Of course there is!The last SSH patch was out within days (two?). They have to test it, and personally I never feel comfortable trying a patch until it's been out for at least a week (since developers can RARELY reproduce all possible software interactions that the public will subject it to), unless I appraise that 'the odds' are good for an immediate exploit
If you look at the history of patch publication (both Open Source and proprietary), patches are frequently revised within the first few days of their publication. Sometimes the odds of dealing with a faulty patch are higher than an exploit -a tricky business, this security...
On a Solaris box at my company, patch 1 had a parsing bug that caused 'put "/here/blah" "/there/blah"' to fail without giving an error, but without the double quotes, it worked... patch 2 seemed to fix the error, but it wasn't documented. So testing is key. I've been pretty impressed with Astaro so far in that regard.
On a Solaris box at my company, patch 1 had a parsing bug that caused 'put "/here/blah" "/there/blah"' to fail without giving an error, but without the double quotes, it worked... patch 2 seemed to fix the error, but it wasn't documented. So testing is key. I've been pretty impressed with Astaro so far in that regard.
