Alternative

[lahdekorpi]

This is just an alternative idea, but instead of adding all of the repositories into Unattended-Upgrade::Allowed-Origins you could instead just add a wildcard to update everything: "*:*" and use Unattended-Upgrade::Package-Blacklist for everything you don't want automatically updated.

[abhigenie92]

Thanks for the suggestions! Yeah, you could do that too. The downside may be unattended consequences once you have new packages or need help tracking the subtraction of the two sets. Therefore, limiting the tool to the current approach. Thanks for the suggestion, though!