Jesper Wallin wrote: > I've noticed a delay between when the security advisories are sent and > when the cvsup servers, ftp mirrors and web mirrors are updated. Is this > delay on purpose to give the users some time to update/patch their > system(s) before it hit pages like bugtraq, etc.. or is it just a caused > by the delay between when the ftp/cvsup servers are synced?
It's mostly logistics. We write the advisory and prepare patches ahead of time, but then we need to 1. Commit to the affected security branches (at least, to the ones which are still supported), 2. Update the advisory to include the correction times in the header, 3. Sign the advisory, 4. Upload the advisory + patches to ftp-master, 5. Email out the advisory. 6. Update the website to point to the advisory. As Kris noted, the ftp and cvsup mirrors then catch up according to their usual schedule. It probably took longer than usual for the ftp mirrors this time since many of them are still grabbing the 5.4-RC1 bits. Colin Percival _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
