On Wed, Apr 26, 2006 at 07:42:14PM +0200, jdd wrote:
Fixes are released when ready.
I don't really know how you work.
Easy: find out: http://files.opensuse.org/opensuse/en/a/a1/FOSDEM_security_process.pdf ftp://ftp4.gwdg.de/FOSDEM/FOSDEM2006-openSUSE-11-Security_Process-2006-02-26-video_full.ogg
When apache or Mozilla release a bugfix, I can install the new version right now.
Sure. You can. What if a patch somehow breaks YOU? Or something else that my sytem relies on? That is the differnce between using YOU or doing all the updates yourself. Using YOU will most likely have a delay. However you do not need to keep watch on secuitlists like bugtraq yourself and find out what applies to you and in what severity.
I try to have an idea of how many time go between the _official bugfix release_ and the YOU update release. of course as a guess, but said like you do this could mean tomorrow or never, this is not done to make the user confident :-).
Nobody said never. That is your interpretation. The answer is "when ready". That is really the only correct answer. Every other answer will be wrong. An example: 24 hours. What if it takes 48 hours? 48 hours. What if it takes 50 hours? one week. Why does it take so long?
I don't try to make pressure on your team, all the contrary.
I know you are working fast and I would like to advertise it more and more precisely, at least rationally. This is measure if the trust we can have on YOU, not uninteresting :-)
With each and every time you put fixed, it will be more and more followed by an excuse why it won't be always like that. Making it sound as if you can't commit. And if you can't commit, why put a time on it.
I I understand well what is said here, you fix the bug sometime _before_ it is annouced on the web (I beg you have good information sources :-)
Not only good information sources, also good informational source-codes. :-) houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau