Quoting Erik Christiansen (dvalin@internode.on.net):
Apropos upgrading for security, does anyone know whether letting that GUI "Update Manager" run will upset apt's view of the installed package base? (It seems rash to assume that they're necessarily compatible, after all, Network Manager stuffs up a variety of things.)
/usr/bin/update-manager (Python utility with dependencies on dconf-gsettings-backend, gir bindings for gtk+3 / VTE, python-dbus, python-gobject, Python gtk+3 aptdaemon widgets) is in fact a front-end for apt, same as synaptic, kpackage, and all the rest (http://en.wikipedia.org/wiki/Advanced_Packaging_Tool#Front-ends). So, no. You can switch back and forth between one of the graphical front-ends such as update-manager and apt-get, without causing problems.
Up to now, I've operated in paranoid mode, and used apt-get on packages listed under the Update Manager's "Important Security Updates" heading.
Sounds reasonable to me. To elaborate on what I was saying about skim-reading DSAs, if I read one that suggested a pretty urgent security update to glibc (package libc6), I would open an xterm and do: su - apt-get update && apt-get install libc6 ctrl-D
That does sound easier than doing an "apt-get --download-only", sharing the archive via NFS (or sneakernet), and doing a "dpkg -i", but we often just end up doing what we remember how to do.
Those are worthy of respect, too, though. For extra win (if you don't mind the bandwidth usage, you could put this in a nightly cronjob: apt-get update && \ apt-get -y --download-only dist-upgrade && \ apt-get autoclean That way, when you wake up, all the available updates for your installed packages are already available locally in /var/cache/apt/archives/ , with no download delays.