lobsters-ansible
lobsters-ansible copied to clipboard
configure automatic security updates
Use apt-get
to automatically install critical security fixes.
Do you mean using a cron to check for security upgrades, or using unattended-upgrades
?
Is there packages that shouldn't be updated?
I didn't have a specific solution in mind, but unattended-upgrades sounds like it would work well for us.
We don't have any packages pinned or anything. I guess the only thing this might block on is #7; unicorn may need to be restarted any time nginx is, I wouldn't want the site going down because nginx updated.
(And thanks for looking over the issues and contributing your thoughts, I appreciate the help.)
Looking back at this, I think that we should use unattended-upgrades
specifying not to upgrade unicorn/nginx/mariadb/... that we should pin at some point.
Github has a feature to subscribe to security alerts on softwares that organizations/projects use, that could probably do the trick to be notified when something's important has come up.
Hey Peter,
Do you know if this has been worked on since 2018? I still think this package is probably a great fit. Regarding the restart, this might have been solved since puma seems to be currently used. Correct?
Best, Julien
You’re right, it is the right fit. Done in 1c810d3.