Hi Sorry for the long delay anwsering.
>> I am using it with unattended-upgrades. >> (...) >> I expected needrestart to automatically reload the services using obsolete >> libssl, like it used to. > This is triggered by the bugfix for Debian Bug#876459 and is > intentional (upstream's point of view). > (...) > The behavior before 2.11-3+deb9u1 was a bug and has been fixed in > stretch's point release 9.4. Wow... I expected my system to continue installing security updates AND enabling them by restarting the affected services when needed. I find that Debian 9.4 release news "needrestart - Fix switching to list mode if debconf is run non-interactively" message is inadequate: There should be a huge fat warning telling people that their system is no longer protected by security upgrades; and that default behavior of needrestart is to do nothing! Please consider adding a debian/NEWS file. > You could change the default mode to automaticly restart (that also > effects the interactive mode). (Hint: with needrestart 3.0 it is > possible to set the NEEDRESTART_MODE environment variable to override > needrestart's restart mode... might be used in the unattended-upgrade > cronjob). This did the trick for me, without enabling backports: --- /etc/apt/apt.conf.d/99needrestart.orig 2018-06-18 15:29:27.913148439 +0000 +++ /etc/apt/apt.conf.d/99needrestart 2018-06-18 15:29:42.337066054 +0000 @@ -5,4 +5,4 @@ # was no error during installation. # -DPkg::Post-Invoke {"test -x /usr/lib/needrestart/apt-pinvoke && /usr/lib/needrestart/apt-pinvoke || true"; }; +DPkg::Post-Invoke {"test -x /usr/lib/needrestart/apt-pinvoke && /usr/lib/needrestart/apt-pinvoke -ra || true"; }; Thank you for your detailed answer and for taking care of needrestart! <3
signature.asc
Description: This is a digitally signed message part.