From owner-freebsd-security@freebsd.org  Thu May  5 15:00:10 2016
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 930AAB2D17C
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Thu,  5 May 2016 15:00:10 +0000 (UTC) (envelope-from jhs@berklix.com)
Received: from slim.berklix.org (slim.berklix.org [94.185.90.68])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 122B01D4F
 for <freebsd-security@freebsd.org>; Thu,  5 May 2016 15:00:09 +0000 (UTC)
 (envelope-from jhs@berklix.com)
Received: from mart.js.berklix.net (p5B22694B.dip0.t-ipconnect.de
 [91.34.105.75]) (authenticated bits=128)
 by slim.berklix.org (8.14.5/8.14.5) with ESMTP id u45EwRuD016775
 for <freebsd-security@freebsd.org>; Thu, 5 May 2016 16:58:27 +0200 (CEST)
 (envelope-from jhs@berklix.com)
Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41])
 by mart.js.berklix.net (8.14.3/8.14.3) with ESMTP id u45F04Cx037646
 for <freebsd-security@freebsd.org>; Thu, 5 May 2016 17:00:04 +0200 (CEST)
 (envelope-from jhs@berklix.com)
Received: from fire.js.berklix.net (localhost [127.0.0.1])
 by fire.js.berklix.net (8.14.7/8.14.7) with ESMTP id u45Exqdt084086
 for <freebsd-security@freebsd.org>; Thu, 5 May 2016 17:00:04 +0200 (CEST)
 (envelope-from jhs@berklix.com)
Message-Id: <201605051500.u45Exqdt084086@fire.js.berklix.net>
To: freebsd-security@freebsd.org
Subject: Batching errata & advisories in heaps degrades security.
From: "Julian H. Stacey" <jhs@berklix.com>
Organization: http://berklix.eu BSD Linux Unix Consultants, Munich Germany
User-agent: EXMH on FreeBSD http://www.berklix.eu/free/
X-URL: http://www.berklix.eu/~jhs/cv/
Date: Thu, 05 May 2016 16:59:52 +0200
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 05 May 2016 15:00:10 -0000

Another bunch of Security alerts, degrades FreeBSD by being clumped together:

  Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-16:17.openssl
  Date: Wed,  4 May 2016 22:55:46 +0000 (UTC)
  
  Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-16:06.libc
  Date: Wed,  4 May 2016 22:56:31 +0000 (UTC)
  
  Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-16:08.zfs
  Date: Wed,  4 May 2016 22:56:40 +0000 (UTC)
  
  Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-16:07.ipi
  Date: Wed,  4 May 2016 22:56:35 +0000 (UTC)

I guess many recipients get tired of recent indigestable batches of 
multiple FreeBSD Errata & think approx:

  _Why_ have they been artificially batching in last years ?
  I could spare time to interrupt work for one priority alert,
  Not for a heap batched seconds apart ! _Why_ ?!
  I have no time now to action all this heap ! Maybe later ...
    ( & meanwhile security @ FreeBSD could complacently think:
    "We published all 4, if you don't immediately find time to 
     secure all 4 & someone abuses you, don't blame us !" )
  Are they batched in delusion it will help FreeBSD public relations,
  to not scare people with too many days with FreeBSD alerts ?
  Batching _Degrades_ security.  It is bad over-management,
  FreeBSD was better previously without batching, publishing each
  problem when analysed, Not held back for batching.

Cheers,
Julian
-- 
Julian Stacey, BSD Linux Unix Sys Eng Consultant Munich http://berklix.eu/jhs/
 Mail plain text,  No quoted-printable, HTML, base64, MS.doc.
 Prefix old lines '> '  Reply below old, like play script.  Break lines by 80.
 Brexit: Meeting +UK blocks votes of Brits in EU  http://www.berklix.eu/brexit/