Is automatic installation of updates from "security" repository a good choice? - please share your experience.

[Rafał Radecki]

Hi All :)

I currently have to implement a solution for checking and/or automatic
installation of security updates on ubuntu servers.
I know that I can check if there are available security updates through
several methods:

1) # unattended-upgrade --dry-run
2) #apt-get -s dist-upgrade | grep "^Inst" | grep -i security"
3) put all security repositories to a dedicated file (for example
/etc/apt/security.sources.list) and run
    #apt-get -u upgrade --assume-no -o
Dir::Etc::SourceList=/etc/apt/security.sources.list

In https://help.ubuntu.com/community/Repositories/Ubuntu it is stated that:

"Important Security Updates (raring-security)". Patches for security
vulnerabilities in Ubuntu packages. They are managed by the Ubuntu Security
Team and are designed to change the behavior of the package as little as
possible -- in fact, the minimum required to resolve the security problem.
As a result, they tend to be very low-risk to apply and all users are urged
to apply security updates."

Do you think that automatic installation of updates available in security
repository is a good choice? I can use any of the commands from 1) to 3)
after disabling dry-run mode for them. What is your experience in this case?

BR,
Rafal.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20150409/7b98643c/attachment.html>