Batching errata & advisories in heaps degrades security.
Roger Marquis
marquis at roble.com
Thu May 5 19:14:37 UTC 2016
> Totally the opposite, it means one rollout instead of X rollouts making it
> simpler not harder.
I don't know, isn't that the logic behind Microsoft's failed
patch-Tuesdays?
It's important not to confound security with usability. Any delay to a
security advisory is an invitation to hackers. I don't think that's
what end-users expect from FreeBSD much as the long arm of the NSA might
want to make it so (primarily vis-a-vis CERT and NIST).
Those sites that don't care about security are well served by batching
but given the packaging of base it seems like there's no longer any
significant benefit.
Roger
More information about the freebsd-security
mailing list