Or asked the other way around: How long do you keep your servers running without installing any software updates?
update means something like
sudo dnf update
or something …
apt-get upgrade
apt-get update
When I remember. About once a month.
Same here. No auto updates, no touching of a stable system without my manual intervention. 😅
Last thing I need in my life is a broken system at home when I don’t have time for it!
Apt update and upgrade happen automatically.
I do it every 3 to 5 days. I usually do it when I have time to fix things if it goes south.
All services are dockerized, updated nightly.
Server OS runs a kernel-patch service for real time exploit patching.
All other updates as soon as they appear.
Yeah, sometimes I’ll need to go in a repair - but that’s way better than having to clean up after having been exploited due to not keeping up on security patches.
Automatic upgrades handle the security patches. Everything else maybe once a month. My big services like Nextcloud auto update as well.
Well, one of the reasons I’m using debian on my server is so I can kinda forget about it…
I’ll update maybe once a month, or every couple months. I don’t always restart though, so my kernel is probably a bit behind :'D
I use Debian stable and subscribe to the debian-security-announce mailing list, so I update each time I get an email from it.
This is the way. (At least for a server)
That’s… Not how it works… Debian is “stable” not “secure”. You use Debian so that is easier to run updates frequently since they’ll be unlikely to break things.
If I wanted to run updates frequently I would run arch lmao. Even if I did apt update every day, debian stable doesn’t get that many updates.
I could just run auto-update but meh.
If I wanted to run updates frequently I would run arch lmao. Even if I did apt update every day, debian stable doesn’t get that many updates.
You’re not updating for features you’re updating for bug and security fixes. That’s why Debian stable doesn’t have many updates. But the ones they do are typically important.
Yeah, I know. Until I get ransomware’d and my nudes leaked, I won’t care 💅🏻✨
Clearly you don’t know.
I guess people smoke because they don’t know smoking causes cancer ;3
Are you talking about desktop use?
lol. Same issue for me. I run it for months, and surprisingly (for me) nothing breaks at all.
But fucking ssh shows warnings regarding some “post quantum crypto” stuff; recommending software update, that was not there before lol.
Every day or at least once a week. Should automate it.
Probably every 2 months. When I have a day off work with nothing to do. I have a few VMs that are more fragile than I want to admit and if something breaks I want to have time to tinker instead of just restoring a backup.
If I have something serious, I will set up automatic upgrades. If short downtimes are ok, also with automatic reboots when the kernel updates, but if they are not, with notifications that I should go reboot them.
If it’s not anything serious, whenever I remember to.
Monthly unless I learn about a vulnerability that would require it sooner.
Got apticron set up on my servers or similar solutions to get notified when updates are available. Then usually, from time of notification +1 or 2 days.
Yum-cron. Daily. Rolling bounce on a schedule.
It has been rock-solid for 20 years, but lennart’s cancer and the growing amount of shite they’re shoveling into EL has caused a few issues here and there with 7, 9 and 10. (Skipped 8 because f that)
But, today, it works. So that’s year 23 and 8 months.
everyday to once a month, depending how often I use the server
IME usually waiting longer to apply larger updates causes more issues than smaller and more frequent ones
On Alpine Linux I update my two Pi servers at 2 in the morning daily. It’s simpler compared to Debian which needs unattended-updates. Just add
apk update && apk upgradeto a cron job and you’re good to go.I only have three docker services which is simple enough to update manually.
I like to keep things as simple as possible for my already chaotic brain.
Be careful with unattended upgrades, even on alpine. A recent breaking change in python3 broke my alpine 23 ansible instance. Thankfully I have backups, but if you’re going to automate the upgrade, you should automate tests as well.
My web facing server has just enough packages installed to (kinda securely) host a Caddy and Kiwix docker container to work with my domain name and make a comfortable work environment through SSH. My Pi for my HomeAssistant docker container has less because it’s locked down to just my local network.
I also wrote my own install scripts so reinstalling everything and getting it back to a running state would take about 15 minutes for each device.
And I also wrote my own backup/restore scripts that evolved over 3/4 of a year. I use them often so I have confidence in those scripts.
I personally don’t really care too much. I have multiple ways of dealing with issues for something that’s a hobby to me. Which is why I stick to simplicity.
I’m sure this is a thing for people to worry about when dealing with more complex setups. I just wanna vibe out in my tiny corner of the internet.
To make it even simpler,
apk -U upgradeapkseems to have some tricks in there that aren’t as well known.I managed to catch in the IRC channel that
apk add docwill automatically download any related man pages for packages with any future downloads throughapk. That made life a bit more convenient instead of downloading all those packages separately.
On my ubuntu I use unattended updates but that doesn’t work reliably. I have to update it manually most of the time. Once every other month.
On my fedora server it auto updates every day at 4 reliably.
The next server is going to be atomic such that the server restart is even shorter (not that I would care about it at 4).
