From owner-freebsd-security@FreeBSD.ORG Thu Apr 10 11:20:08 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 96997B0F for ; Thu, 10 Apr 2014 11:20:08 +0000 (UTC) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 5709515C7 for ; Thu, 10 Apr 2014 11:20:08 +0000 (UTC) Received: from nine.des.no (smtp.des.no [194.63.250.102]) by smtp-int.des.no (Postfix) with ESMTP id 7AFA16EFA; Thu, 10 Apr 2014 11:20:07 +0000 (UTC) Received: by nine.des.no (Postfix, from userid 1001) id 2D038AE0; Thu, 10 Apr 2014 13:20:08 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Pawel Biernacki Subject: Re: Proposal References: Date: Thu, 10 Apr 2014 13:20:08 +0200 In-Reply-To: (Pawel Biernacki's message of "Thu, 10 Apr 2014 12:01:18 +0100") Message-ID: <86y4zd4ejb.fsf@nine.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org, Kimmo Paasiala , Walter Hop X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Apr 2014 11:20:08 -0000 Pawel Biernacki writes: > Dag-Erling Sm=C3=B8rgrav writes: > > The freebsd-update build is not a normal make buildworld or make > > release, it's much more complicated than that. > So you're telling me that nothing can be done about it? I'm telling you that you're arguing out of ignorance. Publishing an advisory takes time because there are many steps involved. Wishing that all those tasks only take ten minutes each and can be performed in parallel won't make it so. > And I don't understand why all of those things need to be > single-threaded, I've told you, everything needs to be done in a specific order. You can't mail out the advisory before it's published on the web because it contains links to itself. You can't push the advisory to the web site before it's signed. You can't sign it until it's complete. You can't complete it until you've committed the patches, because it contains information about the commits. You can't commit until after the freebsd-update builds have completed and the binary patches have propagated to all the mirrors, because you want the source and binary patches to go out simultaneously. And so on and so forth. Throwing more manpower at the job won't make a difference; in fact, it might slow things down due to the need to communicate and coordinate. Read your Fred Brooks. > since you even mention asking someone from clusteradm@ to help: Yes, I mentioned getting someone from clusteradm@ to run the web update script manually instead of waiting 10 minutes for the next scheduled update. Trust me, that's not a major sticking point in the process. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no