FWIW, I'd go a bit stronger and say that, if you are running a service for other people, you aren't "self-hosting" anymore, you're just regular-old "hosting" at that point ;P.
It makes much more sense to form a little co-op, pay some pros to look after it (managed hosting) and contribute to the core, imo. Extract an SLA from the managed service that will cover restoring service. It doesn't feel as cool, but it is much less stressful as well as fairer to the nontechnical folk.
If it’s production grade even for you, the most boring and reliable way for systems to update themselves is mandatory. Luckily there’s way more out there than the past.
