Closed pushcx closed 11 months ago
Do you mean using a cron to check for security upgrades, or using unattended-upgrades
?
Is there packages that shouldn't be updated?
I didn't have a specific solution in mind, but unattended-upgrades sounds like it would work well for us.
We don't have any packages pinned or anything. I guess the only thing this might block on is #7; unicorn may need to be restarted any time nginx is, I wouldn't want the site going down because nginx updated.
(And thanks for looking over the issues and contributing your thoughts, I appreciate the help.)
Looking back at this, I think that we should use unattended-upgrades
specifying not to upgrade unicorn/nginx/mariadb/... that we should pin at some point.
Github has a feature to subscribe to security alerts on softwares that organizations/projects use, that could probably do the trick to be notified when something's important has come up.
Hey Peter,
Do you know if this has been worked on since 2018? I still think this package is probably a great fit. Regarding the restart, this might have been solved since puma seems to be currently used. Correct?
Best, Julien
You’re right, it is the right fit. Done in 1c810d3.
Use
apt-get
to automatically install critical security fixes.