* Andreas Barth ([EMAIL PROTECTED]) [050121 13:10]:
> * Tino Keitel ([EMAIL PROTECTED]) [050121 13:02]:
> > On Fri, Jan 21, 2005 at 11:03:08 +0100, Marc Haber wrote:
> > > On 20 Jan 2005 14:45:52 -0800, Thomas Bushnell BSG <[EMAIL PROTECTED]>
> > > wrote:
> > > >Yes. Debian packages are supposed to be able to be installed and
> > > >start working without requiring any reboots. We've made this work
> > > >pretty well for libc and all kinds of hard cases; you can make it work
> > > >for yours too I'm sure.
>
> > > This prompts a question I have been wanting to ask for ages: When a
> > > security update for, say, libc6, libssl or libz is installed, do I
> > > need to restart services or not? That's one of the question you ask
> > > three people and get five different answers.
>
> > Yes, you should restart the services, since the libraries are loaded by
> > the service when the it starts, and an upgrade won't replace libraries
> > in running services.
> I disagree. You should warn the administrator that he has to do that.
> Especially just restarting ssh is _very_ wrong IMHO, because it can
> easily kill the only access to a remote computer. Take a look how glibc
> does it, that's fine IMHO.
JFTR: I meant "You" as "the package maintainer". "You" as in
"Administrator of the local machine" should of course restart all code
using old libs. E.g.
lsof | grep dpkg- | awk '{print $1, $8}' | sort +0
helps you to find out which ones.
Cheers,
Andi
--
http://home.arcor.de/andreas-barth/
PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
