Or asked the other way around: How long do you keep your servers running without installing any software updates?
update means something like
sudo dnf update
or something …
apt-get upgrade
apt-get update
Or asked the other way around: How long do you keep your servers running without installing any software updates?
update means something like
sudo dnf update
or something …
apt-get upgrade
apt-get update
Unattended-upgrade does security-only patching once every 4 hours (in rough sync with my local mirror)
Full upgrades are done weekly, accompanied by a reboot
I find that the split between security patching and feature/bug patching maintains a healthy balance knowing when something is likely to break but never being behind on the latest cve.
For me, unattended-upgrade does it’s thing. Updating other packages happens whenever I think about it. Very few things are not containerized and there’s very little added beyond the base Debian install, so when I do update its maybe a dozen packages.
I would previously reboot during thunderstorms if we lost power, but now that I’ve got a UPS I probably ought to come up with a different plan.