FreeBSD flood of 8 breakage announcements in 3 mins.

[Matt Garber]

On Wed, May 15, 2019 at 11:15 PM Bill Sorenson <instructionset at gmail.com>
wrote:

> > I’m not sure what you meant about Linux distros not categorizing fixes,
> though — with some notable exceptions, most of the big ones certainly tag
> security fixes >separately, which is what allows `unattended-upgrades` on
> Debian/Ubuntu based systems (and `yum-cron` on RHEL) to work so nicely
> automatically as scheduled on > *only* security errata, while leaving all
> other types of updates alone for admin intervention.
>
> My comment about Linux was not in regards to any particular distro, they
> all
> have interesting policies of varying effectiveness when it comes to release
> engineering, but specifically about the Linux kernel team (Torvalds Et al,)
> which last I checked had a policy of specifically not handling security
> issues
> any different from any generic bug. Distros may do their own kernel release
> engineering and handling that themselves which is fine.


Understood, yep, that historical stance in the kernel itself has really
sucked and does no one any favors with ‘everything is just a bug.’
Thankfully the kernel self-protection project has made some significant
strides in that area, even if the overall security attitude of maintainers
has been slower to positive change than would be ideal.


—
Matt