Comment 14 for bug 244250

Marc Deslauriers (mdeslaur) wrote :

Right now, the best way we have of determining if we're a server or a desktop is to check if X is running. It's not ideal, and suggestions are welcome.

We need a way for sysadmins to get notifications that some of the major automatic updates they are installing, such as openssl and the kernel, require services and/or the system to get restarted after a security update. The mechanism we have now is the reboot notification tool.

I agree that a lot of libraries can have security issues also, and in fact, most of the server packages will gracefully restart when they get security updates. For openssl, and a few other select libraries, things are different. Security issues in openssl usually are of importance for network servers, and automatically restarting all the running daemons isn't an option, especially since the server could be running software that wasn't installed from packages in the archive. In this case, the reboot notification indicates to the sysadmin that manual intervention is needed. If the sysadmin decides that nothing on his server is affected, he can simply remove the reboot notification file. Yes, this solution is far from perfect, but the alternative is to disable notifications completely, which is not a viable option.

I am completely open to suggestions on improving this process and having a discussion with you, outside of this bug, to have your ideas on how it could be done in a way which would satisfy the majority of our users.