Updating can be dangerous... But it's worth it
Updating is a scary venture, specifically since it can modify config files.
Most updates in full-package-managed solutions (rpm/debian pm) leave your config files in tact, but I wouldn't run it as a script unattended... Make sure you back up your configs and validate that the new versions of the programs haven't deprecated/removed functions of your config files before you update.
Is this a production server or a home workstation? What would be the "cost" of some downtime to downgrade in case of problems?
Regarding location of updates, personally I'd recommend going with the closest repository for speed.
Unless there's some kind of good reason to avoid a specific distribution repository, in which case I'd think the lads should be advised to completely remove it and stop supporting it.