upgrades take up a significant chunk of time every week and distract sysadmins (or at least me) from focusing on other projects. upgrades should be therefore automated, as much as possible. see also legacy/trac#31239 about auomated installs and this is part of the wider "ops card questionnaire", where we answered no to a question about this, see legacy/trac#30881. checklist: * [x] install needrestart everywhere, in interactive mode * [x] switch needrestart to automatic mode * [x] install unattended-upgrades everywhere * [x] fix major upgrades docs to disable unattended-upgrades during the upgrade run * ~~[ ] automate reboots~~ see legacy/trac#33406 instead