As with all things in the field of security, it's about striking a balance.
It's good (and surprising actually) that you have a system admin smart enough to ask those questions. Those are always good things to consider before doing an implementation.
However, if the end result is that your denied the ability to install patches, then to me that does not strike a very good balance. The patching process for any of the main-stream distros has plenty of safeguards in place but like anything, it's not infallible. Of course that's not unique to opensource. Any operating system is vulnerable.
To my way of thinking the risk of compromise through patching is far less than the risk of compromise by _not_ patching.
I don't know ubuntu all that well but I'm certain that the default is to fail if the signatures on the files are wrong so automated patching should not be a security issue.