[OpenAFS] When to publish security advisories?

Russ Allbery rra@stanford.edu
Fri, 15 Apr 2011 16:31:17 -0700

David Boyes <dboyes@sinenomine.net> writes:

> A variation of this comment: much of the complexity of deploying a fix
> is related to packaging. Investment in simplifying and automating the
> process of creating and deploying a new package would probably help
> somewhat with the pain level of creating a new release. The current
> build system is not helpful at all in that area.

I think this is already quite easy for systems with working package
management systems, and probably mostly irreducible complexity for systems
that don't have such a thing.

95% of the work on the Debian side for a security release is the
coordination with the Debian security team and the testing.  The actual
packaging is trivial.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>