I’ve been doing online updates all along. For updates I always restart afterwards. When installing new software though, I almost never reboot. Usually the new installs are one or two packages whereas the updates tend to be 10s (or 100s) of packages at once.
There are a couple of things I never liked about offline updates that have prevented me from ever using them.
Many of the systems I update are remotely-administered servers and I don’t like “going dark”, crossing my fingers and hoping the system comes back up after ??? minutes. Has it been long enough yet? If I force reboot the system right now will I actually make the problem worse and end up with a half-updated system?
The very few times over the last 1.5 or so decades that the online dnf/yum update has failed, I’ve been able to easily recover from the situation only because I was doing an online update. Basically, dnf failed, dropped me to a command prompt with the error displayed at the end, and I corrected the problem (probably with something like
rpm --nodeps -e <whatever> but its been too long since it happened for me to remember for sure) and re-ran the update. With offline updates, none of that would have worked and I probably would have had to physically attend to the system.
The offline updates don’t provide an opportunity to run
rpmconf -a after the updates but before the updated service or command is first run. This is probably a minor issue, but I do always run rpmconf immediately after doing updates but before rebooting. Not running rpmconf can lead to security problems. Until very recently, for example, httpd’s
ssl.conf contained cipher strength requirements that would not get updated unless you ran rpmconf. One really should reconcile their configuration changes before starting the new version of the software.
Chris Murphy recently mentioned a really neat idea on IRC about how online updates could be done without the concern about a the binaries on the file system being temporarily out-of-sync with their in-memory versions. He suggested that, with btrfs, it should be possible to mount a snapshot of the rootfs, do an online update of that (e.g.
dnf --installroot=<snapshot-mountpoint> update) and then reboot to switch to the new snapshot if the update succeeded. FWIW, I think this is a great idea. He also suggested trying to run the updated rootfs in a container or VM to see if it works before rebooting, but I think that is a terrible idea for several reasons (mostly the mess of reconfiguring the host’s networking to do that, but also the myriad problems with determining if the booted system is working as intended).