Security implication of using force-reload instead of restart ?

To: debian-devel@lists.debian.org
Subject: Security implication of using force-reload instead of restart ?
From: "Nikita V. Youshchenko" <yoush@debian.org>
Date: Sun, 9 Jan 2011 09:52:24 +0300
Message-id: <[🔎] 201101090952.30267@blacky.localdomain>

Hi

I've just noticed that on libapache2-mod-php5 package upgrade, apache 
server was not restartted (but only HUPed because of force-reload called 
from libapache2-mod-php5 postinst)

Doesn't this mean that running apache has still old version of php module 
loaded, so it still is vulnerable to issues fixed in php update?

Is this a severity serious bug?
Perhaps same situation exists with other package combinations as well?

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Follow-Ups:
- Re: Security implication of using force-reload instead of restart ?
  - From: Paul Wise <pabs@debian.org>
- Re: Security implication of using force-reload instead of restart ?
  - From: Stefan Fritsch <sf@sfritsch.de>

Prev by Date: Re: runit package changes /etc/inittab ?
Next by Date: Re: Security implication of using force-reload instead of restart ?
Previous by thread: Re: runit package changes /etc/inittab ?
Next by thread: Re: Security implication of using force-reload instead of restart ?
Index(es):
- Date
- Thread