Enable Ubuntu automatic updates #295
Comments
|
If you select the "enhanced server security" option, then this feature is turned on. Using unattended-upgrades has been known to cause OOM errors on 512mb cloud VMs and lock up the machine. |
|
So this issue becomes: should we enable unattended-upgrades by default? That depends on how likely it is that a remotely exploitable issue with any real user impact will present itself in OpenSSH or strongSwan over the average lifetime of an Algo install (which seems relatively short for the most part). Right now I lean on the side of not turning it on by default and keeping the existing behavior of only turning it on when the user selects "enhanced server security" during the installation process. I think the risk of a remotely exploitable flaw in either of those services are very low, especially when weighed against the reduced/hardened configurations and the risk of crashing an install due to an out of memory error. |
For long running server instances, it might make sense to have ubuntu automatically update and install new packages. Documentation for this is in https://help.ubuntu.com/lts/serverguide/automatic-updates.html
The text was updated successfully, but these errors were encountered: