Should security updates always be installed?

security

We are a small shop, with no real sysadmin. So developers (Java EE) also try to maintain Ubuntu server 12.04.

When I login a terminal and I see messages like:

6 packages can be updated.
6 updates are security updates.

Should all security updates always be installed? Can some be ignored? Should these be acted upon immediately? Or one could wait for 2:00 a.m. on the coming Sunday? Is there a way to know a "critical" update?

Is there a good sysadmin for dummies resource I should be reading?


Solution 1:

Generally security updates are about fixing serious BUGS in the current Ubuntu OS regarding Network, Security and all. If you are maintaining a web server or any web related things, then you must have them to be safe.

For example see here some issues: Ubuntu security notices | Ubuntu

Solution 2:

If you're going to hold back any updates, I wouldn't hold back security updates.

There's a reason the server install has an install-time option of "automatically download and install only security related updates"

Related

How to know what DNS am I using in Ubuntu 12.04
Ubuntu 14.04 biblatex [closed]
Bind Windows key to xubuntu "Start Menu"
Can I use easy_install?
How can I know/list available options for kernel modules?
Why is sudo -s better than sudo su?
hostapd error "nl80211: Could not configure driver mode"
Ubuntu Hyper-V Guest Display Resolution Win 10 + 15.04
How to backup/clone Windows creating a recovery image using Ubuntu
How to execute several commands after each other with one request to the terminal (without using a file)?
How to update/upgrade PHP 7.2 to latest version safely?
Error when installing Makefile: "make: *** No targets specified and no makefile found. Stop."