About the FreeBSD Security Advisories
Colin Percival
cperciva at freebsd.org
Tue Apr 5 23:18:38 PDT 2005
Jesper Wallin wrote:
> I've noticed a delay between when the security advisories are sent and
> when the cvsup servers, ftp mirrors and web mirrors are updated. Is this
> delay on purpose to give the users some time to update/patch their
> system(s) before it hit pages like bugtraq, etc.. or is it just a caused
> by the delay between when the ftp/cvsup servers are synced?
It's mostly logistics. We write the advisory and prepare patches ahead of
time, but then we need to
1. Commit to the affected security branches (at least, to the ones which are
still supported),
2. Update the advisory to include the correction times in the header,
3. Sign the advisory,
4. Upload the advisory + patches to ftp-master,
5. Email out the advisory.
6. Update the website to point to the advisory.
As Kris noted, the ftp and cvsup mirrors then catch up according to their
usual schedule. It probably took longer than usual for the ftp mirrors this
time since many of them are still grabbing the 5.4-RC1 bits.
Colin Percival
More information about the freebsd-security
mailing list