English Spanish
Dnf in Fedora has the GPG key checking enabled by default. Assuming that you have imported the correct GPG keys, and still have `gpgcheck=1` in your `/etc/dnf/dnf.conf`, then we can at least assume that any automatically installed updates were not corrupted or modified from their original state. Using the GPG key checks, there is no way for an attacker to generate packages that your system will accept as valid (unless they have a copy of the *private* key corresponding to one you installed) and any data corruption during download would be caught.
However, the question would also apply to the question of update quality. Will the installation of the package cause problems on your system? This we can not answer. Each package goes through a QA process, and is assumed to be problem free. But, problems happen, and QA can not test all possible cases. It is always possible that any update may cause problems during or after installation.
Why use automatic updates?
So while you should still be cautious with any automated update solution, in particular on production systems, it is definitely worth considering, at least in some situations.
Reasons FOR using automatic updates
While no one can determine for you if your machine is a good candidate for automatic updates, there are several things which tend to make a machine a better candidate for automatic updates.
Some things which might make your machine a good candidate for automatic updates are:
You are unlikely to apply updates manually for whatever reason(s).
The machine is not critical and occasional unplanned downtime is acceptable.
You can live without remote access to the machine until you can get to its physical location to resolve problems.
You do not have any irreplaceable data on the machine, or have proper backups of such data.
Reasons AGAINST using automatic updates
While no one can determine for you if your machine is a bad candidate for automatic updates, there are several things which tend to make a machine a worse candidate for automatic updates.
Some things which might make your machine be a bad candidate for automatic updates are:
It provides a critical service that you don't want to risk having unscheduled downtime.
You installed custom software, compiled software from source, or use third party software that has strict package version requirements.
Your environment requires meticulous change-control procedures.
There are also some other reasons why installing automatic updates without testing may be a bad idea. A few such reasons are:
Unwanted side effects. Some packages can create annoying side effects, particularly ones which have cron jobs. Updates to base packages like openssl, openldap, sql servers, etc. can have an effect on many other seemingly unrelated packages.
Bugs. Many packages contain buggy software or installation scripts. The update may create problems during or after installation. Even cosmetic bugs, like those found in previous Mozilla updates causing the user's icons to be removed or break, can be annoying or problematic.