On 16:07 Fri 04 Nov , Evgeni Golov wrote: > On Fri, Nov 04, 2016 at 03:53:55PM +0200, Apollon Oikonomopoulos wrote: > > While enabling unattended-upgrades by default is definitely a step > > towards better security, it would be great if we could also provide > > users/admins with an easy opt-out mechanism for certain services, > > especially if we want unattended upgrades to be usable on production > > machines. > > > > Currently unattended-upgrades provides a package blacklist that can be > > manually configured to exclude certain packages from upgrades. While > > this is useful in its own right, I think we should eventually provide an > > easy-to-configure policy-rc.d mechanism (possibly integrated with > > debconf?) to provide what most people eventually want: a "please don't > > restart my apache or mysql automatically" kind of behaviour. > > needrestart can do this already: > https://github.com/liske/needrestart/blob/master/ex/needrestart.conf#L71 > > so you just would need a local conf snippet with *your* services.
This will spare restarts for the sake of outdated libraries, but services would still be re-started by the maintainer scripts of their own packages ;) Cheers, /A
