IMO, the only good way is "if it works, don't fix it", which means, no updates. People are seriously overhyping updates.
I stopped updating all the stuff - OSes, smart locks, android apps, TVs, BP monitors - I honestly had multiple update problems on ALL mentioned devices, multiple times. I only update the thing when I have an actual problem and there is changelog stating that the bug is fixed, or when I want a new feature. You can handle security in other ways in almost all the cases.
I think this IT update burden has gotten out of hand - I don't recall any other domain is like that - my car, my house, my bicycle, my glasses DO NOT UPDATE and its glorious - apart from physical damage, they work the same as yesterday.
In fact; I have a laptop right now that hasn't received updates because there's a shared object that has been removed that `yay` depends on.
(this was from a long time ago).
I generally think that updates of the mainstream distro's like Debian will definitely *NOT* brick your system in almost any circumstance, and arch tends to be somewhat solid, but every once in a while something dire happens with arch which would make me not agree with the fact that updates are always seamless.