| ▲ | otterley 5 days ago | |||||||
> so minor versions should be fine to auto update The problem is that "should" assumes that point releases never introduce regressions (whether they be security, performance, or correctness). Unfortunately, history has shown that regressions can and do happen. The best practice for release engineering (CI/CD, if you will) is to assume the worst, test thoroughly, and release incrementally (include bake time). Delaying updates isn't just a backstop against security vulnerabilities; it's useful for letting the dust settle after an update of any kind that can adversely impact the application. The theory is that someone will find it before you, report it, and that a fix will be issued. | ||||||||
| ▲ | ozim 5 days ago | parent [-] | |||||||
Regressions are irrelevant in this context, you can accept regressions as something you will deal with in case those happen or not. Simply installing update automatically you get pwned by bad guys, someone taking over your CI/CD server or infrastructure is not something acceptable. | ||||||||
| ||||||||