14
Automatic updates: a cautionary tale
(tarneo.fr)
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Beginning of January 1st 2024 this rule WILL be enforced. Posts that are not tagged will be warned and if not fixed within 24h then removed!
While we are here: what do you think about unattended updates on Debian and such? (as such being derivatives, including Proxmox VE)
Unattended updates are 10x better because those programs allow you to only do security updates. Plus they are much more stable, and something like this would never happen on a stable distro.
I think auto-upgrading Debian Stable is probably the one exception I'd make to "no blind upgrades", though I still don't feel comfortable recommending it due to potential dependency/apt problems that could somehow happen. In the case of Debian Stable it barely ever has package upgrades anyway so I'd just do it manually once a week and it would take like 30 seconds to grab 4 packages. If you're public-facing you might want a tighter system for notifying about security upgrades, or just auto-upgrade security patches.