Am 04.02.2013 18:35, schrieb Miroslav Suchý: > On 01/25/2013 12:12 AM, Lennart Poettering wrote: >> So, you can ignore all of that, but then you have to think about what >> you actually accomplished by your upgrade? You updated a couple of >> libraries, and maybe managed to restart a few processes using them, but >> for the rest of them the vulnerable openssl version is still in memory, >> still actively used, even though your update script exited successfully >> leaving the user under the impression that all was good now and that >> after he made this upgrade his machine was not vulnerable anymore. > > And how this differ from > yum upgrade > which I'm doing every day/week? > > Lets pretend I'm still running Fedora 16 and every day I do yum-upgrade and not rebooted from day zero. > I have exactly the same problem as during yum upgrade to next Fedora release. > > So we are ignoring this behaviour in middle of release, but it is very serious problem between releases? oh even if people like i did some hundret dist-upgrades over the years it was us told that linux has to go the windows way: http://fedoraproject.org/wiki/Features/OfflineSystemUpdates a few years ago you could make a dist-upgrade and even httpd and fileservers like "netatalk" were running in the old version until reboot, did it, was there then fedora introduced the restart-service-snippets in every SPEC file, after that came Packagekit and after systemd now all the things worked over decades are suddenly not possible in a clean way - i do not buy that the development goes in the right direction at all
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
