I agree, but with only nginx (http only) and sshd public facing services, it's usually a very quick and easy update. Dealing with https vulnerabilities can make it a lot harder to keep up, especially when the fix is not as easy as simply upgrading the software and restarting the service.