[andrewflnr]

I can't make head or tail of this comment. Are you saying you think it's a bad idea to keep my Linux kernel and Nginx up to date? What good does it do to "rebuild ASAP" unless you've at least downloaded source updates from the developers? Or are you telling me you write your own security fixes for all the software you use in public-facing services?

[foohbarbaz]

Of course it's a bad idea to make unnecessary system changes (install patches) that bring system to essentially unknown state that nobody ever tested (the order and set of patches installed over your specific OS configuration).

You only patch what you need to patch. Most of the time for every production service you end up building a custom version anyway. Patching does no good to those.

So, by patching you only bring potential harm and overhead of going through change control processes.