Selfhosted

Whenever I ssh into it.

Those apt commands are in a less-good order. It's usually better to update apt, then upgrade the system.

I upgrade as soon as reasonably possible after the notification appears, if the system isn't on auto-upgrade.

podman quadlets with auto updates running on opensuse microos

im not yet self hosting a ton of services tho

Every night at ~ 12-1am

unattended updates / transactional-update are awesome.

Stuff has been running for years, and it's still up to date.

I run Ubuntu Server 24.04 LTS with k3s. I update my container versions every few months, though not everything I’m running all at once. I update the actual system packages via apt maybe once a year and end up nuking and re-installing everything every couple years on average. I deliberately block all inbound WAN traffic in my firewall and use k8s network policies to aggressively limit egress WAN connections because I’m aware that I’m bad about keeping things up to date.

Weekly. Cronjob.

maybe like once in 3 months. i usually update when i need to setup something new on the server that needs to install new packages.

Unattended-upgrade does security-only patching once every 4 hours (in rough sync with my local mirror)

Full upgrades are done weekly, accompanied by a reboot

I find that the split between security patching and feature/bug patching maintains a healthy balance knowing when something is likely to break but never being behind on the latest cve.

On Windows, almost never since it was a disruptive shitshow. Now that I've got everything running Linux it's weekly. Often sooner if I happen to be remoting in and manually update.

When I remember. About once a month.

Well, one of the reasons I'm using debian on my server is so I can kinda forget about it...

I'll update maybe once a month, or every couple months. I don't always restart though, so my kernel is probably a bit behind :'D

Anything exposed to the internet gets a daily / weekly update, depending on how exposed it is, how stable the updates are and how critical a breach would be. For example nginx would be a daily update.

Anything behind a vpn gets a more random update schedule mostly based on when I feel like it (probably around once a month or every other month)

Once a week. I have a bash script that does an apt update upgrade and pulls new docker images.

Usely every 3/4 months roughly. I try to remeber to update. The base. Server. And docker based things! /webserices. I update. Sparingly. Every few new versions. As I am the only user of my server. I don't have a high need to update. So I update only if a new future. Is added or a mayor bug /security patch.

Every couple of days. I don't auto-update, but I've streamlined the process to the point that I can just open a single web page and see the number of pending updates for every system on my network, docker containers included, each one with a button. Clicking the button applies the update and reboots if necessary. So it takes about 15 seconds of effort to update everything, which is why I don't mind doing it so often.

I do it every 3 to 5 days. I usually do it when I have time to fix things if it goes south.

First Friday of the month. Easy to remember.

everyday to once a month, depending how often I use the server

IME usually waiting longer to apply larger updates causes more issues than smaller and more frequent ones

Probably every 2 months. When I have a day off work with nothing to do. I have a few VMs that are more fragile than I want to admit and if something breaks I want to have time to tinker instead of just restoring a backup.

I SSH in and run an update manually, once a week.

I'm not knowledgable and comfortable enough to let updates happen automatically and feel like I could trust it to keep running. Not yet, anyway.

Edit: But at some point I might do what another commenter said and make sure security updates run automatically and check other updates weekly.

Using nix :P

I update the flake every now and then via nix flake updated and then do a rebuild

Gentooer here. Emerge sync &; world daily at night.

Weekly a manual check for stuff that doesn't autoupdate for reasons.

Monthly / biweekly podman compose pull for containers. Manual, because i don't trust that kind of autoupdate.

Edit: opnSense updates are manual only when I remember because if it breaks, I must be at home to fix it or i lose remote access and that's bad.

@PlanterTree Systems facing public internet, security updates are applied daily automatically.

On Alpine Linux I update my two Pi servers at 2 in the morning daily. It's simpler compared to Debian which needs unattended-updates. Just add apk update && apk upgrade to a cron job and you're good to go.

I only have three docker services which is simple enough to update manually.

I like to keep things as simple as possible for my already chaotic brain.

Almost everything I have runs Debian or NixOS, so…….. once a month? Except for VMs I’m playing around with, which usually get updated every time I log into them, or instal stuff.

All services are dockerized, updated nightly.

Server OS runs a kernel-patch service for real time exploit patching.

All other updates as soon as they appear.

Yeah, sometimes I'll need to go in a repair - but that's way better than having to clean up after having been exploited due to not keeping up on security patches.

On my ubuntu I use unattended updates but that doesn't work reliably. I have to update it manually most of the time. Once every other month.

On my fedora server it auto updates every day at 4 reliably.

The next server is going to be atomic such that the server restart is even shorter (not that I would care about it at 4).

Automatic upgrades handle the security patches. Everything else maybe once a month. My big services like Nextcloud auto update as well.

Depends, on how critical something is...since we deal with servers / customers at work that often are purposely not adjusted for years...because introducing a different behaviour (even if better) would grind production to a halt, I take a not careful approach.

I was using OpenSUSE Leap, and with zypper you can review which patches are available, whether they are critical or run recommended or not needed. You can then apply which specific patch you want be CVE if necessary.

But with Leap's path seaming messy at the moment, I moved to Tumbleweed, since you have snapshotying built in. If an update did mess something up you just rollback to the previous snapshot and in less than a minute it is fixed

Mine is set to update all the stuff I use, and the OS, automatically whenever an update is available. 🤷‍♂️