Date: Thu, 5 May 2016 17:37:56 +0100 From: Steven Hartland <killing@multiplay.co.uk> To: freebsd-security@freebsd.org Subject: Re: Batching errata & advisories in heaps degrades security. Message-ID: <3930e03c-f81b-1366-6c76-20549768cfe4@multiplay.co.uk> In-Reply-To: <201605051625.u45GPODc084944@fire.js.berklix.net> References: <201605051625.u45GPODc084944@fire.js.berklix.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 05/05/2016 17:25, Julian H. Stacey wrote: > Benjamin Kaduk wrote: > >> As a member of the security team for two projects (not FreeBSD's, though), >> I can say that it is a lot of behind-the-scenes work to put out >> advisories, > Of course. > >> and batching them reduces the unit cost of any given one. > If so, their issue, not ours. Our concern is FreeBSD. > > >> the >> contents of the errata notices have been public for quite some time > URLs ? If info was complete early, delaying those announcement > degraded security of recipients. Batching also swamps recipients. > Totally the opposite, it means one rollout instead of X rollouts making it simpler not harder.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3930e03c-f81b-1366-6c76-20549768cfe4>