1

What is the difference between the "updates" and "security" repos?

I'm asking because I want to set up and use unattended-upgrades, which only allow updates from "focal" and "focal-security" on Ubuntu 20.04

If I want "focal-updates" as well I have to enable that.

Are there packages that end up only in "updates" or do they automatically get a release on "security" if there is an actual security upgrade for the specific package?

Do I want to add "updates" in general, even in a server setup? Or leave it off, as is the default?

KoenDG
  • 15

1 Answers1

3

There are patches to packages of a non-security nature (features being broken, etc.) that end up in the -updates pocket. Only security updates end up in -security pocket.

I recommend leaving -updates and -security enabled on all Ubuntu releases. The main reason for this is because there are sometimes things that need to be patched because something stopped working due to some other package, etc. being updated. Even though those aren't security updates, they're crucial for certain operations.

Unless you really don't trust updates in general (note that "updates" aren't just random willy-nilly version bumps, etc. there's RULES around how updates are accepted into -updates), you really would benefit from having both updates AND security pockets enabled.

Thomas Ward
  • 78,878