Update Manager: understand and optimize it

Back to the homepage

Below I'll explain how Update Manager works in Linux Mint 19 Tara, and how you can tweak and optimize its settings.

Absolute beginners: trust the defaults, but know your options

1. A golden rule in computing is: when in doubt, trust the defaults. Because they should be, and usually are, reasonable and sensible. But in Linux Mint you can have a fine-grained control over your updates. Which offers some considerable benefits.

Note: maybe you're an absolute beginner and you'd rather change nothing in Update Manager. That's OK, too. It's not at all necessary to change things. But it is important that you understand some aspects of Update Manager. That's why this is listed among the essential things to do.

So if you don't want to change any settings of Update Manager (yet), that's perfectly allright. But in any case I advise to read what's on this page, in order to get a better understanding of this very important tool.

Smart protection against bad apples

2. The default settings of Update Manager are cautious; that's a characteristic of Linux Mint. Stability first and foremost. In this, the Mint developers have done a magnificent job: on top of the already good quality control for updates (updates with bugs are rare), they've added an extra protective layer.

Starting with Mint 19, this protective layer relies by default heavily on your making system snapshots with Timeshift. A bit too heavily, if you ask me....

Timeshift is indeed a fine tool, but it has its limitations. One of them being that it can require a lot of disk space. This space requirement is of course dependent on the way that you use your system (do you install a lot?) and on the frequency with which you make those system snapshots.

But Mint also contains a hidden protection feature, which used to be prominent in the past but unfortunately is now inactive by default: "under the hood" it namely applies a level system to its updates. This hidden level system is one of its crown jewels, because it allows you to prevent problems instead of just "curing" them by means of Timeshift.

You can call up the settings of the hidden level system as follows:

Menu button - Administration - Update Manager - panel: Edit - Preferences - tab Levels.

See the screenshot below (click on it to enlarge it):

Levels 1, 2 and 3: Good updates. Always install them

3. First the safest levels, namely 1, 2 and 3. They're easy to understand: you'll always want to install those, because otherwise you'll miss important bug fixes and security fixes. The chance that updates from those levels damage your system is non-existent or virtually non-existent. 

Even level 3 updates are still very low-risk to install, so just install them without giving it a second thought!

Some people advise you to review level 3 updates before installing them (meaning: check the Linux Mint forum for problem reports concerning these updates). Theoretically, they're right.

But as I've learned in my decade of experience with Linux Mint and Ubuntu, that's in real life simply not practical or even useful for level 3. With some extremely rare exceptions, which are so rare that they don't need to be considered at all.

So I recommend to leave level 1, 2 and 3 updates at their default settings, namely both Visible and Selected.

Level 4 updates: handle with some care

4. Now level 4, which is more complicated.

By default, all updates of level 4 (Sensitive) are also both visible and (pre)selected. But I recommend to treat them with more caution than the rest.

The reason is their risk profile: for desktop users, practical security risks of vulnerabilities in level 4 packages, are usually low anyway. So there's normally no hurry to update them. Whereas there always is a certain (albeit rather small) danger, that updates from level 4 might severely damage the stability of your system.

In other words: potential regression bugs in level 1, 2 and 3 updates, can never be fatal for your system. Updates that might theoretically contain fatal bugs (showstopper regression bugs that can make an entire system unusable) should all be level 4.

If you examine which updates are tagged level 4, you'll see that it concerns packages with a low security risk like bootloader Grub and your login manager LightDM. Not packages with a high security risk like web browser Firefox, Adobe Flash Player and such.

To put this into perspective (I wouldn't want to exaggerate): stability issues of level 4 updates are rare, in my experience. Ubuntu, on which Mint is based, doesn't even make this stability risk distinction in the first place, and Ubuntu is only a bit less reliable and stable than Mint. But: rarely is not never....

For example: an update for bootloader Grub, might result in a system that won't boot. Grub is an excellent example of a package that only really needs to be updated in an existing installation, when that update would be of vital importance for that existing installation.

So you can postpone these level 4 updates until a convenient time when you're in no hurry. That's precisely the intention of the level system: it allows you to install potentially risky updates, but not as part of the regular update batch, and at a time that suits you. Proceed like this:

Tab Levels: remove the "Selected" tick for Level 4. Then press the Apply button. See the screenshot below (click on it to enlarge it):

Tab Options: remove the tick for: Always select security updates and also remove it for: Always select kernel updates. Then press the Apply button. See the screenshot below (click on it to enlarge it):

Note: just to be on the safe side, you should never apply any updates when you're in the middle of doing important work. That goes for the level 1, 2 and 3 updates as well. First finish your important work, then apply the available updates.

Reboot your computer after each individual level 4 update, so that if a problem would arise, you'll know exactly which update caused it. Which makes troubleshooting and recovery assistance (forum help?) easier.

In the unlikely case that you ever get hit by a serious regression in an update, the motto is: just keep breathing, try to find a temporary workaround (like restoring a system snapshot that you've made with Timeshift) and wait for the new update that fixes it (usually within days).

Beware: if you're unlucky and your system does get messed up because of a level 4 update, restoring a system snapshot (or doing a clean re-installation) is sometimes the only solution...

Note: you'll still have a pretty secure system if you.... don't ever install any level 4 updates at all! Much more secure than, say, Windows. So it's even a reasonable option to restrict yourself entirely to level 1, 2 and 3 updates. I don't recommend that, but it's not insanely irresponsible to do so.

Consider increasing the interval for checking for new updates

5. Furthermore, you might want to change the interval settings for checking for new updates (in the tab Auto-Refresh). See the screenshot below (click on it to enlarge it):

The first check happens 10 minutes after booting and then every two hours. These are reasonable settings; I recommend to leave them as they are.

However, if you do wish to change them: leave in any case the initial check that happens after booting, unchanged at 10 minutes. But you can safely increase the consecutive checks a bit, for example to 8 hours. Don't exceed 24 hours: a check at least once a day, is advisable for your security.

Warning: DO NOT enable automatic updates

6. Unfortunately, Update Manager now also contains an automatic update feature. Thankfully it's not enabled by default, because updates should always be done consciously. So that they won't ever interrupt or damage your work.

However (you're the boss!) this obnoxious feature can be found as follows: Menu button - Administration - Update Manager - panel: Edit - Preferences - tab Auto-upgrade.

Optionally, select a mirror server

7. The servers that provide you with updates, might disappoint you: sometimes they might be very slow. In that case you might achieve better results with a mirror server near you.

This is how to change to a (or another) mirror server:

Update Manager - panel: Edit - Software sources - section Official repositories

Mirrors: change this for Main (tara), by clicking on the address of the current server. Make your choice and click Apply.

Note: mirrors always have a delay of a couple of hours, when compared with the contents of the main server. That's inevitable, because they synchronize with that main server with intervals. If you ever get a notification that the information on the mirror is outdated, don't change your mirror immediately, but simply try again after a few hours.

(continued in the column on the right)

This website is being sponsored by Google Ads.

Are you using an ad blocker? Then you're also blocking my earnings from advertisements....

If you wish to support my website, you can configure your ad blocker to make an exception for this website.

Thanks in advance....

About kernel updates

8. You should consider how to update the kernel. The kernel is the very heart of your system, and by far its most important part.

The reason why you should give extra attention to kernel updates is again the risk profile: for desktop users, security risks for kernels are usually low. Whereas there's definitely a certain risk that a new kernel might damage the stability of your system. So in certain circumstances it can be reasonable to postpone or even disable kernel updates.

You can disable the visibility and (pre)selection of kernel updates (for example if you don't want to break a driver that you've installed manually). This is how you do that:

Menu button - Administration - Update Manager
(Mint Xfce: Menu button - System - Update Manager)

Panel Update Manager: Edit - Preferences

Tab Options (first tab): untick:

Always show kernel updates

.... and of course make sure that also is unticked:

Always select kernel updates

Click the Apply button.

See the screenshot below (click on it to enlarge it):

In that case, whenever you want to install a particular kernel update anyway, you can always check manually for new kernels, like this:

Launch Update Manager. In the panel of Update Manager: View - Linux kernels

Then a window pops up, with a warning against installing new kernels. This warning is a bit exaggerated: the risk of problems is certainly there, but it's not as big as the warning implies.

And you might not want to miss security fixes that are present in the newer kernel, even though security fixes for the kernel, usually only repair small risks.

If the newer kernel should ever cause problems for you, it's easy to boot from the old kernel and remove the new one. More about that in item 8.3 below.

Click "Continue" in the warning window in order to proceed.

Note: when you apply kernel updates: stay preferably within the kernel series for which your Linux Mint version has been primarily designed. Only try a higher series when your default kernel series doesn't work well on your machine, or when your default kernel series is no longer supported. See the explanation in items 8.1 and 8.2 below.

Select (and then click on the button Install for) the latest kernel within the series of your preference. Only install the latest within its series, because older versions are of no use. See the screenshot below (click on the image to enlarge it):

Reboot your computer after the installation. Now your system should be running on the latest installed kernel.

Stick to your kernel series

8.1. Preferably, only install kernels from the same series as the one that's default for your version of Linux Mint!

If your machine functions well on the default kernel series, I strongly advise to stick with it. Because your Mint version has been designed around the "engine" of a particular kernel series. Changing the "engine" to one from another series, might diminish the stability of your system and might introduce unexpected bugs.

The kernel is the heart of your system: of course you want a system in which the heart cooperates well with the software around it....

Important exception: very new hardware might not run well on your current kernel series, because it might not contain the latest drivers. So for brand new hardware, if the kernel tool in Mint offers a newer series, it's the latest kernel series that's often the best choice.

Two kinds of kernels: LTS kernels and HWE kernels

8.2. There are two kinds of kernels: Long Term Supported kernels (LTS) and Hardware Enablement kernels (HWE).

Linux Mint 19 was released with an LTS kernel, namely 4.15.x. This particular kernel series will be supported for the full five years of the supported lifespan of the Linux Mint 19.x series. So for having a kernel with the latest security updates, you can always stick to 4.15.x.

From Linux Mint 19.2 onward, your Mint will have an HWE kernel. That's a kernel series that's only supported for a short period.

This means that if you want all security updates for the kernel of Mint 19.2 and higher, you'll have to upgrade to a newer kernel series from time to time. Such a newer kernel series will be offered to you in Update Manager, as soon as your current HWE kernel reaches end of life.

The reason for the existence of HWE kernels is simple: hardware support. The hardware drivers are in the kernel; pretty soon, new hardware becomes simply too new for the LTS kernel. So Linux Mint needs HWE kernels in order to stay relevant for such brand new hardware.

Tip: if in the future you'll use the upgrade feature in Update Manager to upgrade your Mint 19 or 19.1 to 19.2 or higher, you keep your current 4.15.x LTS kernel. That's a pretty neat protection: you won't ever be forced to switch to an HWE kernel.

Note: the kernel team of Linus Torvalds also uses the terms LTS kernel and ordinary kernel. But that's completely unrelated to the procedures of Ubuntu and Linux Mint.

How to revert a kernel update

8.3. In the rather unlikely case that a newer kernel causes problems for you, it's easy to boot from the old kernel and then remove the newer kernel:

a. Reboot your computer.

b. In the Grub bootloader menu, select the second option called Advanced options for Linux Mint.
Don't you get to see the Grub bootloader menu? Then hit the Esc key just once, immediately after the BIOS screen appears.

c. Then boot from the original kernel.

d. Launch Update Manager. In the toolbar of Update Manager: View - Linux kernels.

e. Remove the latest kernel by pressing its button Remove. See the screenshot below (click on the image to enlarge it):

f. Finally reboot: all should be well again.

For power users: terminal update tool that uses the protective level system

9. Nowadays it's also possible to update your Mint by means of the terminal, while maintaining the protective level system that Update Manager also uses. The advantage is, that the terminal is faster than Update Manager.

The terminal application to use is called mintupdate-cli. As said, this too applies the protective level system.

An example is easiest. For installing all updates from level 1, 2 and 3, you can use this terminal command:

sudo mintupdate-cli upgrade -r -l123

You can get more usage information by executing this terminal command:

mintupdate-cli -h

Advanced users only: the text file that defines the level system

10. Addition for advanced users only: the level system that mintupdate applies, is defined in this file:

All updates are level 2 by default. Unless the name of an update package matches one of the rules in that text file, in which case that rule has priority.

If you know what you're doing(!), you can change the level system by editing the rules in that file. But in general I advise not to do that, because the default settings are reasonable and sensible.

To the content of this website applies a Creative Commons license.