On Wed, Feb 4, 2009 at 9:17 AM, Ritesh Raj Sarraf <[email protected]> wrote: > A Konqueror vulnerability was discovered and was silently updated on my box by > my distro vendor. Am I not supposed to be restarting my web browser for the > fix > to be effective ?
Yes. And there are lots of opportunities to annoy the user here (e.g. Firefox doesn't get this right yet, as the browser is kind of broken after the update until you restart it). > I used openSUSE 11.x for a while and really liked their pop-up approach where > it asked the user to log out and log back in for the changes to be effective. > > If using silent updates, you'd still expect the user to follow certain pop-ups Yes. Looking at this from a public health perspective, the goal is to keep reducing Linux's attackable cross-section. For now, it's probably ok if we let long-running instances of the old version of e.g. Konqueror keep running after the update, since most people do restart anyway after a day or two. Next year, who knows? Maybe suspend will be so good that nobody logs out normally, at which point the dialogs saying "please log out and log back in" might have to become more insistent. - Dan _______________________________________________ Desktop_architects mailing list [email protected] https://lists.linux-foundation.org/mailman/listinfo/desktop_architects
