Your sources.list file should remain constant through the life of a release.
As an example, let's look at a very basic sources.list file.
deb http://archive.ubuntu.com/ubuntu/ focal main universe
deb http://archive.ubuntu.com/ubuntu/ focal-updates main universe
deb http://security.ubuntu.com/ubuntu focal-security main universe
You can see in this example that nothing changes during the life of the focal release. Someday, when this system release-upgrades from 20.04 to 22.04 (focal to jammy), the do-release-upgrade script will change the name of the release...and nothing else.
The file is not required to remain static. You can add/delete pockets of the Ubuntu repositories (like multiverse) at any time. You can add/delete other non-Ubuntu sources...though best practice is to add non-Ubuntu sources to sources.list.d/
- Pro Tip: After you make ANY change to ANY apt source, remember to run
sudo apt update so your local database of available packages is accurate.
A stock install of Ubuntu routinely and automatically downloads and installs security upgrades via both deb and snap channels without notifying you (why would it? It's routine).
Those upgrades are logged, so you can satisfy your curiosity:
- apt:
/var/log/apt/history.log
- snap:
journalctl -u snapd
The login notification text ("like the one that notifies you of updates when you log in") is part of MOTD, and is triggered by each run of apt update. However, if the last run of apt update was 12 hours ago, then that information might be stale; use it as a prompt or reminder, not an accurate-to-the-minute count.
Of course, there's not much to prompt you for: Security upgrades are already handled automatically for you. Non-security upgrades are mostly bugfixes, and you can wait to install those anytime you wish...or never. If you are not affected by the bug, you won't see much difference. If you ARE affected by a specific bug, you should subscribe to the bug report; then you will be notified when the bugfix is ready for you to apt upgrade.
