To make sure I keep my production server secure, I log in every now and then to update packages and restart the server. I don't like the fact ubuntu keeps asking me to restart the server but I take it as a practice of making sure my application actually comes back up properly.
I run the usual apt commands:
> sudo apt-get update
> sudo apt-get upgrade
The first command will update the repository caches. The second command will upgrade any packages that have changed. Sometimes this is enough and I can then log off and continue doing other mundane things.
Sometimes I will get the mysterious:
The following packages have been kept back:
linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual
0 upgraded, 0 newly installed, 0 to remove and 4 not upgraded.
After reading the stackoverflow answer it looks like some packages require new dependencies to be installed during the update and so those are not updated. The solution is to do apt-get install package_kept_back to manually do the installation and this will prompt you to install the new dependencies.
https://askubuntu.com/questions/601/the-following-packages-have-been-kept-back-why-and-how-do-i-solve-itThis seems to be quite cautious but I think there could be problems if it automatically installed any new dependency just because. There is also a flag, apt-get --with-new-pkgs upgrade that will do the same thing but I like the manual method a bit more to force me to at least read the new package names even if I don't actually understand them.
As a side note, I do like the fact that I have all the current repos available to me as with redhat everything is frozen, so if I want new things there it involves building from source. Ubuntu is painless so far but I also don't do much which is a great way to do software as a hobby. Keep it lazy!