switch to unattended-upgrades for (non critical) package upgrades
A way to mitigate the icinga apt notification spam, and also a way to reduce tedious sysadm work, is to let unattended-upgrades do its magic. We just need to be careful on which packages are potentially dangerous for upgrades and that we do not want to be upgraded unattended — postgres comes to mind, but there might be others.
(IIRC upgrades that requires interaction, e.g., conffile changes, are blacklisted by default by unattended-upgrades, but this requires double-checking.)
Migrated from T756 (view on Phabricator)