Files on the file system are updated by the apt[itude] and dpkg. But then what?
Most server packages restart the services after upgrades. Most library and desktop application packages don't. Should the local adm take a look at each upgrade and manually check which files changed on the Debian installation, and based on that restart services, programs, kick users out, jump to run level 1 and back, reboot the system etc as suggested by Securing Debian Manual [1]? Could Debian security advisories help a bit, since the people making the packaging changes propably know how to make the changes effective on a running installation too? It seems that Ubuntu advisories already contain a nice notice which defaults to 'you need to reboot your computer to effect the necessary changes' [2] unless the package in question can handle upgrades and 'a standard system upgrade is sufficient to effect the necessary changes' [3] or the package is just an application and 'you need to restart Firefox to effect the necessary changes' [4]. For the record, SUSE advisories also contain this kind of instructions [5] while Fedora [7] and RedHat don't [6]. (The proprietary up2date propably does some magic behind curtains.) If the upgrades have a few standard ways to come effective, then automation for them might be the next step. Has this been discussed somewhere before? -Mikko [1] http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s-security-update [2] https://lists.ubuntu.com/archives/ubuntu-security-announce/2006-August/000378.html [3] https://lists.ubuntu.com/archives/ubuntu-security-announce/2006-July/000375.html [4] https://lists.ubuntu.com/archives/ubuntu-security-announce/2006-August/000377.html [5] http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html [6] https://rhn.redhat.com/errata/RHSA-2006-0582.html [7] https://www.redhat.com/archives/fedora-package-announce/2006-August/msg00099.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
