> > You are right but it seems that someone changed the release file before
> > sending broadcast
> >
> Again. At least the new packages are actually in the repo this
> time though.
>
> This sort of behaviour is bad; warnings shouldn't be generated
> until there's some indication of a problem, for example the
> update being out for a few days, but not being installed at a
> site. Spamming people with spurious warnings will just encourage
> them to ignore the mails, perhaps even automatically. This is
> not good for security and it should stop.
This release is indeed a bit chaotic, so no excuse for that.
Another way to look at such behavior is that the warning actually remind you
of a new CA package available, and update is expected. However, in this
particular case, there is some issues with process itself but the logic is
correct. One should not expect all sites take the action simultaneously and
the Nagios probe will be updated in the meantime. This is the reason why
there is 8 days gray period.
Cheers,
Mingchao
|