Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Honestly, only kernel updates should require host restarts. Linux and BSD have had this for ages. Maybe have a flag that security updates use to flag any process using a vulnerable DLL as needing an eventual restart, and then have an administrative setting for restarting vulnerable processes after a certain period of time, at a convenient hour.


> Linux and BSD have had this for ages.

Fedora/GNOME prefers to install updates during a reboot. So although most updates can work this way, it's not always the case.

There are some minor cases where a reboot is better, or where an update requires a bit of work. E.g. Firefox updates, but also I sometimes have that video playback suddenly breaks (not sure why; kernel/mesa/something). Only a reboot seems to fix the video playback and it happens in various applications once it breaks (Firefox, mpv). I install the updates via dnf via cron/systemd (forgot what I did), so not with the suggested reboot and so on.

I do appreciate the Flatpak bits, those update easily.


How would this work? For example there was an update in libXYZ and the office suite, browser, audio player and some system services need to be restarted to use the new version. Obviously the system can't just quit those applications, after all they are in use and there might be unsaved data. So should the users get a popup for every app that needs to be restarted? And what about the system services? E.g. when the display session needs to be restarted, all open applications would be lost as well, or restarting the audio server might mess with an ongoing audio recording.

Wouldn't it be so much more reliable, faster and simpler to just install those updates on the next restart?


Presumably the user would get a prompt telling them they need to log out and log back in to pick up security updates, with a "details" button that shows them which applications actually need to be restarted if they don't log out/log back in.

It's certainly simpler for the developer to pick up the updates only upon rest, but it's sometimes very inconvenient for the user, and probably slower to pick up the actual updates. For instance, I run a vanity domain from a Linux device at home. It would be inconvenient to run Windows on that machine and have to restart it following monthly patches or following emergency patches.


Interestingly I noticed KDE Neon went the Windows way, and now requires reboots for all their updates.

Before this the experience could be quite fragile post-update, so I tended to always reboot right away anyway.


Note that Linux can do kernel updates with a reboot.


I think you meant to say _without_ a reboot, no?


Yes :)


Windows used to support rebootless kernel updates too, but for some reason they stopped doing it.


kexec is for all intents and purposes a reboot though, if that's what you're thinking of. Granted, you skip the EFI/POST part but you still lose all of your state.

Otherwise, are there any distros regularly using ksplice?




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: