Comment 1 for bug 244250

Your tone in this report is not necessary. Please moderate it.

This does make sense on *some* upgrades; we can't feasibly restart all libssl clients automatically, which may include a good chunk of the desktop, and this may result in client-side security holes sticking around unnoticed. It's certainly possible to continue without rebooting - for instance, you can ensure that all services that use libssl are restarted, and ensure that all users log out and back in again - but this may not necessarily be advisable depending on the level of expertise of the user and on the severity of the security update.

That said, I think it's probably a bit much to display the reboot-required notification on every libssl0.9.8 upgrade, as now happens. That wasn't quite what I meant in bug 91814. I think we should move that inside the dpkg --compare-versions guard so that it only happens on certain serious upgrades, and perhaps update the version in that guard to cover the recent random number generator vulnerability. Luke, what do you think?