It is a good idea to keep core components of your server up to date. Installing security updates in an unattended fashion seems reasonable.
CA Cloud, a Canadian hosting company takes this automation a step too far. We have compared the default Ubuntu images across a handful of hosting providers, and CA Cloud does something differently: the unattended-upgrades package is not only pre-installed, but switched on by default.
This surprise is the hosting equivalence of a Boeing MCAS - although not as deadly, an unwanted upgrade could have dire consequences.
"The newer the better" is simply not true. Take the MySQL database for example: different versions of MySQL treat the keyring storage and binary log differently. An unattended upgrade could permanently lock up an encrypted database because of the keyring incompatibility, or disrupt replication, or bring down the database service.
If the server admin knowingly enables unattended-upgrades, they will also remember to add MySQL to the upgrade blacklist.
The lesson learned here is to always check the unattended-upgrades configuration on every new server instance.
CA Cloud what were you thinking?