Ubuntu – Do I need to use canonical Livepatch


Ubuntu says

Use canonical Livepatch to increase security between restarts.

I have to sign in to do this, so is it worth setting up? I'm not sure what it is, the box is unticked.

The more secure the better, but is it worth it? How complicated is this?

Best Answer

Livepatch allows you to install some critical kernel security updates without rebooting your system, by directly patching the running kernel.

It does not affect regular (not security-critical) kernel updates, you still have to install those the regular way and reboot. It does not affect updates to other non-kernel packages either, which don't require a reboot anyway.

On a regular home or office computer, which does get rebooted daily (or every few days to weeks at least, your mileage may vary), Livepatch probably doesn't give you many benefits. It's mainly intended for servers which are supposed to have months and years of continuous uptime without reboots.

See e.g. this blog post for more information about Livepatch: http://blog.dustinkirkland.com/2016/10/canonical-livepatch.html