Automatic daily updates for system packages. Automatic daily container updates with watchtower. I normally have things pinned to a reasonable major or minor release, so I do manual upgrades for new OS release branches and usually pin to a major version for Docker containers but depends on the container.

Only mostly when I want to. Which tends to be on Mondays and Saturdays.

I’m running Sid on servers, so automatic updates are actually a risk. Used to be Debian Stable, but maaan the docker and podman improvements… make me drool.

When something doesn’t work. I.e. when an app update causes incompatibility with a service. I think I have one server that’s a few years without an update (distro version may actually be EOL for all I know).

my nixos containers and the podman containers inside them update nightly around 03:00

Monthly unless I learn about a vulnerability that would require it sooner.

Apt update and upgrade happen automatically.

If I have something serious, I will set up automatic upgrades. If short downtimes are ok, also with automatic reboots when the kernel updates.

If it’s not anything serious, whenever I remember to.

Daily on my Gentoo server, through a Cronjob every morning. It’s a custom script though, so there’s more than just doing an emerge update. It’ll send me ntfy notifications for the update results, if there are new news items, and if there are any time config merge updates to make. A few other things as well but that’s the main stuff.

Other servers, typically weekly or only manually when I ssh into them (for the ones I don’t really feel the need to update frequently).

Whenever I ssh into it.

Those apt commands are in a less-good order. It’s usually better to update apt, then upgrade the system.

I upgrade as soon as reasonably possible after the notification appears, if the system isn’t on auto-upgrade.

Every night at ~ 12-1am

unattended updates / transactional-update are awesome.

Stuff has been running for years, and it’s still up to date.

Yum-cron. Daily. Rolling bounce on a schedule.

It has been rock-solid for 20 years, but lennart’s cancer and the growing amount of shite they’re shoveling into EL has caused a few issues here and there with 7, 9 and 10. (Skipped 8 because f that)

But, today, it works. So that’s year 23 and 8 months.

Unattended-upgrade does security-only patching once every 4 hours (in rough sync with my local mirror)

Full upgrades are done weekly, accompanied by a reboot

I find that the split between security patching and feature/bug patching maintains a healthy balance knowing when something is likely to break but never being behind on the latest cve.

When I remember. About once a month.

Well, one of the reasons I’m using debian on my server is so I can kinda forget about it…

I’ll update maybe once a month, or every couple months. I don’t always restart though, so my kernel is probably a bit behind :'D