Information in DSAs on necessary restarts due to library-security-updates
Hi!
As I described in a mail to debian-devel [1], it seems that with library
updates programs using the libraries are generally not restarted.
Nevertheless, for programs/services to use the updated libraries a
restart would be necessary.
Especially with security-updates for such central libraries as the
glibc (e.g. DSA-282), IMHO there should be a warning that programs and
services are _not_ restarted automatically but _must_ be restarted
manually in order to benefit from the security-update. As long as the
programs keep on running, they are still vulnerable.
A generic solution which can be used by all library-packages to inform
the user about this fact was proposed on debian-devel, but does not
exist currently.
I therefore suggest putting this kind of information in any Debian
Security Advisory for library packages (or possibly others too which
need similar actions to be taken by the user).
I'd be glad about any comments. :)
So long,
Max
PS:
If this is not the right list, please let me know and point me to the
correct place where I can suggest this DSA-addon. Thanks
[1]
http://lists.debian.org/debian-devel/2003/debian-devel-200304/msg01189.html
--
The first time any man's freedom is trodden on, we're all damaged.
<Cpt. Picard, "The Drumhead", StarTrek TNG>
http://homex.subnet.at/~max/
Reply to: