Tl;dr: Automatic updates on my home server caused 8 hours of downtime of all of renn.es’ docker services including email and public websites

  • ReversalHatchery@beehaw.org
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    1 year ago

    While we are here: what do you think about unattended updates on Debian and such? (as such being derivatives, including Proxmox VE)

    • Yote.zip@pawb.social
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      I think auto-upgrading Debian Stable is probably the one exception I’d make to “no blind upgrades”, though I still don’t feel comfortable recommending it due to potential dependency/apt problems that could somehow happen. In the case of Debian Stable it barely ever has package upgrades anyway so I’d just do it manually once a week and it would take like 30 seconds to grab 4 packages. If you’re public-facing you might want a tighter system for notifying about security upgrades, or just auto-upgrade security patches.