With respect to the regular services, GitLab was already receiving at least one upgrade per month and security upgrades were being installed as they were released by Debian (automatically).
With the upgrade, the system is running a recent version of the Debian distribution again (Stretch).
Stretch comes with Apache and Nginx versions which support HTTP/2 out of the box and as we were running
common-lisp.net on TLS for a long time already, HTTP/2 is now turned on for all
common-lisp.net subdomains.
Mail transmission has been configured to use the official
common-lisp.net certificate.
The new distribution comes with a kernel which is recent enough for container support. Among the next steps, we'll research moving to Mailman3, which comes - as an option - in Docker containers and a much more modern web front-end as well as internal architecture.
For those who like to know about the migration strategy for the upgrade: over the past weeks we created a copy of the VM running
common-lisp.net and other services. On that copy, we ran a script for an automated upgrade. When the upgrade didn't succeed or didn't complete automatically (that is, required manual intervention), we changed the server configuration and the script. This process went on until the upgrade completed successfully and without intervention. Once successful, the configuration was tested and adjusted for the target software versions. The adjusted configuration was automatically installed after the upgrade process today, followed by a reboot to return service.
The migration interval of 3 hours was based on the experience gained from this exercise.