On 14 April 2014 08:34, Manuel Riel <manu_...@snapdragon.cc> wrote: > in the light of last week's heartbleed-bug the inclusion of > restart-services should be reconsidered. When doing automated updates with > (...)
> Please consider the inclusion of this part of the script. With it, users > could simply do > > apt-get update && apt-get -y upgrade && restart-services > > in the future and get updates quicker. > Already users can use 'checkrestart' to determine which services to restart after upgrading OpenSSL. I've used this succesfully in a few servers I had to update due to last week's heartbleed bug. Automatically restarting all services is dangerous (as mentioned by Axel in this bug report) and should be done with care. Users using the 'restart-services' script might believe to be completely safe after a security the case when that might not be true if checkrestart had a false-positive. I personally would prefer administrators to carefully review checkrestart output and take action rather than blindly run a script. I do see the value of the script (for those managing many machines) howerver. In any case, since 'needrestart' already exists, isn't it possible to join both tools? As this approach (automatically restarting services) is prone to bugs (just look at [1]) in the long run it would make more sense to have 1 tool than to duplicate the functionality and, consequently, the bugs that might arise. Regards Javier [1] https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=needrestart;dist=unstable
