Regularly update hosts

[keyctl]

We should install security patches regularily, so admins do not have to check manually. This is common practice on Debian servers.

See the wiki for more information.

[Liblor]

Do you know whether apt supports excluding updates that change a certain file? I have to patch a bash script provided by galera in order to have proper TLS verification support ... So this file shouldn't be upgraded...

[keyctl]

Hm, I'm not sure. Maybe we can use apt's hold-feature for this?