Or asked the other way around: How long do you keep your servers running without installing any software updates?

update means something like

sudo dnf update

or something …

apt-get upgrade
apt-get update
  • jbk@discuss.tchncs.deEnglish
    2·
    5 hours ago

    podman quadlets with auto updates running on opensuse microos

    im not yet self hosting a ton of services tho

  • melfie@lemy.lolEnglish
    3·
    6 hours ago

    I run Ubuntu Server 24.04 LTS with k3s. I update my container versions every few months, though not everything I’m running all at once. I update the actual system packages via apt maybe once a year and end up nuking and re-installing everything every couple years on average. I deliberately block all inbound WAN traffic in my firewall and use k8s network policies to aggressively limit egress WAN connections because I’m aware that I’m bad about keeping things up to date.

  • mjr@infosec.pubEnglish
    42·
    12 hours ago

    Those apt commands are in a less-good order. It’s usually better to update apt, then upgrade the system.

    I upgrade as soon as reasonably possible after the notification appears, if the system isn’t on auto-upgrade.

  • dust_accelerator@discuss.tchncs.deEnglish
    281·
    12 hours ago

    Every night at ~ 12-1am

    unattended updates / transactional-update are awesome.

    Stuff has been running for years, and it’s still up to date.

    • DasFaultier@sh.itjust.worksEnglish
      2·
      7 hours ago

      This is the way! At least install security upgrades nightly using unattended-upgrades and reboot from time to time to get the latest Kernel version.

    • gopher@programming.devEnglish
      2·
      7 hours ago

      Once per week for me. Works really great on openSUSE MicroOS. Had to roll back maybe a couple of times the last few years.

      That said, I run basically everything in containers so the OS installed things are lean.

  • hexagonwin@lemmy.sdf.orgEnglish
    3·
    7 hours ago

    maybe like once in 3 months. i usually update when i need to setup something new on the server that needs to install new packages.

  • Sir_Kevin@lemmy.dbzer0.comEnglish
    4·
    8 hours ago

    On Windows, almost never since it was a disruptive shitshow. Now that I’ve got everything running Linux it’s weekly. Often sooner if I happen to be remoting in and manually update.

  • Dran@lemmy.worldEnglish
    18·
    12 hours ago

    Unattended-upgrade does security-only patching once every 4 hours (in rough sync with my local mirror)

    Full upgrades are done weekly, accompanied by a reboot

    I find that the split between security patching and feature/bug patching maintains a healthy balance knowing when something is likely to break but never being behind on the latest cve.

    • cenzorrll@piefed.caEnglish
      1·
      6 hours ago

      For me, unattended-upgrade does it’s thing. Updating other packages happens whenever I think about it. Very few things are not containerized and there’s very little added beyond the base Debian install, so when I do update its maybe a dozen packages.

      I would previously reboot during thunderstorms if we lost power, but now that I’ve got a UPS I probably ought to come up with a different plan.

  • MTK@lemmy.worldEnglish
    1·
    6 hours ago

    Anything exposed to the internet gets a daily / weekly update, depending on how exposed it is, how stable the updates are and how critical a breach would be. For example nginx would be a daily update.

    Anything behind a vpn gets a more random update schedule mostly based on when I feel like it (probably around once a month or every other month)

  • Sneezycat@sopuli.xyzEnglish
    14·
    12 hours ago

    Well, one of the reasons I’m using debian on my server is so I can kinda forget about it…

    I’ll update maybe once a month, or every couple months. I don’t always restart though, so my kernel is probably a bit behind :'D

    • atzanteol@sh.itjust.worksEnglish
      51·
      11 hours ago

      That’s… Not how it works… Debian is “stable” not “secure”. You use Debian so that is easier to run updates frequently since they’ll be unlikely to break things.

      • Sneezycat@sopuli.xyzEnglish
        11·
        10 hours ago

        If I wanted to run updates frequently I would run arch lmao. Even if I did apt update every day, debian stable doesn’t get that many updates.

        I could just run auto-update but meh.

        • atzanteol@sh.itjust.worksEnglish
          3·
          7 hours ago

          If I wanted to run updates frequently I would run arch lmao. Even if I did apt update every day, debian stable doesn’t get that many updates.

          You’re not updating for features you’re updating for bug and security fixes. That’s why Debian stable doesn’t have many updates. But the ones they do are typically important.

          • Sneezycat@sopuli.xyzEnglish
            1·
            7 hours ago

            No, my home server. My desktop and laptop both have arch, because I do interact with them more often.

    • PlanterTree@discuss.tchncs.deOPEnglish
      4·
      12 hours ago

      lol. Same issue for me. I run it for months, and surprisingly (for me) nothing breaks at all.

      But fucking ssh shows warnings regarding some “post quantum crypto” stuff; recommending software update, that was not there before lol.

  • ilco@feddit.nlEnglish
    1·
    7 hours ago

    Usely every 3/4 months roughly. I try to remeber to update. The base. Server. And docker based things! /webserices. I update. Sparingly. Every few new versions. As I am the only user of my server. I don’t have a high need to update. So I update only if a new future. Is added or a mayor bug /security patch.

  • slazer2au@lemmy.worldEnglish
    8·
    12 hours ago

    Once a week. I have a bash script that does an apt update upgrade and pulls new docker images.