Comment 2 for bug 1690224

There's another issue I noticed in 16.04 that doesn't happen in 14.04:

Initially, the file /etc/apt/apt.conf.d/50unattended-upgrades is as expected, with everything commented out except the "-security" repository, meaning that only security updates will be applied automatically. *However*, after the first time the `unattended-upgrades` program is run, it overwrites the existing `50unattended-upgrades` file (also indicated in the output logs), and adds an additional, uncommented line, which is: "${distro_id}:${distro_codename}";

Therefore after first run, the state is:

Unattended-Upgrade::Allowed-Origins {
 "${distro_id}:${distro_codename}";
 "${distro_id}:${distro_codename}-security";
// "${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
};

This could create unexpected and undesirable behavior for a sysadmin. The documentation should instruct the operator to run the unattended-upgrades program once, and correct that file after it runs the first time.