A tool only performs as good as it’s configured and handled.
This post gives detailed insights into the important touch points of the Drop Guard actions you need to configure in order to benefit from a smooth and individual update pipeline.
I've collected a bunch of articles for you, where Drupal agencies describe their processes, workflows and experience with the Drupal update release PSA-2018-001.
Hard facts: The update was announced one week earlier and released on March 28th between 18:00 and 19:30 UTC. Due to the flood of site views and very motivated F5 finger exercises, Drupal.org was down for around an hour. Fortunately, the Drupal Community worldwide was prepared with snacks, pizza, and more pizza, remote hangman, and a lot of memes.
For detailed information, the Drupal Security Team provided this FAQ about SA-CORE-2018-002.
This article is meant to be a further step to raise agencies’ and also customers’ awareness of the huge expenses when it comes to update management in Drupal.
It’s not about promoting a single solution or product. It’s about getting more sensitive for processes which could or should be way smarter and more efficient than they are in most companies right now. It’s about creating processes which are resource friendly, customer focused and support automation.
Automatic updates have been discussed since years already. The pro and con of letting Drupal update itself are discussed in different Drupal.org issues queues. It was not a big surprise that Dries mentioned automatic Drupal core updates as part of the strategic roadmap of Drupal in his Driesnote at DrupalCon Vienna 2017.