On Thu, 5 May 2016, Julian H. Stacey wrote: > Another bunch of Security alerts, degrades FreeBSD by being clumped together: > > I guess many recipients get tired of recent indigestable batches of > multiple FreeBSD Errata & think approx:
I cannot recall whether you were participating in the discussion the last time this topic came up. Regardless, it feels like it was somewhat recent (a year or so). > _Why_ have they been artificially batching in last years ? > I could spare time to interrupt work for one priority alert, > Not for a heap batched seconds apart ! _Why_ ?! > I have no time now to action all this heap ! Maybe later ... > ( & meanwhile security @ FreeBSD could complacently think: > "We published all 4, if you don't immediately find time to > secure all 4 & someone abuses you, don't blame us !" ) > Are they batched in delusion it will help FreeBSD public relations, > to not scare people with too many days with FreeBSD alerts ? > Batching _Degrades_ security. It is bad over-management, > FreeBSD was better previously without batching, publishing each > problem when analysed, Not held back for batching. As a member of the security team for two projects (not FreeBSD's, though), I can say that it is a lot of behind-the-scenes work to put out advisories, and batching them reduces the unit cost of any given one. I further note that this recent batch that you are complaining about, contained only one security advisory and three errata notices; the contents of the errata notices have been public for quite some time, and affected parties welcome to upgrade at their leisure [manually, without freebsd-update, of course]. We can perhaps agree to disagree about whether the batching is good, but I do not see much value in rehashing the same arguments periodically. -Ben _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
