The reverse is that if you really know your stuff you can get away with fewer restarts, or even none. But you pretty much have to know every component and update you run while in that untested state.
This is similar to bugs that go away on a restart. If you don’t know why, then you haven’t really fixed it, just rolled the dice again hoping it won’t reoccur.
As for updates, on regular systems you can do update everything but the kernel. You do have to restart affected services afterwards (often done automatically).
Even on atomic systems you can switcheroo the subvolume underneath a running system.
Unfortunately the kernel is quite major, so that is a valid reason to see the need to update. Definitely not as pressing as say nginx, sshd, or sudo though. Kernel bugs bubbling up to an exposed attack surface is still quite unusual.
The reverse is that if you really know your stuff you can get away with fewer restarts, or even none. But you pretty much have to know every component and update you run while in that untested state.
This is similar to bugs that go away on a restart. If you don’t know why, then you haven’t really fixed it, just rolled the dice again hoping it won’t reoccur.
As for updates, on regular systems you can do update everything but the kernel. You do have to restart affected services afterwards (often done automatically).
Even on atomic systems you can switcheroo the subvolume underneath a running system.
Unfortunately the kernel is quite major, so that is a valid reason to see the need to update. Definitely not as pressing as say nginx, sshd, or sudo though. Kernel bugs bubbling up to an exposed attack surface is still quite unusual.