English Spanish
Changes as of Fedora 26
As of Fedora 26 there are now three timers that control dnf-automatic.
`dnf-automatic-download.timer` - Only download
`dnf-automatic-install.timer` - Download and install
`dnf-automatic-notifyonly.timer` - Only notify via configured emitters in `/etc/dnf/automatic.conf`
You can still use `download_updates` and `apply_updates` settings from inside `/etc/dnf/automatic.conf`.
Can we trust DNF updates?
Dnf in Fedora has the GPG key checking enabled by default. Assuming that you have imported the correct GPG keys, and still have `gpgcheck=1` in your `/etc/dnf/dnf.conf`, then we can at least assume that any automatically installed updates were not corrupted or modified from their original state. Using the GPG key checks, there is no way for an attacker to generate packages that your system will accept as valid (unless they have a copy of the *private* key corresponding to one you installed) and any data corruption during download would be caught.
However, the question would also apply to the question of update quality. Will the installation of the package cause problems on your system? This we can not answer. Each package goes through a QA process, and is assumed to be problem free. But, problems happen, and QA can not test all possible cases. It is always possible that any update may cause problems during or after installation.
Why use automatic updates?
The main advantage of automating the updates is that machines are likely to get updated more quickly, more often, and more uniformly than if the updates are done manually. We see too many compromised machines on the internet which would have been safe if the latest updates where installed in a timely way.
So while you should still be cautious with any automated update solution, in particular on production systems, it is definitely worth considering, at least in some situations.
Reasons FOR using automatic updates
While no one can determine for you if your machine is a good candidate for automatic updates, there are several things which tend to make a machine a better candidate for automatic updates.
Some things which might make your machine a good candidate for automatic updates are:
You are unlikely to apply updates manually for whatever reason(s).
The machine is not critical and occasional unplanned downtime is acceptable.
You can live without remote access to the machine until you can get to its physical location to resolve problems.
You do not have any irreplaceable data on the machine, or have proper backups of such data.
If all the above apply to your machine(s), then automatic updates may be your best option to help secure your machine. If not all the above apply, then you will need to weigh the risks and decide for yourself if automatic updates are the best way to proceed.