Auto update means stuff breaks when I’m not looking.
Better to have a managed update process where I sit down, do am update, verify things work.
I get business has a different risk model that drives auto update there. Tens/hundreds/thousands of machines represent a massive risk canvas, and support for things not working is already baked into IT services.
I do (most) of my autoupdates on Sunday at 4am, that way if things break it happens on an expected schedule. My manual updates like proxmox too, once I’m awake. Game servers are daily though, since stuff can break if client/server aren’t on the same version.
I had Vaultwarden push an update a couple of years ago that broke it, and I had daily autoupdates on (watchtower) so for an hour I was panicking about what happened. That’s how I switched to my mostly-weekly system, with critical vulnerability updates done manually on release.
i would just un-update it and only update when im ready to tweak the config
And this is my argument against auto update.
Auto update means stuff breaks when I’m not looking.
Better to have a managed update process where I sit down, do am update, verify things work.
I get business has a different risk model that drives auto update there. Tens/hundreds/thousands of machines represent a massive risk canvas, and support for things not working is already baked into IT services.
I do (most) of my autoupdates on Sunday at 4am, that way if things break it happens on an expected schedule. My manual updates like proxmox too, once I’m awake. Game servers are daily though, since stuff can break if client/server aren’t on the same version.
I had Vaultwarden push an update a couple of years ago that broke it, and I had daily autoupdates on (watchtower) so for an hour I was panicking about what happened. That’s how I switched to my mostly-weekly system, with critical vulnerability updates done manually on release.
Oh, well you see with Vaultwarden what you do is just don’t update it until you’re forced to because the clients stop being able to talk to it. ;)