Can updating Fedora (Workstation) once a week be considered as sufficient?

Ask Fedora
, , ,
1

I’ve configured dnf-automatic to download & install system updates weekly, restart the computer when needed (in /etc/dnf/automatic.conf), fittingly on early Saturday morning. In the past I had daily security updates set up (separately), but the arrangement felt arduous since any kernel updates necessitate rebooting to my knowledge.

Flatpack and Python packages are updated after the system has rebooted (see this comment of mine for spawning a shell at boot on Gnome).

flatpak remove --unused && flatpak update -y
pipx upgrade-all

my dnf-automatic.timer for reference:

# /etc/systemd/system/dnf-automatic.timer
[Unit]
Description=dnf-automatic timer
# See comment in dnf-makecache.service
ConditionPathExists=!/run/ostree-booted
Wants=network-online.target

[Timer]
OnCalendar=Sat *-*-* 3:00:00
RandomizedDelaySec=60m
Persistent=true

[Install]
WantedBy=timers.target
2

There is no “one size fits all” updating policy. At the very least you need to watch for “emergency” updates or mitigations for actively exploited bugs. The problem is that many of these bugs may not apply to your use case. Although

It is also arduous to find and read the relevant details of the security issues – for most people it is easier to just reboot.

You have to make your own risk assessment. There are sites that provide timely announcements, such as Linux Security Fedora Advisories, but there are often multiple advisories per day many of which may not apply to your use cases.

2 Likes