Is it safe to run apt-get update every night?

Solution 1:

It may be safe—or, more accurately, the level of risk may be within your range of comfort. The level of acceptable risk will depend on several factors.

Do you have a good backup system that will allow you to quickly revert if something breaks?

Are you forwarding server logs off to a remote system so that if the box goes belly up you will still know what happened?

Are you willing to accept the possibility that something may break and you may have to do a quick restore/revert on the system if something fails?

Have you manually compiled anything on your own, or did absolutely everything installed on your system come from the official repositories? If you installed something locally, there is a chance that an upstream change may break your local maintained/installed software.

What is the role of this system? Is it something that would barely be missed if it died (e.g. a secondary DNS server) or is it the core piece of your infrastructure (e.g. LDAP server or primary file server).

Do you want to set this up because nobody responsible for the server has the time to maintain the security patches? The potential risk of being compromised by a un-patched vulnerability may be higher then the potential for a bad update.

If you really do think you want to do this, I suggest you use one of the tools that already are out there for this purpose like cron-apt. They have some logic to be safer then just a blind apt-get -y update.

Solution 2:

Yes, as long as you are talking about update and not upgrade. Apt will even do it for you if you put the line:

APT::Periodic::Update-Package-Lists "1";

in a file under /etc/apt/apt.conf.d/