The command apt-get upgrade will not add or remove packages. apt-get dist-upgrade will add or remove packages as required.
The command apt-get dist-upgrade will not automatically upgrade you from one release to another unless you have also updated your sources (/etc/apt/sources.list) to point at a newer release.
man apt-get
upgrade
upgrade is used to install the newest versions of all packages
currently installed on the system from the sources enumerated
in /etc/apt/sources.list.
dist-upgrade
dist-upgrade, in addition to performing the function of upgrade,
also intelligently handles changing dependencies with new versions
of packages;
Are there special concerns to be aware
of when doing a dist-upgrade vs
upgrade?
For the most part I always apt-get dist-upgrade to apply updates to a system. Of course pay attention to exactly what new packages are being added or removed. Frequently this happens when something is being added like a newer kernel that isn't compatible with the previous and you will have to recompile modules. If you have some kernel module you had to build on your own, then you may need to make sure you recompile it for the new kernel. I have a couple systems with network interfaces not supported by the stock kernel that I have to recompile the network driver after each kernel update.
Update: per sparks' comment, I should note that 'aptitude' can be used in place of 'apt-get' in my answer below, with one exception: 'apt-get upgrade' would be replaced by 'aptitude safe-upgrade'. The aptitude front-end to APT has some nice features compared to apt-get, as outlined in this blog post. However, if you've already got a system that you've been managing with apt-get, you can certainly continue using apt-get, and probably should. We don't do a lot of software installation / uninstallation on a server, so I don't find the use of aptitude to be of critical importance, but if I was to fire up a brand new server today I would probably use it.
The latest Ubuntu Server documentation still details using apt-get, and only discusses aptitude as a graphical front end to APT. While this is certainly an oversight, it certainly does imply that there's nothing wrong with using apt-get.
I use Ubuntu's unattended-upgrades package to automatically apply security updates. Here are my notes on setting it up (on an Ubuntu 8.04 LTS server):
$apt-get install unattended-upgrades update-notifier-common
Edit /etc/apt/apt.conf/50unattended-upgrades. Select only security upgrades, and set mail address
Unattended-Upgrade::Allowed-Origins {
"Ubuntu hardy-security";
// "Ubuntu hardy-updates";
};
Unattended-Upgrade::Mail "youremail@yourdomain.com";
Install mailx (required for unattended-upgrades mail to work)
$apt-get install mailx
Edit /etc/apt/apt.conf.d/10periodic :
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "1";
APT::Periodic::Unattended-Upgrade "1";
Using this configuration, security updates will be automatically applied, and the list of updates will be emailed to you. While it may be considered dangerous to automatically apply any update, I believe that keeping up with security updates is a task worthy of the risk... and franky, "keeping up" requires automation.
As far as keeping packages up to date, I asked a question to clarify the meaning of dist-upgrade that you might find applicable. Basically, when you do an apt-get upgrade, installed packages will be upgraded only if the upgrade doesn't require new packages or the removal of a package (e.g. the dependencies don't change). If an upgraded package has new dependencies, then you need to use apt-get dist-upgrade instead. Since apt-get dist-upgrade also does everything that apt-get upgrade does, I typically use it by default. It's important to keep an eye on which packages are going to be modified and take any precautions you may find necessary.
In short:
apt-get update
apt-get dist-upgrade
If I'm nervous about what dist-upgrade wants to do, I'll do:
apt-get update
apt-get upgrade
To at least upgrade packages that don't have new dependencies until I do a little research. There's always a chance that something will break no matter what you do, however, so you just gotta have some faith :)
As a final note, as long as you're applying security updates, and you trust that Canonical is doing a good job keeping things patched, you may find it's not terribly necessary to keep packages up to date. If the server is working without fault, well... it's working.
Best Answer
Yeah, it messed up my server last night. I am running Debian Lenny though. I had to add debian-volatile repository to be able to upgrade to 0.95.3.
You need to add
deb http://ppa.launchpad.net/ubuntu-clamav/ppa/ubuntu hardy main
to your/etc/apt/sources.list
and runapt-get update
After thatapt-get upgrade clamav
If
apt-get upgrade
does not work, doapt-get install clamav clamav-base clamav-daemon clamav-freshclam