i subscribe to the release page of the repo in my rss reader. simple and effective.

GitOps + Renovate.

Tools that allow you to work GitOps (everything is defined in text files in Git) are:

• Kubernetes
• NixOS
• to a lesser degree, Ansible

Here’s a nice starter template for running your own Kubernetes cluster via GitOps with Renovate pre-configured: https://github.com/onedr0p/cluster-template

I don’t.

Yeah, hot take, but basically there’s no point to me having to keep track of all that stuff and excessively worry about the dangers of modernity and sacrifice the spare time I have on watching update counter go brrrr of all things, when there’s entire peoples and agencies in charge of it.

I just run unattended-upgrades (on Debian), pin container image tags to only the major version number where available, run rebuild of containers twice a week, and go enjoy the data and media I built the containers and installed for software for.

Does badly count as a way?

I kinda keep an eye on that https://selfh.st/ post that does a weekly roundup of stuff to know when I need to do patching.

No doubt there is a container I could run that would do it for me. I just can’t remember the name of it.

95% of things I just don’t expose to the net; so I don’t worry about them.

Most of what I do expose doesn’t really have access to any sensitive info; at most an attacker could delete some replaceable media. Big whoop.

The only thing I expose that has the potential for massive damage is OpenVPN, and there’s enough of a community and money invested in that protocol/project that I trust issues will be found and fixed promptly.

Overall I have very little available to attack, and a pretty low public presence. I don’t really host any services for public use, so there’s very little reason to even find my domain/ip, let alone attack it.