Date: Sat, 29 Aug 2015 12:38:36 -0400 (EDT) From: Benjamin Kaduk <kaduk@MIT.EDU> To: "Julian H. Stacey" <jhs@berklix.com> Cc: freebsd-security@freebsd.org Subject: Re: Is there a policy to delay & batch errata security alerts ? Message-ID: <alpine.GSO.1.10.1508291235450.26829@multics.mit.edu> In-Reply-To: <201508291629.t7TGT3nn084958@fire.js.berklix.net> References: <201508291629.t7TGT3nn084958@fire.js.berklix.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 29 Aug 2015, Julian H. Stacey wrote: > Presumably there's no delays eg for PR, giving longer quiet periods before > a release, slipping out bad news immediately after good. That seems highly unlikely. > What else might be causing batch flooding of alerts ? It's an awful lot of work to actually put all the pieces together to release security advisories; batching reduces the workload for the team. This is true no matter what project you look at, be it FreeBSD or MIT Kerberos (where I am on the security team and can speak from personal experience) or something else. This is why errata notices are delayed until they can go out with a security advisory; it's explicitly a way to reduce the workload on the security team. -Ben Kaduk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.GSO.1.10.1508291235450.26829>