<rank1see...@gmail.com> writes: > Thanks for reply. > > On Tue, 08 Mar 2016 18:27:21 -0500 > Lowell Gilbert <freebsd-li...@be-well.ilk.org> wrote: > >> <rank1see...@gmail.com> writes: >> >> > 10-REL, for 20160303 p13 FreeBSD-SA-16:12.openssl, why is there no >> > >> > https://www.freebsd.org/security/advisories/FreeBSD-SA-16:12.openssl.asc >> >> Latest word on the security mailing list (which is the appropriate >> place to discuss these things) is that the fix is not yet complete. > > But it HAS been commited in release tree, as p13 > Why did they commited it at all then, if it isn't yet complete?
I don't have any inside information, but I would assume that they were reasonably sure that what was committed was an improvement, even if they weren't positive that the problem was completely solved by that commit. We should also note that the security advisory has now been issued. >> > And even when there is one for a patch, it becomes available >> > sometimes even after half of day, after patch has been released. >> >> There's no point in publishing a security advisory until after the fix >> has been successfully built and propagated out to the mirrors. People >> get confused if they're told a fix is available but freebsd-update >> doesn't give it to them. > > So it isn't posibble to publish a security advisory JUST after patch > has been commited, because it must be waited for it to be propagated > out to the mirrors? Of course it's *possible*. It's a bad idea (it would result in lots of users thinking incorrectly that they had applied the fix), but it would be possible. _______________________________________________ freebsd-doc@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-doc To unsubscribe, send any mail to "freebsd-doc-unsubscr...@freebsd.org"
