Tl;dr: Automatic updates on my home server caused 8 hours of downtime of all of renn.es’ docker services including email and public websites

  • ReversalHatchery@beehaw.org
    link
    fedilink
    arrow-up
    6
    ·
    edit-2
    1 year ago

    While we are here: what do you think about unattended updates on Debian and such? (as such being derivatives, including Proxmox VE)

    • tarneoOP
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      Unattended updates are 10x better because those programs allow you to only do security updates. Plus they are much more stable, and something like this would never happen on a stable distro.

    • Yote.zip@pawb.social
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      1 year ago

      I think auto-upgrading Debian Stable is probably the one exception I’d make to “no blind upgrades”, though I still don’t feel comfortable recommending it due to potential dependency/apt problems that could somehow happen. In the case of Debian Stable it barely ever has package upgrades anyway so I’d just do it manually once a week and it would take like 30 seconds to grab 4 packages. If you’re public-facing you might want a tighter system for notifying about security upgrades, or just auto-upgrade security patches.