[Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Oct 4 22:54:16 UTC 2011
Right now, the best way we have of determining if we're a server or a
desktop is to check if X is running. It's not ideal, and suggestions are
welcome.
We need a way for sysadmins to get notifications that some of the major
automatic updates they are installing, such as openssl and the kernel,
require services and/or the system to get restarted after a security
update. The mechanism we have now is the reboot notification tool.
I agree that a lot of libraries can have security issues also, and in
fact, most of the server packages will gracefully restart when they get
security updates. For openssl, and a few other select libraries, things
are different. Security issues in openssl usually are of importance for
network servers, and automatically restarting all the running daemons
isn't an option, especially since the server could be running software
that wasn't installed from packages in the archive. In this case, the
reboot notification indicates to the sysadmin that manual intervention
is needed. If the sysadmin decides that nothing on his server is
affected, he can simply remove the reboot notification file. Yes, this
solution is far from perfect, but the alternative is to disable
notifications completely, which is not a viable option.
I am completely open to suggestions on improving this process and having
a discussion with you, outside of this bug, to have your ideas on how it
could be done in a way which would satisfy the majority of our users.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/244250
Title:
Spurious reboot notifications caused by libssl upgrades.
Status in “openssl” package in Ubuntu:
Fix Released
Bug description:
The postinst script for libssl0.9.8 currently has a bug where it sends
a reboot notifcation whenever libssl is configured. So reconfiguring
libssl0.9.8 or even just installing libssl0.9.8 will result in a
reboot notification. Sending of the reboot notification should
definitely be moved inside the upgrading guard. The correct fix is
likely to move it inside a version comparison guard for particular
important updates like Colin suggests below -- this is what every
other standard package using notify-reboot-required does.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions
More information about the foundations-bugs
mailing list