Re: When are security updates effective?
Le jeudi 31 août 2006 à 10:08 +0200, Giacomo Mulas a écrit :
> On Wed, 30 Aug 2006, Noah Meyerhans wrote:
> > workstations for which I'm responsible, and it's difficult for me to
> > make sure that the users e.g. restart firefox when we release an update.
> It would be nice to agree to a convention whereas when an app gets some
> well-defined signal it ought to tell the user it needs to be restarted as
> soon as possible.
I should not have to be the app that does the notification. This way
application need no modifications for this this work.
> Then we could add some simple logic to the postinst
> scripts for security updates using, e.g., lsof to find which processes are
> using the replaced library and send signals to them.
with this he know who is running which apps that use the old libs, no
need to notify the apps, notify the user.
"chkrestart" will tell you which old files, libraries are opened by
> Ok, it's not something
> in the short term but it would be sensible in the long run.
If it does not need any modification for the apps then it can be
> And it could
> actually work. Otherwise, another (sort of) solution would be to have the
> script identify the user that is running the process to be restarted and use
> a standardised solution to tell him/her the app ought to be restarted (e.g.
> wall on a terminal, a popup if he/she is running it on a graphical
> environment). Whaddya think?
It's a good idea but it will not catch all cases, some apps run for days
without any user interventions, nothing garanties that the pop up will
be seen, sending an email if the popup is not didmissed after a delay
could mitigate this.
> Giacomo Mulas <email@example.com>
> OSSERVATORIO ASTRONOMICO DI CAGLIARI
> Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)
> Tel. (OAC): +39 070 71180 248 Fax : +39 070 71180 222
> Tel. (UNICA): +39 070 675 4916
> "When the storms are raging around you, stay right where you are"
> (Freddy Mercury)
> Il messaggio e' stato analizzato alla ricerca di virus o
> contenuti pericolosi da MailScanner, ed e'
> risultato non infetto.