Date: Tue, 05 Apr 2005 23:18:04 -0700 From: Colin Percival <cperciva@freebsd.org> To: jesper@www.hackunite.net Cc: freebsd-security@freebsd.org Subject: Re: About the FreeBSD Security Advisories Message-ID: <42537F1C.5010502@freebsd.org> In-Reply-To: <1477.213.112.198.172.1112751249.squirrel@mail.hackunite.net> References: <1477.213.112.198.172.1112751249.squirrel@mail.hackunite.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jesper Wallin wrote: > I've noticed a delay between when the security advisories are sent and > when the cvsup servers, ftp mirrors and web mirrors are updated. Is this > delay on purpose to give the users some time to update/patch their > system(s) before it hit pages like bugtraq, etc.. or is it just a caused > by the delay between when the ftp/cvsup servers are synced? It's mostly logistics. We write the advisory and prepare patches ahead of time, but then we need to 1. Commit to the affected security branches (at least, to the ones which are still supported), 2. Update the advisory to include the correction times in the header, 3. Sign the advisory, 4. Upload the advisory + patches to ftp-master, 5. Email out the advisory. 6. Update the website to point to the advisory. As Kris noted, the ftp and cvsup mirrors then catch up according to their usual schedule. It probably took longer than usual for the ftp mirrors this time since many of them are still grabbing the 5.4-RC1 bits. Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42537F1C.5010502>