Question about Arch Linux packages updating

Debian and Ubuntu have the unattended-upgrades package which is handy for if you have more than just a handful of virtual servers to deal with. You can easily configure it to perform security updates nightly. Does Arch Linux have something similar ?

@nutomic
admin
310M

pacman -Syu in crontab? But seriously, why do you run Arch on production servers?

@ajz
creator
3
edit-2
10M

Because you can. Hetzner even has an official (supported) install script for Arch Linux via the rescue mode. It is a myth that Debian is rock solid regarding security. Backporting is not the holy grail. e.g. Years ago in Debian they made a policy change for the Wordpress packages because they could no longer cope with backporting it, so they are following upstream more closely. Then there is the imfamous SSL package disaster with Debian from years ago.

Dessalines
admin
210M

This one says you really shouldn’t do it, but there is a command in there.

@ajz
creator
210M

thanks :)

@Herbstein
210M

To echo what nutomic said, most of our production servers at work are either Debian Stretch (some old Jessie systems are still sitting around though) or Windows Server 2016 and 2019. Running a bleeding edge distro on production is risky at best.

@ajz
creator
1
edit-2
10M

There is servers and there is vservers and containers. I am not sure what Debian LTS involves regarding security updates, as it does not concern all packages. https://endoflife.software/operating-systems/linux/debian#9-0 For vservers running one service it is totally fine to follow upstream. And for servers I see no security cons.

A loosely moderated place to ask open ended questions

If your post is

  1. Open ended
  2. Not offensive

it’s welcome here!

  • 0 users online
  • 25 users / day
  • 73 users / week
  • 252 users / month
  • 454 users / 6 months
  • 1421 subscribers
  • 393 Posts
  • 4707 Comments
  • Modlog