jstoja
commented
6 years ago Do you mean using a cron to check for security upgrades, or using unattended-upgrades?
Is there packages that shouldn't be updated?
Closed pushcx closed 11 months ago
jstoja
commented
6 years ago Do you mean using a cron to check for security upgrades, or using unattended-upgrades?
Is there packages that shouldn't be updated?
pushcx
commented
6 years ago I didn't have a specific solution in mind, but unattended-upgrades sounds like it would work well for us.
We don't have any packages pinned or anything. I guess the only thing this might block on is #7; unicorn may need to be restarted any time nginx is, I wouldn't want the site going down because nginx updated.
(And thanks for looking over the issues and contributing your thoughts, I appreciate the help.)
jstoja
commented
6 years ago Looking back at this, I think that we should use unattended-upgrades specifying not to upgrade unicorn/nginx/mariadb/... that we should pin at some point.
Github has a feature to subscribe to security alerts on softwares that organizations/projects use, that could probably do the trick to be notified when something's important has come up.
jstoja
commented
3 years ago Hey Peter,
Do you know if this has been worked on since 2018? I still think this package is probably a great fit. Regarding the restart, this might have been solved since puma seems to be currently used. Correct?
Best, Julien
pushcx
commented
11 months ago You’re right, it is the right fit. Done in 1c810d3.
Use
apt-getto automatically install critical security fixes.