[jacques_chester]

> With Jekyll once it is up on say AWS you don't have to worry about it.

You still need to update the base system.

[don_draper]

Right. But when a security vulnerability is announced for Apache, MySQL, Postfix, etc, I don't have to worry about it.

[jacques_chester]

We're going to wind up splitting fine hairs, but here goes:

Having to worry about updating because of security defects is the same as ... having to worry about updating because of security defects.

Reducing the attack surface still leaves an attack surface, is my point. You can't just "forget about it", your server can still be subverted to unpleasant ends.