Hello, I just did a quick ''apt-get update'' then ''apt-get install shorewall'' from the debian unstable tree. This was on the www.shorewall.net mirror server. And, to my horror, after upgrading the package, it automatically restarted shorewall! Of course I have done this before, but I absent-mindedly just went through the usual procedure for debian upgrades without thinking about it. (note: adminisabsentminded=yes in shorewall.conf :) Luckily, no side effects, as it was a 2.0.0(x-1) - 2.0.0(x) upgrade. I do know that auto restarts are the usual behavior for most debian packaged services, but many prompt for authorization. So anyways, maybe it might be safer to prompt for a restart, or simply to post a note about the need to check config and manually restart? Or, is there any reason for it to restart by default? Just my two cents. Alex Martin http://www.rettc.com
Alex Martin wrote:> Hello, > > I just did a quick ''apt-get update'' then ''apt-get install shorewall'' from > the debian unstable tree. This was on the www.shorewall.net mirror server. > > And, to my horror, after upgrading the package, it automatically restarted > shorewall! > > Of course I have done this before, but I absent-mindedly just went through > the usual procedure for debian upgrades without thinking about it. (note: > adminisabsentminded=yes in shorewall.conf :) > > Luckily, no side effects, as it was a 2.0.0(x-1) - 2.0.0(x) upgrade. I do > know that auto restarts are the usual behavior for most debian packaged > services, but many prompt for authorization. > > So anyways, maybe it might be safer to prompt for a restart, or simply to > post a note about the need to check config and manually restart? > > Or, is there any reason for it to restart by default?If you can find Lorenzo (the Debian Shorewall maintainer), you can ask him. I''m quite concerned about him as I haven''t heard from him in almost a month and all of my emails have gone unanswered... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Alex Martin wrote:> ... > I just did a quick ''apt-get update'' then ''apt-get install shorewall'' from > the debian unstable tree. This was on the www.shorewall.net mirror server. > > And, to my horror, after upgrading the package, it automatically restarted > shorewall! > ... > Or, is there any reason for it to restart by default? > > Just my two cents.My $0.02 as a non-Debian user: that is obscene. It''s one thing to restart sendmail when it''s upgraded - if you break it, you can just start it again. But restarting the firewall? That''s a recipe for trouble. -- Paul http://paulgear.webhop.net -- A: Because we read from top to bottom, left to right. Q: Why should i start my email reply *below* the quoted text? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: OpenPGP digital signature Url : http://lists.shorewall.net/pipermail/shorewall-devel/attachments/20040425/5977fbba/signature.bin
Paul Gear wrote:> My $0.02 as a non-Debian user: that is obscene. It''s one thing to > restart sendmail when it''s upgraded - if you break it, you can just > start it again. But restarting the firewall? That''s a recipe for trouble.File an RC bug.
Tom Eastep wrote:> > If you can find Lorenzo (the Debian Shorewall maintainer), you can ask > him. I''m quite concerned about him as I haven''t heard from him in almost > a month and all of my emails have gone unanswered... >I''ve just heard from Lorenzo -- he''s been on holiday in Sicily. He''s in the process of catching up on his email right now. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net