Whenever I install a production system/server I tend to enable full automatic updating, because it's usually better that something breaks because of a failed update rather than leaving a production machine unpatched; and if you pick a rather stable distribution (Centos or Ubuntu