Comment 11 for bug 244250

On Tue, Oct 4, 2011 at 3:37 PM, Marc Deslauriers <
<email address hidden>> wrote:

> Actually, we do want a reboot notification when we issue security
> updates. When we issue security updates, we don't enter the major
> upgrade section, as we don't want the update to automatically restart
> services, but we do want the sysadmin to perform a planned
> reboot/service restart as the running services will be using a
> vulnerable openssl.
>
> I'm upload a fix to move the notification to the upgrade section instead
> of the major upgrade section.

No, this is fundamentally incorrect. This would be ok *only *if you had
some sensible isolation between servers and clients. It is ridiculous that
user workstations running no servers at all get told to reboot because of a
security change to ssl.

We had to engineer a whole system to prevent the reboot notifications from
being honored on our workstations because the have been so sloppily and
carelessly set, with incorrect reasoning like this.

*Any *library could need a security update; *any *library could have a
security update which is relevant to running services, and it is *not *correct
to force reboots on every package install merely because *sometimes *on *some
*systems it might be necessary for the security fix.

We do not force reboots when firefox gets a security fix, or sh, or ... and
that's the right thing. openssl is *not *different than the rest of these.

Thomas