I'm running automated updates since years...
I even started running them on PROD at work. People thought I'm nuts but I think the risk of attacks is far more dangerous/likely than a bug taking down everything - especially with recent updates becoming so stable (yes, they are stable despite us moaning - when was the last bug that took down your entire infrastructure?).
I even had positive side effects: my (headless) raspi's ssh once died. I was too lazy to reinstall it that day. When I tied again, it had pulled new updates, fixed the ssh, and rebooted.
How do you do #AutomatedUpdates of #docker containers?
It seems that we have ditched 30+ years of OS package handling.
Docker updates seems to be a) hope the container creator publishes an updated ":latest" whenever there is a security update, b) delete the docker container c) and start the new one
(The latter two can be achieved using something like #watchtower)
Two days ago I finally installed the f-droid privileged extension to my LineageOS. And I can say already that I feel at least 10 times happier with the experience.
Now the last remaining bastions of manual updates: My banking app, my alarm and Signal. Lets see if I can get them under control as well.
Anthony Powell
13reak 
moozer
Sheogorath