Hi Paul,
Thanks for following up on this. To address your points:
1) The point raised in the ITP about stopping critical applications cleanly is an example scenario. The idea being that you have the ability to run any custom script at each of those phases. Other examples may include:
- Backing up config files before applying updates
- making an API call to a monitoring system to put the server in maintenance mode
- adjust a status file which is used to keep the server in a loadbalance pool
- possibly creating lvm snapshots before applying updates
- capture current system statistics and states metrics which can then be compared post updates ie: listening ports before updates are applied and after the patching process has completed (Including post-reboot)
The possibilities with these pre and post scripts are endless and have the potential to be extremely useful especially with tasks that you may not want or need to write a specific custom systemd file or init script. In addition tho this, the script hooks are not only for the reboot phase but also for the download and apply phases.
2) While it is possible to separate the download and install schedules in unattended-upgrades, it becomes a bit more of a task to work around an automatic version controlled setup. For example, you want a test environment to install updates in the first week of the month but the production environment should only be updated in the third week. With unattended upgrades, the latest packages will be downloaded and installed which may not have been the packages that were tested. With auter, you can set all environments to download patches at the same time and only install those specific downloaded packages at the required schedule.
3) While unattended-upgrades can also schedule automatic reboots, the huge advantage here is being able to run pre and post reboot scripts which are specific to the patching process as discussed in point 1
4) The separate patching profiles is one of the specific request we had when building this tool.
5) I am sure there are many use cases where system administrators are maintaining environments with multiple Linux distributions and having a tool which can be configured in the same way regardless of distribution is a huge advantage.
Thanks
Paolo