From owner-freebsd-ports@freebsd.org  Wed Jan  2 06:28:29 2019
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 46D1C1437755
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Wed,  2 Jan 2019 06:28:29 +0000 (UTC) (envelope-from pi@freebsd.org)
Received: from home.opsec.eu (home.opsec.eu [IPv6:2001:14f8:200::1])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id C6D397579B
 for <freebsd-ports@freebsd.org>; Wed,  2 Jan 2019 06:28:28 +0000 (UTC)
 (envelope-from pi@freebsd.org)
Received: from pi by home.opsec.eu with local (Exim 4.91 (FreeBSD))
 (envelope-from <pi@freebsd.org>)
 id 1gea0u-0000wX-Kl; Wed, 02 Jan 2019 07:28:24 +0100
Date: Wed, 2 Jan 2019 07:28:24 +0100
From: Kurt Jaeger <pi@freebsd.org>
To: Mel Pilgrim <list_freebsd@bluerosetech.com>
Cc: Freebsd Ports <freebsd-ports@freebsd.org>
Subject: Re: How can we ensure security fixes get MFH'd to quarterly?
Message-ID: <20190102062824.GP84895@home.opsec.eu>
References: <187df4a2-4402-8492-6536-cd6b6cdf07de@bluerosetech.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <187df4a2-4402-8492-6536-cd6b6cdf07de@bluerosetech.com>
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jan 2019 06:28:29 -0000

Hi!

> On Nov 27, r486043 was committed to head to fix several vulnerabilities 
> in the Samba 4.7 and 4.8 ports, but it wasn't merged to 2018Q4.  A PR 
> was opened, but 2018Q4 sat unfixed until it expired at the end of the year.
> 
> Filing a PR didn't help.  Mentioning the PR on this list didn't help. 
> What can be done to prevent further repetitions of this lapse in the future?

>From what I know, there are two issues:

- it should be clear that it does not cause regressions in quarterly
  this is not always easy to check
- it needs portmgr or -secteam approval (this was missing in that case)

-- 
pi@FreeBSD.org         +49 171 3101372                 One year to go !