I just had a bad experience with the Virtualmin "Install Updates Now" feature, from the System Information page. It said that there were 3 php5 packages that needed updating, when I knew there were in fact 10 because apticron emailed me this morning.
I thought, I’ll go ahead and try this and see if things get figured out. The process ended up updating 8 packages and I had to manually update the other 2. But here’s where things got screwy:
Virtualmin didn’t think it needed to update libapache2-mod-php5, so it didn’t request that update, and apt “resolved” the dependency conflict by uninstalling libapache2-mod-php5. That created a dependency issue, which apt resolved by installing libapache2-mod-php5. The problem is that libapache2-mod-php5 is disabled by default. So, the net effect of using Virtualmin’s Install Updates feature was that php was disabled on my server.
I was being watchful, so I caught it and fixed it immediately. But a less experienced user might have not noticed, because apache wasn’t updated and therefore wasn’t restarted. Eventually apache would have been restarted and would have broken.
It seems like there needs to be some way of ensuring dependency safety when using this feature. Generally, when something needs upgrading, I want to be running the equivalent of apt-get dist-upgrade. As it is now, requesting the upgrade of only certain package seems potentially very dangerous.