[PLUG] Slapper.C
Paul Heinlein
heinlein at attbi.com
Wed Oct 2 13:44:11 UTC 2002
On Tue, 1 Oct 2002, Richard Langis wrote:
> While that may be true with RH-derivitives, Debian restarts just
> about everything (even pcmcia on a laptop getting sources from the
> network, grrr) when it upgrades.
>
> IMHO, that's the way it SHOULD be, anyway. Why upgrade if you're
> not going to start using the upgraded packages?
I, for one, think it ought to be up to the admin, not the
package-management system, as to when applications are forced into
using the upgraded packages.
Take, for instance, the openssl package update. On our main Linux
login server at work (Red Hat 7.3), 136 separate packages require the
openssl dynamic libraries:
[heinlein]$ rpm -q --whatrequires libssl.so.2 | wc -l
136
Among them are
* mail clients: balsa, evolution, mutt, pine
* web browers: galeon, lynx
* service daemons: apache, openldap, postgresql, sendmail, squid
I like to be able to upgrade libraries as soon as the update is posted
so that, on the one hand, clients like pine or galeon pick up the
upgrade the next time someone launches them.
But...
But I certainly don't want mail or database access disrupted
willy-nilly at the same time. That's silly: "I'm sorry, everyone, but
we have to schedule a service downtime because our package manager
wants to install some bugfixes and who knows what applications it
will automatically choose to restart."
True, Red Hat's notice could have said something to the effect of
You can easily discover which packages are affected by the upgrade
to this package by querying the RPM database:
rpm -q --whatrequires libssl.so.2
rpm -q --whatrequires libcrypto.so.2
As soon as possible, you'll want to restart long-running processes
associated with the list of packages returned by your queries.
That completely different, however, than putting such restarts into
the hands of the package-management system. I shudder to think about
the service disruptions...
At some point, you face two choices:
* dumb things down like Microsoft has so that every update tells the
admin s/he should reboot the system
* rely on the admin to know what's running on the system and what will
be affected by a library upgrade.
--Paul Heinlein <heinlein at attbi.com>
More information about the PLUG
mailing list