Is there a policy to delay & batch errata security alerts ?
Benjamin Kaduk
kaduk at MIT.EDU
Sat Aug 29 16:43:52 UTC 2015
On Sat, 29 Aug 2015, Julian H. Stacey wrote:
> Presumably there's no delays eg for PR, giving longer quiet periods before
> a release, slipping out bad news immediately after good.
That seems highly unlikely.
> What else might be causing batch flooding of alerts ?
It's an awful lot of work to actually put all the pieces together to
release security advisories; batching reduces the workload for the team.
This is true no matter what project you look at, be it FreeBSD or MIT
Kerberos (where I am on the security team and can speak from personal
experience) or something else. This is why errata notices are delayed
until they can go out with a security advisory; it's explicitly a way to
reduce the workload on the security team.
-Ben Kaduk
More information about the freebsd-security
mailing list