Re: policy-rc.d by default?
On 16:07 Fri 04 Nov , Evgeni Golov wrote:
> On Fri, Nov 04, 2016 at 03:53:55PM +0200, Apollon Oikonomopoulos wrote:
> > While enabling unattended-upgrades by default is definitely a step
> > towards better security, it would be great if we could also provide
> > users/admins with an easy opt-out mechanism for certain services,
> > especially if we want unattended upgrades to be usable on production
> > machines.
> >
> > Currently unattended-upgrades provides a package blacklist that can be
> > manually configured to exclude certain packages from upgrades. While
> > this is useful in its own right, I think we should eventually provide an
> > easy-to-configure policy-rc.d mechanism (possibly integrated with
> > debconf?) to provide what most people eventually want: a "please don't
> > restart my apache or mysql automatically" kind of behaviour.
>
> needrestart can do this already:
> https://github.com/liske/needrestart/blob/master/ex/needrestart.conf#L71
>
> so you just would need a local conf snippet with *your* services.
This will spare restarts for the sake of outdated libraries, but
services would still be re-started by the maintainer scripts of their
own packages ;)
Cheers,
/A
Reply to: