Hi all, When using APT to install security updates, by default services using the upgraded libraries are not restarted. Take for example openssl updates: merely doing apt-get update && apt-get upgrade is not enough to be safe: you also need to restart Apache, Postfix, ... Although well-trained admins will know this and take appropriate measures, not everyone will be aware of this. It gets even more confusting as a few packages implement some kind of service restarting logic, while the majority doesn't. I think it would help the security of the average Debian system if some tool to restart services after package upgrades was installed by default. There's "checkrestart" from debian-goodies, but since Jessie also the a bit more modern "needrestart" in its own package. I've been running the latter on a few systems for a while now and am satisfied with how it works. My questions to this list: - Do people agree that this would be something that's good to have in a default installation? Are there drawbacks? - If agreed, how would we approach this? I have to admit that I do not know who decides what is part of a default install or where this is implemented. Cheers, Thijs
Attachment:
signature.asc
Description: This is a digitally signed message part.