English Spanish
A general rule that applies in most cases is as follows:
Alternatives to automatic updates
As an alternative to dnf-automatic, https://github.com/rackerlabs/auter[auter] can be used. This operates in a similar way to yum-cron, but provides more flexibility in scheduling, and some additional options including running custom scripts before or after updates, and automatic reboots. This comes at the expense of more complexity to configure.
As of Fedora 26 there are now three timers that control dnf-automatic.
auter --apply
auter --disable
Automatic Updates
Best practices when using automatic updates
Bugs. Many packages contain buggy software or installation scripts. The update may create problems during or after installation. Even cosmetic bugs, like those found in previous Mozilla updates causing the user's icons to be removed or break, can be annoying or problematic.
Can we trust DNF updates?
Changes as of Fedora 26
Check status of `dnf-automatic`:
`dnf-automatic-download.timer` - Only download
`dnf-automatic-install.timer` - Download and install
`dnf-automatic-notifyonly.timer` - Only notify via configured emitters in `/etc/dnf/automatic.conf`
Dnf in Fedora has the GPG key checking enabled by default. Assuming that you have imported the correct GPG keys, and still have `gpgcheck=1` in your `/etc/dnf/dnf.conf`, then we can at least assume that any automatically installed updates were not corrupted or modified from their original state. Using the GPG key checks, there is no way for an attacker to generate packages that your system will accept as valid (unless they have a copy of the *private* key corresponding to one you installed) and any data corruption during download would be caught.
[email]
# The address to send email messages from.
email_from = root@localhost.com
[emitters]
emit_via = email
env EDITOR='gedit -w' sudoedit /etc/dnf/automatic.conf
How are automatic updates done?