On Monday 07 November 2005 03:52 pm, Holly Bostick wrote: > No, no, Jeff, that is apparently where you are wrong:
Heh, I missed this tidbit.. > Jarry schreef: > > Well, this will be probably criticised, but after every upgrade > > (independently of what was really updated) I restart sshd, named, > > sendmail and apache, even with old config-files. I thought that way > > not only my system is updated, but also new versions of those daemons > > are running. Rest (I thought) is not important... > > So you see, the mail server, ssh server and web server *are* restarted. > > Whether or not they were the services actually updated (or needing > update), and without regard to > whether the change required an updated *configuration* file, which-- > since etc-update was not run-- did not take place. But we all know that > fixing a security hole never has any relationship to the application's > config files, ever. Don't we? And of course restarting those four > servers, even with old config files, constitutes a full and complet > update, patching all relevant security holes covered by the emerge -uDN > world. *Ob*viously. Because *ob*viously, emerge -uDNworld updates to the > version of whatever containing the patch for the hole. No matter what > your ACCEPT_KEYWORDS is set to, no matter what USE flags are enabled. > > I mean, *really*, Jeff. What *are* you thinking? Why on earth should we > need to pay attention to any of that stuff? Don't you know Gentoo > manages your server(s) for you? (Wonder why it takes two days to a week > to install, if it does all this automatic management so well?!) Heh, well, I stand corrected. I am sure we should all be doing this, because its obviously the right thing to do.. Well, i have been bitten on upgrades I was watching, he will be bit eventually, then he will come crying here. Jff
pgpv0blZH9zF9.pgp
Description: PGP signature
