James Knott wrote:
Joachim Schrod wrote:
If a basic library used in almost all applications is updated (recent updates to libxml* or libkrb* come to mind) then you would have to restart many many services on your workstation, and also to log out and log in back, when X uses them.
When I do an update with Yast, it automagically restarts the affected services, if needed.
Is this really so? If a library that's used by your X server is updated (recently: the Kerberos library), is the X server restarted? I.e., are all users forcefully logged out, loosing all their work with all open applications? I don't use YaST, I use zypper for updates, it's automated in our infrastructure. zypper didn't restart X, and I thank the openSUSE devs that it didn't do so. I don't like loosing my work... ;-) And, frankly, I doubt that YaST will behave different and will restart my X server during update for that reason. (There were several of these shared lib updates over the last few months, btw.) There would be a some messages here on the mailing list asking why one has been forcefully logged out, otherwise; thus my doubts are grounded in empirical observable facts, and are not only personal musings. Have you assured yourself, after your YaST update, with "zypper ps", that no program uses still any of the updated libraries? Honestly, I doubt that you did so. That you're writing about doing updates with YaST without any reference to zypper shows it. If you didn't check shared library usage, and if YaST didn't restart X, you left yourself running a server with publically known exploits. Did you do your risk management properly? What will you answer to any questions from a SOX auditor? I know what I did and what I'll be able to answer... Cheersm Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod, Roedermark, Germany Email: jschrod@acm.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org