On Sun, Feb 28, 2021 at 10:00:35PM +0100, Helmut Grohne wrote: > Hi Kurt, > > On Sun, Feb 28, 2021 at 09:48:04PM +0100, Kurt Roeckx wrote: > > I think you at least misunderstand the purpose of the script, but > > we've also not used it in a very long time. > > I think I do understand the purpose, but it does not presently serve the > stated purpose. Given that the checked version is so ancient, it is > effectively dead code.
To activate it, the version in the postinst gets updated. But like I said, it's not been activated in a long time, so maybe it is dead code. > > It's meant to restart all services that make use of openssl when a > > security update is released. I guess I switched to "checkrestart" > > myself, so never had the need to use it myself anymore. > > That or needrestart. I don't think that the general expectation these > days is that upgrading a library restarts affected services. Exceptions > to this rule include nss (libc6) and pam updates as failing to restart > services can result in them becoming dysfunctional. For most other > cases, an external checker is the recommended best practice. I'm not sure users are aware that they need to restart the services (or reboot) to fix the security issues. We still lack a way to indicate that to the user. I would really like to see a general fix for this. > Unless you wish to reactivate this code with a current version, I think > it should be deleted. If you do, please close this bug with a wontfix > tag. I guess you mean "If you don't". Anyway, the template code and translations can all be deleted too if that patch is applied. Kurt
