Jeff Smelser schreef: > On Monday 07 November 2005 02:04 pm, Jarry wrote: > >>> Which you are not doing, and frankly, you're pretty lucky that >>> something hasn't blown up up to now. >> >> That might happen, sooner o later. But still I think it is still >> better than leaving some hole for uninvited visitors. Thanks for >> your constructive explanation. > > > Yeah, but your not restarting anything anyway, so your point is > moot.. The service is still running with a big fat hole in it > regardless..
No, no, Jeff, that is apparently where you are wrong: Jarry schreef: > Well, this will be probably criticised, but after every upgrade > (independently of what was really updated) I restart sshd, named, > sendmail and apache, even with old config-files. I thought that way > not only my system is updated, but also new versions of those daemons > are running. Rest (I thought) is not important... So you see, the mail server, ssh server and web server *are* restarted. Whether or not they were the services actually updated (or needing update), and without regard to whether the change required an updated *configuration* file, which-- since etc-update was not run-- did not take place. But we all know that fixing a security hole never has any relationship to the application's config files, ever. Don't we? And of course restarting those four servers, even with old config files, constitutes a full and complete update, patching all relevant security holes covered by the emerge -uDN world. *Ob*viously. Because *ob*viously, emerge -uDNworld updates to the version of whatever containing the patch for the hole. No matter what your ACCEPT_KEYWORDS is set to, no matter what USE flags are enabled. I mean, *really*, Jeff. What *are* you thinking? Why on earth should we need to pay attention to any of that stuff? Don't you know Gentoo manages your server(s) for you? (Wonder why it takes two days to a week to install, if it does all this automatic management so well?!) I hope you see how mistaken you are and are duly chastened. Holly ;-) -- [email protected] mailing list
