Comment # 25 on bug 540587 from 
(new squid maintainer here)

(In reply to L. A. Walsh from comment #24)
> Re: Based on comment #19 reassigning to bugowner of squid....
> 
> I don't feel good about that -- since EACH  component that is part of
> the source stream is vulnerable.

True, but at the moment all our packages handle their restarts individually. It
is out of scope for rpm/yast/zypper to know about every package that can
potentially do something dangerous in a %post scriptlet.
So yes, at the moment the onus actually *is* on each individual tool.

We could convert this to an enhancement-level bug "when upgrading, do not
restart demons that could endanger the update".
I have a nagging feeling that this is in scope for systemd's service dependency
tracking?

In any case, if you're interested in pushing this, let's keep the bug open as a
tracker, but move the discussion to opensuse-factory mailing list.

You are receiving this mail because: