▲ | aaomidi 4 days ago | |||||||||||||
What do "Freezes" mean? Like, do you stop renewing your certificates? Do you stop taking in security updates for your software? Sure maybe "unnecessary" changes, but the line gets very gray very fast. | ||||||||||||||
▲ | Spivak 4 days ago | parent | next [-] | |||||||||||||
It's not very grey, prod becomes as if you told everyone but your ops team to go home and then sent your ops team on a cruise with pagers. If it's not important enough to merit interrupting their vacation you don't do it. | ||||||||||||||
▲ | fragmede 4 days ago | parent | prev | next [-] | |||||||||||||
Certs shouldn't still be done by hand that this point; if another heartbleed comes out in the next 7 days then the risk can be examined, escalated, and the CISO can overrule the freeze. If it's a patch for remote root via Bluetooth drivers on a server that has no Bluetooth hardware, it's gonna wait. you're right that there's a grey line, but crossing that line involves waking up several people and the on call person makes a judgement call. if it's not important enough to wake up several people over, then things stay frozen. | ||||||||||||||
| ||||||||||||||
▲ | vrosas 4 days ago | parent | prev [-] | |||||||||||||
No unnecessary code deployments. |