Router: Openwrt One
Audience: Open
Question: How important is it to update package version updates? Are these considered critical? I've noticed for the most part these updates only change in "version" number:
Also, I can't find an explanation of why these updates are provided when changes to the package are not made but only the version number.
Excuse my ignorance! If someone can give the reasoning behind this or point me to a forum post, article, ext.. that give this explanation.
Thank you!
Short answer: don't upgrade packages individually. Just use the standard sysupgrade process when new OpenWrt releases are available -- those will come with the latest packages.
Long answer: Don't upgrade packages individually (or en-mass), as you'll probably break your things.
Upgrading packages (via the CLI opkg upgrade command or the LuCI Upgrade... button) can result in major problems. It is generally highly discouraged, unless you know what you are doing or if there is specific instruction to do so.
In addition to what @psherman said ("don't do package updates, do a full sysupgrade"), I'll add my 2-cents to address this specific point.
What I do is watch the list of available package upgrades, and if something seems "important enough," I'll do a full sysupgrade to get the new packages. So, of course, we now need to define "important enough", which for me is anything that's related to security issues. This means if openssl or mbedtls gets updated, I'll upgrade; if it's a LuCI update, that's almost always just functional or cosmetic, so I ignore those for now.
If something is really important, then there is almost certain to be forum chatter about it, someone will make a "Critical issue - CVE blah blah bah" post and you'll have a hard time missing it.
