Hello, I would like to ask for an advise regarding automatic updates / upgrades.
In my opinion, regular updates are very important for the security of a system. If one has several systems under control but does not want to invest much time maintaining them, automatic updates become crucial. While this is probably a bad idea for (business or the like) critical systems, it's usually perfectly fine for not that important private infrastructure.
Now in OpenWrt, I read that automatically calling
opkg list-upgradable | cut -d ' ' -f 1 | xargs opkg upgrade is not advised and people don't get tired explaining that one should not do this. Because of broken updates, wearing out flash, and so on. (Flash capacity is no issue in my case.)
Instead, one is told to flash a more recent image. (Which also isn't performed automatically. Stock firmware is capable doing this but okay, if you consider this like a distribution release upgrade it's fine. I also don't do this automatically.)
So I'm wondering how I should proceed. I got the impression it's best to not update via opkg and subscribe to OpenWrt's GitHub releases so I can flash a new image when it comes available.
But is this sufficient for a reasonable security level? What if a major flaw in a package becomes known? Is a new image released short after? On the other hand, reflashing too often would bother me...
What are you doing?