[Pkg-openssl-devel] Bug#743889: libssl1.0.0: libssl update does not cause applications that use it to restart

[Thijs Kinkhorst]

severity 743889 normal
thanks

Hi,

> We have code that checks some of the applications that need to be
> restarted, but it has a static list of packages to check and it's
> outdated.  We're working on improving that list and providing an
> other update that will restart those services.

I do not believe this is a grave bug in openssl. Debian has never claimed
that 100% automatic upgrades are fully supported. Tools like checkrestart
and needrestart exist for this reason; and the advisories from both Debian
and CERT-CC explicitly mention the need to restart services. That some
packages have lists of services to restart is an extra bonus, but since
not all libraries have such functionality and there may be first or third
party applications on the system, such a service is never a guarantee and
the list can never be complete. Therefore, manual action and/or use of
tools like checkrestart is always necessary.

I'm leaving it at normal, not wishlist, because indeed if the package the
package contains such functonality, it should aim to indeed have at least
the most important ones in there.

In the long term however, I have more faith in a solution where a high
level package manager would check such things by default, instead of each
individual package.


Cheers,
Thijs