OK, I just approved the DL’s for the April security bulletins - expect to see them live later today or tomorrow. I apologize for the long delay on this – my web release guys were swamped last week, due to two factors: first, it was Security Bulletin time around here; and second, last week was spring break for the local school systems and lots of people had vacation planned with their families. I realize this looks like a step backward as far as the time lag goes, but for the desktop updates, nothing really has changed process-wise – we did this release just as we have over the past year. However, as we move the process forward and get it better settled into WinSE, I expect to be able to get the releases moving sooner, which means they’ll appear on the OEM Secure Site sooner. That’s the next thing on my list, right behind getting Test lined up and right in front of getting Dev lined up.
The component versions are finishing up in test right now – just a few minor issues to polish, and they should be ready for codesigning and release. If all goes well, they should be on their way to the web release team by the end of this week, which means early next week for a real release, which will actually be a week quicker than the last set. Once Test is lined up in WinSE to do this testing along side the other updates, we should be able to get the sign-off, code-signing, and release done at the same time as the desktop versions. So while this month seems to be a step backward, things are looking good to have releases done and to you quicker each cycle. As I mentioned before, the goal is to have Embedded updates available the same day as the desktop updates - we hope to have approached that goal by the end of this year, and be making steady progress towards it each cycle.
Now, in Other News:
I’ve had two comments from people on my Linux story from a few weeks back, trying to explain the vagaries of releasing GPL source code. I’ve read the GPL, and to my understanding (section 3a and 3b), you either have to make the source available or tell people how they can get it, and not charge more than copying and media fees for it (i.e. you can’t give away the EXE but charge beau-coup bucks for the source). Compare that with proprietary software (such as Microsoft makes), where the source code itself is IP (intellectual property), owned by the company or individual and protected by copyright, patent, and license law. If you write proprietary software, you can charge whatever you want – if you write GPL software, you can’t really charge for the binaries nor the source other than some recovery costs, although it does open the market for add-on support and services (look at Redhat for an example, who make their money as a service-based business, since they can’t charge for the software directly [GPL Section 1]). However, Microsoft and other proprietary software vendors do both – charge for the software, and charge for extended support. It seems to me that proprietary software makes better economic sense.
I know I’ve cleared up nothing, and have probably opened myself up to more comments and religious arguments, but at least people are reading the blog.