Hi! I've recently upgraded my Woody-Servers according to the latest libc6 security update (DSA-282), and it seems that services were _not_ reloaded by the post-install-script!?
More detailed information: When investigating the situation, I found out the following (if I read everything right, please correct me if I'm wrong): - dselect [U]pdate calls "dpkg --install new-package". - Debian-Policy chapter 6 says that thus the new package's postinst script is run with "configure" as the first command-line-argument. - /var/lib/dpkg/info/libc6.postinst checks for "$1" == "configure" (which is the case when updating, isn't it?). If true it afterwards checks if "$2" is lower than "2.1.95-1" (I assume this corresponds to the previously installed version) and _only if this the case_ it restarts most of the services. Woody comes with libc6 2.2.5-11.5, so the section about restarting services is never reached. This leaves the machine vulnerable as all services use the old library until restarted. Shouldn't the services be restarted when installing a new libc-version? What reasons would there be not to restart services? If everything _is_ designed not to restart the services, I suppose telling the users to take care of that theirselves would be a good idea for example using a simple "echo" in the post-install script (or similar). Thx in advance, Max -- The first time any man's freedom is trodden on, we're all damaged. <Cpt. Picard, "The Drumhead", StarTrek TNG> http://homex.subnet.at/~max/