[jedieaston]

As far as I know, Ubuntu is still the only one that can livepatch the kernel in the background without bringing down the whole system. (Maybe RHEL 8 can now too?) I think the “system restart required” message means that something was running that it updated, and the only way to guarantee that it stops and restarts is for the user to restart the whole system.

[godshatter]

I just assumed that they installed the new kernel in a different directory and pointed there via grub or whatever when rebooted. I wasn't thinking about live-patching the active kernel. That's pretty nifty if they can pull that off.

I just want them to not do anything, even security updates, without my explicit permission despite their fears over the security of my system. I have reasons I'm not updating right now. It comes down to the question "who's damn system is it, anyway?"