In a fresh installed Ubuntu, which command (apt upgrade or apt full-upgrade after apt update) can make my Ubuntu more safe from hackers or install more security patches? The security is more important than nre features.
Asked
Active
Viewed 4,343 times
1
1 Answers
6
The difference between upgrade and full-upgrade is that full-upgrade removes packages if necessary — i.e., if an upgraded package requires another package to be removed, full-upgrade will remove the offending package, whereas upgrade will ignore the upgrade.
So if keeping up-to-date in all cases is more important than features, apt full-upgrade is better than apt upgrade. In practice, it’s extremely unusual (perhaps unheard of) for a regular upgrade to involve removing packages. Note also that automatically removing packages could result in an unusable system; my suggestion would be to check whether apt list --upgradable shows any upgrade candidates after running apt upgrade, and manually running apt full-upgrade only in that case.
With both commands you might consider adding the --autoremove flag to remove packages which are no longer needed as a result of an upgrade; this would avoid leaving potentially obsolete packages installed on the system.
You might also want to configure automatic upgrades; this will run apt upgrade automatically for you whenever necessary, and can be configured to auto-remove unnecessary packages and even reboot the system (e.g. for a kernel security update). You can then periodically check for upgradable packages left over and run apt full-upgrade manually if appropriate.
Stephen Kitt
- 434,908