Date: Wed, 24 Apr 2013 12:49:06 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Dag-Erling Smørgrav <des@....no> Subject: Re: Advisory dates -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/24/2013 09:00 AM, Dag-Erling Smørgrav wrote: > I'm curious as to what kind of policies various distros have in > place wrt release dates for advisories. We (FreeBSD) have a list > of dates to avoid, which include major religious holidays, New > Year's Day etc., and try to avoid releasing advisories on or > immediately before these dates. But May is often problematic, with > May Day (May 1st) and Liberation Day (May 8th in Western Europe, > May 9th in Eastern Europe) clustered together. An early Easter > adds Ascension to the mix (May 17th last year, May 9th this year). > A late Easter is even worse: the Holy Week in late April, followed > by a four-day week, with the next week cut short by May 1st and the > one after that amputated by May 8th / 9th. > > Not to mention national or regional holidays such as Cinco de Mayo > (May 5th, obviously) or Norway's Constitution Day (May 17th)... > > How do you deal with situations like this? And do you have > documented policies or guidelines? Ultimately if we start scoring off major holidays we've have no release dates left ;) In general Red Hat goes by major North American statutory holidays (many of which tend to be global, e.g. Christmas). We also do our best to avoid North American Friday (which is Saturday in Europe/Asia) and North American Saturday/Sunday as well. Other than that we tend to release as needed: https://www.redhat.com/archives/rhsa-announce/2013-April/date.html and so on. Also some historical data on which weekdays/times are the busiest: http://www.awe.com/mark/blog/20111111.html > DES - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJReCkiAAoJEBYNRVNeJnmTFq4P/0KfKYmig+pL8S/6hDXN42L/ fBUFP+l7vFGbVRcY4ycWRrTHUR+k0WrsP4SsVbkNDWHTT9x83lzRLSlAlHJ6Uw0C YFN6uBQpNjpeh/qqzUSxg3jx0O1y/TyY+yB2U6Mu5JY+2tZMHzC2/NI/hxBbKAbz hjEN7vZOnmSa6cw83x0ps6Zuz4RnzIi6Eon51AMZ+xuqhREM1q08SsLlaLERj+a3 D0jzAQAv8sscO+ROlCA/hTW1UTkzsSWTBRb55RS6WzlYXwZ28fn7mLh8zE7FwIAC yBJAqy1awSpktCEBmMayiohI7ZHAV70cNmP7crJZIACrfElmHp9F0Dpuuf24abv3 qXsm3d9i8a3QslIc77kYO7W2ya5NJfmQ0gIOBvLXLsvEBPNDu2KZtiY1tHfoe++l FMHP1OFsLEIftFH5UxIljQcvVPw5DFimFPW5UA+QwzNJVm2hzf4hZb0LjLqayPIW qG/CC0yrWC3ohh5Mh2y8GD5MRxROxkKluFM1s7+A/bXfF0E4IHY0zDsSrNawaRsF GCsb4Y1Zn+YmD+WxoSa6Tqk9ysii8+g7O21cUeNBRskXp5xYVlTuM4n9V96FJXFs Pyzwy5IfHDdAm26oB4eOiD0Y3I5arlORgB8mIg0R6YMwsT6US6j5SONIdn/nHr+H fFCT7x5pmGXQkkU3LaQn =JOPE -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.