(please CC: on replies, I'm not subscribed, sorry for breaking the thread because of this) >Luk Claes wrote: >>Javier Fernandez-Sanguino wrote: >> - debian-goodies (0.27): uploaded yesterday, fixes important (non-RC) bug >> #264985 (checkrestart is useless in previous releases) and also fixes >> non-RC bugs in another script (network-test), it also enhances >> documentation by providing one of the missing manpages (checkrestart.1) > > We have to draw the line somewhere, I'm not keen to unblock this... I really think this one should be unblocked, based on the guidelines for changes accepted sent by Andreas: > Andreas Barth wrote: > (...) here are the guidelines for changes that will be > accepted into testing during the freeze: > (...) > - fixes for severity: important bugs in packages of priority: optional > or extra, only when this can be done via unstable; #264985 is severity 'important' and debian-goodies is priority: optional > (...) > - documentation fixes. The checkrestart.1 manpage is a documentation fix, and, really, an important one. The manpage says it might be useful to determine if a service restart is necessary after a system update to weed out security bugs. But, at the same time, it explicitly warns that admins should not exclusively depend on this tool (since there are sometimes false positives) to determine wether or not the system needs to be rebooted after a system-upgrade. AFAIK there is currently no other tools to do this in Debian (libc6 has something in a crude way in it's postint IIRC), so the need is there. I'd rather we don't ship tools which are defective and users migh rely upon them for security purposes [0] because they are pointed to [1] or recommended by our users [2]. I know this should have been fixed a long time ago in the release cycle. Sorry for bringing this up now, but I didn't had the Python skill to do it and a patch for this bug was not provided until recently. Regards Javier [0] See the #264985 bug log for some idea of the user perception, specially starting from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=264985#msg66 and up to #msg97 which provides the user perception of this bug. [1] "Debian Securing Manual" section "4.2.1 Security update of libraries" http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s-security-update (of course, I can ammend the manual and say "checkrestart won't work properly in etch but works fine in sid") [2] See: http://lists.debian.org/debian-security/2006/08/msg00081.html http://www.debian-administration.org/users/simonw/weblog/50 http://lists.debian.org/debian-security/2004/03/msg00138.html
Attachment:
signature.asc
Description: Digital signature