they are much more stable, and something like this would never happen on a stable distro.

    •  Yote.zip   ( @yote_zip@pawb.social ) 
      link
      fedilink
      English
      3
      edit-2
      1 year ago

      I think auto-upgrading Debian Stable is probably the one exception I’d make to “no blind upgrades”, though I still don’t feel comfortable recommending it due to potential dependency/apt problems that could somehow happen. In the case of Debian Stable it barely ever has package upgrades anyway so I’d just do it manually once a week and it would take like 30 seconds to grab 4 packages. If you’re public-facing you might want a tighter system for notifying about security upgrades, or just auto-upgrade security patches.