mysql-server

[Eric Rostetter]

Quoting Marc Deslauriers <marcdeslauriers at videotron.ca>:

> I didn't say it was of no concern. Actually, I think you're right about
> being careful around holidays. We should try to not release official
> updates near weekends and holidays. What does everyone think?

I think that is wrong, except for release for "unknown" vulnerabilities
(where all vendors co-ordinate the release).

Security patches should come out asap.  If we delay them, we may be
allowing people to get hacked.  We only release security updates (not
bug fixes) so there is no real way to delay them.  We can, however,
try to "rush" them to get them out earlier if we know a holiday is
coming up, etc.  As long as we still do proper QA, etc.  This may meen
simply that the package publishes need to make sure they get them out
quickly if a holiday/weekend is coming up, etc.

We can't effectively schedule around holidays and weekends, since timezones
and cultural holidays make that too difficult.

The worst hacking time in the US is actually over the Thanksgiving day
period (Wednesday through Sunday of that week) and over the "Christmas
break" period (when schools are out, usually late December until early
January).  To delay releasing security releases during these periods
when the hacking level is highly elevated would not be a wise move
for a security-related service group, IMHO.

> Marc.

-- 
Eric Rostetter