lobsters-ansible icon indicating copy to clipboard operation
lobsters-ansible copied to clipboard

Published 20 hours ago verified publisher icon lobsters

configure automatic security updates

Open pushcx opened this issue 6 years ago • 4 comments

Use apt-get to automatically install critical security fixes.

pushcx avatar Oct 25 '17 13:10 pushcx

Do you mean using a cron to check for security upgrades, or using unattended-upgrades? Is there packages that shouldn't be updated?

jstoja avatar Oct 26 '17 09:10 jstoja

I didn't have a specific solution in mind, but unattended-upgrades sounds like it would work well for us.

We don't have any packages pinned or anything. I guess the only thing this might block on is #7; unicorn may need to be restarted any time nginx is, I wouldn't want the site going down because nginx updated.

(And thanks for looking over the issues and contributing your thoughts, I appreciate the help.)

pushcx avatar Oct 26 '17 12:10 pushcx

Looking back at this, I think that we should use unattended-upgrades specifying not to upgrade unicorn/nginx/mariadb/... that we should pin at some point. Github has a feature to subscribe to security alerts on softwares that organizations/projects use, that could probably do the trick to be notified when something's important has come up.

jstoja avatar Sep 04 '18 20:09 jstoja

Hey Peter,

Do you know if this has been worked on since 2018? I still think this package is probably a great fit. Regarding the restart, this might have been solved since puma seems to be currently used. Correct?

Best, Julien

jstoja avatar Nov 29 '20 14:11 jstoja

You’re right, it is the right fit. Done in 1c810d3.

pushcx avatar Oct 07 '23 00:10 pushcx