Hello.. I've noticed a delay between when the security advisories are sent and when the cvsup servers, ftp mirrors and web mirrors are updated. Is this delay on purpose to give the users some time to update/patch their system(s) before it hit pages like bugtraq, etc.. or is it just a caused by the delay between when the ftp/cvsup servers are synced? Best regard, Jesper Wallin
On Wed, Apr 06, 2005 at 03:34:09AM +0200, Jesper Wallin wrote:> Hello.. > > I've noticed a delay between when the security advisories are sent and > when the cvsup servers, ftp mirrors and web mirrors are updated. Is this > delay on purpose to give the users some time to update/patch their > system(s) before it hit pages like bugtraq, etc.. or is it just a caused > by the delay between when the ftp/cvsup servers are synced?The mirrors are updated automatically, i.e. on a regular schedule determined by their individual administrators. They're not resynched specially when a security advisory is released. Kris -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20050405/fe975f9a/attachment.bin
Jesper Wallin wrote:> I've noticed a delay between when the security advisories are sent and > when the cvsup servers, ftp mirrors and web mirrors are updated. Is this > delay on purpose to give the users some time to update/patch their > system(s) before it hit pages like bugtraq, etc.. or is it just a caused > by the delay between when the ftp/cvsup servers are synced?It's mostly logistics. We write the advisory and prepare patches ahead of time, but then we need to 1. Commit to the affected security branches (at least, to the ones which are still supported), 2. Update the advisory to include the correction times in the header, 3. Sign the advisory, 4. Upload the advisory + patches to ftp-master, 5. Email out the advisory. 6. Update the website to point to the advisory. As Kris noted, the ftp and cvsup mirrors then catch up according to their usual schedule. It probably took longer than usual for the ftp mirrors this time since many of them are still grabbing the 5.4-RC1 bits. Colin Percival