I love the transparancy guys Regards, Michael Sim SLI MIS Central Phone: 32 16 800 369 Fax: 32 16 800 398 -----Original Message----- From: Roman Drahtmueller [mailto:draht@suse.de] Sent: Wednesday, March 19, 2003 10:45 AM To: Markus Gaugusch Cc: SuSE-Security Subject: Re: [suse-security] Samba 2.2.8
But, why it takes so long (4-5 days)? This is serious security update. Is there some extra work after recompiling? Not all packages can be compiled at once for all architectures and all suse versions. When the announcement is released, all of them (or at least most) have been built (because the MD5 sums are in the announcement). I guess, newer and more common versions are built before sparc or older suse release packages. SuSE puts up the packages as soon as they are built, and you can usually find them using YOU or fou4s a few days before the announcement.
The packages are actually built in parallel on all architectures. Time gets lost with preparing the packages and testing them. There are more products than SuSE Linux, and many of them have a samba package. Now if a package has a malfunction, you must extrapolate the effect of the defect. There were some oddities that had to be checked out before we release the packages, and testing took us a long long time. Basically, we were ahead of the schedule (and we basically still are). It's just that the samba people checked in a (disguised) patch to their public CVS, and that caused exploits to pop up like mushrooms. So they had to go public earlier, and we were not ready yet. Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "You don't need eyes to see, | SuSE Linux AG - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - - -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here