English Spanish
Reasons AGAINST using automatic updates
While no one can determine for you if your machine is a bad candidate for automatic updates, there are several things which tend to make a machine a worse candidate for automatic updates.
Some things which might make your machine be a bad candidate for automatic updates are:
It provides a critical service that you don't want to risk having unscheduled downtime.
You installed custom software, compiled software from source, or use third party software that has strict package version requirements.
You installed a custom kernel, custom kernel modules, third party kernel modules, or have a third party application that depends on kernel versions (this may not be a problem if you exclude kernel updates, which is the default in Fedora `dnf.conf` files). (See also https://bugzilla.redhat.com/show_bug.cgi?id=870790[bug #870790] - you may need to modify the base section to add `exclude=kernel*`.)
Your environment requires meticulous change-control procedures.
You update from other third party DNF repositories besides Fedora (core, extras, legacy), repositories which may conflict in versioning schemes for the same packages.
There are also some other reasons why installing automatic updates without testing may be a bad idea. A few such reasons are:
The need to back up your configuration files before an update. Even the best package spec files can have mistakes. If you have modified a file which is not flagged as a configuration file, then you might lose your configuration changes. Or an update may have a different format of configuration file, requiring a manual reconfiguration. It is often best to back up your configuration files before doing updates on critical packages such as mail, web, or database server packages.
Unwanted side effects. Some packages can create annoying side effects, particularly ones which have cron jobs. Updates to base packages like openssl, openldap, sql servers, etc. can have an effect on many other seemingly unrelated packages.
Bugs. Many packages contain buggy software or installation scripts. The update may create problems during or after installation. Even cosmetic bugs, like those found in previous Mozilla updates causing the user's icons to be removed or break, can be annoying or problematic.
Automatic updates may not complete the entire process needed to make the system secure. For example, DNF can install a kernel update, but until the machine is rebooted (which DNF will not do automatically) the new changes won't take effect. The same may apply to restarting daemons. This can leave the user feeling that he is secure when he is not.
Best practices when using automatic updates
If you decide to use automatic updates, you should at least do a few things to make sure you are up-to-date.
Check for package updates which have been automatically performed, and note if they need further (manual) intervention. You can monitor what DNF has updated via its log file (usually `/var/log/dnf.log`).
You can monitor updates availability automatically by email after modifying the dnf-automatic configuration file (usually `/etc/dnf/automatic.conf`).
[emitters]
emit_via = email
[email]
# The address to send email messages from.
email_from = root@localhost.com
# List of addresses to send messages to.
email_to = root