We have a question about patch management policies on Linux systems. One of our users is running Pop! OS 22.04 LTS and has multiple repositories added to Apt. We would like to enforce OS Patch Management but want to better understand the impact before doing so. There are 3 options for the Subscribe To setting within the policies: All Updates, Security Updates Only, Security and Recommended Updates. That selection may directly affect these questions, but when applying patch management policies to a Linux system, do they only affect:
- OS and Security updates from the main Pop! OS channel/repositories via apt
- OS, application, and Security Updates from the main Pop! OS channel/repositories via apt
- OS, application, and Security Updates from all installed repositories via apt
- OS, application, and Security Updates from all installed repositories via apt and also applications installed via Snap and/or Flatpak, so anything managed by the Pop! Shop.
Any help in clarifying the intended behavior of this would be helpful as we decide how we want to configure and enforce this. Thanks!