diff --git a/bin/browserid b/bin/browserid
index 03fa955e44d9c29e754dee7b3bc5721ec32c2155..73189a7aa081fe48a42bdc5c40a6d790bfffac88 100755
--- a/bin/browserid
+++ b/bin/browserid
@@ -157,17 +157,7 @@ wsapi.setup({
 // #9 - handle views for dynamicish content
 views.setup(app);
 
-function doShutdown(readyForShutdownCB) {
-  require('../lib/bcrypt.js').shutdown();
-  db.close(readyForShutdownCB)
-}
-
-// #11 - calls to /code_update from localhost will restart the daemon,
-// this feature is not externally accessible and is only used by
-// the update logic
-shutdown.installUpdateHandler(app, doShutdown);
-
-// #12 if the BROWSERID_FAKE_VERIFICATION env var is defined, we'll include
+// #10 if the BROWSERID_FAKE_VERIFICATION env var is defined, we'll include
 // fake_verification.js.  This is used during testing only and should
 // never be included in a production deployment
 if (process.env['BROWSERID_FAKE_VERIFICATION']) {
@@ -192,7 +182,10 @@ db.open(config.get('database'), function (error) {
   }
 
   // shut down express gracefully on SIGINT
-  shutdown.handleTerminationSignals(app, doShutdown);
+  shutdown.handleTerminationSignals(app, function(readyForShutdownCB) {
+    require('../lib/bcrypt.js').shutdown();
+    db.close(readyForShutdownCB)
+  });
 
   var bindTo = config.get('bind_to');
   app.listen(bindTo.port, bindTo.host, function() {
diff --git a/bin/dbwriter b/bin/dbwriter
index 456a78837d9406c83193fdf54fa2a4b9c8b42e6b..c629863e2241f62b8d94e08342cd66697caffe70 100755
--- a/bin/dbwriter
+++ b/bin/dbwriter
@@ -96,11 +96,6 @@ function doShutdown(readyForShutdownCB) {
   db.close(readyForShutdownCB)
 }
 
-// calls to /code_update from localhost will restart the daemon,
-// this feature is not externally accessible and is only used by
-// the update logic
-shutdown.installUpdateHandler(app, doShutdown);
-
 // open the databse
 db.open(config.get('database'), function (error) {
   if (error) {
diff --git a/bin/keysigner b/bin/keysigner
index 4ed646c9a897b5cf6fb48880dbf5b1617a4271fb..714a4fed322de04c1971f966c1f94755ec1c4784 100755
--- a/bin/keysigner
+++ b/bin/keysigner
@@ -101,9 +101,6 @@ app.post('/wsapi/cert_key', validate(["email", "pubkey", "ephemeral"]), function
   });
 });
 
-// shutdown when code_update is invoked
-shutdown.installUpdateHandler(app);
-
 // shutdown nicely on signals
 shutdown.handleTerminationSignals(app, function() {
   cc.exit();
diff --git a/bin/verifier b/bin/verifier
index 4499256930558eed528919976ddd7a576ada1498..8363e217d27da5a53f41c4a767a6779560d9a8c8 100755
--- a/bin/verifier
+++ b/bin/verifier
@@ -126,9 +126,6 @@ app.post('/verify', function(req, resp, next) {
   });
 });
 
-// shutdown when /code_update is invoked
-shutdown.installUpdateHandler(app);
-
 // shutdown nicely on signals
 shutdown.handleTerminationSignals(app, function() {
   cc.exit();
diff --git a/docs/DEPLOYMENT.md b/docs/DEPLOYMENT.md
index c04de734595374018a42235e3f6eab198c553951..13c3b5fc26a8fa5c93a79d1779ec3854bd95ab32 100644
--- a/docs/DEPLOYMENT.md
+++ b/docs/DEPLOYMENT.md
@@ -2,6 +2,10 @@
    - License, v. 2.0. If a copy of the MPL was not distributed with this
    - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
 
+**NOTE:** this document is outdated and should be updated, it's left here
+because there is *some* still some potentially useful information.  
+Reader beware.
+
 # How to deploy BrowserID
 
 This describes how to take the code here, put it on a server, and build
@@ -142,9 +146,8 @@ if [ "x$GL_REPO" == 'xbrowserid' ] ; then
     echo "generating production resources"
     cd $NEWCODE/browserid && ./compress.sh && cd -
 
-    # stop the servers
-    curl -o --url http://localhost:62700/code_update > /dev/null 2>&1
-    curl -o --url http://localhost:62800/code_update > /dev/null 2>&1
+    # XXX: stop the servers!  you should deliver SIGINT to each
+    # process
 
     # now move code into place, and keep a backup of the last code
     # that was in production in .old
@@ -275,11 +278,6 @@ server {
     listen       80 default;
     server_name  browserid.org;
 
-    # disallow external server restart.
-    location = /code_update {
-        internal;
-    }
-
     # pass /verify invocations to the verifier
     location /verify {
         proxy_pass        http://127.0.0.1:62800;
diff --git a/lib/shutdown.js b/lib/shutdown.js
index a4a9a6bc08b5b9bef8b2c695470370b2b355ddca..7fa3c2fdea4a826205b61d3f087e292016627121 100644
--- a/lib/shutdown.js
+++ b/lib/shutdown.js
@@ -2,10 +2,9 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-/* code_update is a tiny abstraction of a handler that can be
- * used to shutdown gracefully upon signals, and can be used
- * to install a 'code_update' hook into a running express
- * server.
+/* shutdown.js is an abstraction for installing graceful shutdown
+ * handlers into processes so that they gracefully shutdown upon
+ * signals.
  */
 
 const logger = require("./logging.js").logger;
@@ -78,17 +77,3 @@ exports.handleTerminationSignals = function(app, callback) {
 
   process.on('SIGINT', endIt('INT')).on('SIGTERM', endIt('TERM')).on('SIGQUIT', endIt('QUIT'));
 };
-
-const CODE_UPDATE_URL = '/code_update';
-
-exports.installUpdateHandler = function(app, callback) {
-  var terminate = connectionListener(app);
-  app.get(CODE_UPDATE_URL, function(req, resp, next) {
-    // don't allow an imprecise match (like one with a trailing slash) to shut the server down.
-    // bug #699171
-    if (req.url !== CODE_UPDATE_URL) return next();
-
-    logger.warn("code updated.  closing " + app.connections + " connections and shutting down.");
-    terminate(callback);
-  });
-};