Mike Mestnik un jour écrivit:
It is usual to have to restart services to load security updates?
Yes, but it is usually done automatically.
There is usually no other simple way to make sure that a program is using
the new version of a library. But the main services that use libssl like
OpenSSH, Postfix and Apache are by default already automatically restarted
if needed when libssl is updated.
At least it is better than having to reboot the server, and in the case of
Apache users won't notice it because old threads will stop only once
currently openned connections are closed while new requests will be served
by new threads using the new library.
Is
this something to be corrected or should I be diligent and restart
services periodically?
Periodically, no it is not necessary. Restarting a service is only needed
after updating a library used by that service, but it is usually already
done automatically, at least for the most common cases.
That said, user's programs are usually not automatically restarted, but
that's the same after any library update. So if for example you update a
library used by Firefox (like libgnutls), you will have to restart it if
you want to be sure it use the new version of the library.
I hope that makes thing clearer.
Simon Valiquette
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4ec0b8ff.7090...@ieee.org
