On Sat, 2014-10-04 at 02:04 +0200, Thomas Liske wrote: > IMHO it *should* default to suggest to restart services. needrestart > needs to be installed manually and requires a confirmation before doing > any restart. Well first, I think a long-term-goal should be to have it become installed by default. Because not having a service like it somehow makes security updates useless (at least for those people, that don't handle restarting manually).
At least I've noticed that it happens far to easy that I actually click okay, with then everything restarting even though I didn't want to. Undoing this restarting is then no longer possible, re-running needrestart however is easily possible all the time. I always think the defaults should be secure: Now secure of course means both: a) restart per default to get in security upgrade b) don't restart per default in order to not break running services, potentially even causing data loss (in the real world, not everything follows clean transactional or ACID models ;) ) Even though I generally prioritise security (as in (a)) the highest, I still would choose (b) here, because the admin can always shoot himself if he wants, can't he?! needrestart will have shown him the list of services needed to be restarted anyway, regardless of which default,... thus (a) is satisfied in the sense "the admin knows he must do something" - if he doesn't it's his fault > May Patrick could implement a debconf query during installation > asking the user to select whenever he wants defno to be 0 or 1 (0 > should be suggested). I've thought about this as well, but then there'd be the question about the default if the debconf priority was to low/high for the question to be asked ;) > > Defaulting to yes may even cause troubles on desktops, where, right > > now, it's e.g. still a problem to restart gdm3 (see bug #762756). > > Currently well known display managers are blacklisted within the > default configuration. hmm... perhaps an issue then? Because here gdm3 is always selected and actually restarted (i.e. it "kills" my session). > Changing the blacklist from the config file into a overwrite > list is a great idea! Instead of blacklisting display managers the just > would be always set to 'no', yep, ane one could still set them to yes in the GUI, if one likes to kill GNOME (which is always a good idea from time to time) > independent of the global default (which > should stay yes ;-). :-P Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
