Unattended-upgrades writes logs to `/var/log/unattended-upgrades/` but
also `/var/log/dpkg.log`.
The default configuration file for unattended-upgrades is at `/etc/apt/apt.conf.d/50unattended-upgrades`.
The default configuration file for unattended-upgrades is at
`/etc/apt/apt.conf.d/50unattended-upgrades`.
Pending upgrades are still noticed by Nagios which warns loudly about them in its
usual channels.
If a package origin isn't picked by unattended upgrades it will need to be upgraded
by hand or its origin added to `modules/profile/manifests/unattended_upgrades.pp` in
puppet.
Note that unattended-upgrades is configured to upgrade packages
regardless of their origin (`Unattended-Upgrade::Origins-Pattern {
"origin=*" }`). If a new `sources.list` entry is added, it
*will* be picked up and applied by unattended-upgrades unless it has a
special policy (like Debian's backports). It is *strongly* recommended
that new `sources.list` entries be paired with a "pin" (see
[apt_preferences(5)](https://manpages.debian.org/apt_preferences.5)). See also [tpo/tpa/team#40771](https://gitlab.torproject.org/tpo/tpa/team/-/issues/40771) for a
