From owner-svn-ports-all@FreeBSD.ORG Wed Mar 12 19:48:19 2014 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id F0F45DEC; Wed, 12 Mar 2014 19:48:18 +0000 (UTC) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id BEBD8946; Wed, 12 Mar 2014 19:48:18 +0000 (UTC) Received: from zeta.ixsystems.com (unknown [69.198.165.132]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id 2BBE41DDD8; Wed, 12 Mar 2014 12:48:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net; s=anubis; t=1394653698; bh=nX7cFjLsxR4gZFlBgs/+bWrktagHZZgAOMfb2ouUMCI=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=pIrbB6XhLrxMzGBgKPonejkXFqXQSMvZfTIY/e9iiQr7Fv4SVjJc5nT6GrdwnJ/Re hRIuXRQDsDVJ9s+hH7FP9UJcXSz8LQDvT49UrTU33JFWQXIcBzxWfzeuAilUL6qsZV b9V6px3/B4jUxxgM7LOCmEdfPUuhEqWAsWhKd08w= Message-ID: <5320BA01.1010304@delphij.net> Date: Wed, 12 Mar 2014 12:48:17 -0700 From: Xin Li Organization: The FreeBSD Project MIME-Version: 1.0 To: "Timur I. Bakeyev" , Xin LI Subject: Re: svn commit: r347949 - in head/net: samba36 samba4 samba41 References: <201403120107.s2C17UgI088987@svn.freebsd.org> In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: svn-ports-head , svn-ports-all , "ports-committers@freebsd.org" X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: d@delphij.net List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Mar 2014 19:48:19 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, Timur, On 03/11/14 23:19, Timur I. Bakeyev wrote: > The practice of certain commiters just randomly picking up ports > and making changes there without contacting maintainer beforehand > becomes more and more annoying and abusive recently. > > I've spent all night, trying to put all the stacked changes all > together and test Samba ports when at a commit attempt suddenly > learn, that someone felt the urge to interfere and bump port > versions just cause he was in a mood. Well, thanks a lot. > > And yes, I hate to change PORTREVISION. > > Have a nice day. My apologies if what I did have made you unhappy. I did the update mainly because samba is a popular port, and the advisory for SAMR service is both unenforced security policy and a denial of service (memory leak) from remote that affects all Samba versions. I should have sent an email beforehand but noticed Samba 4.x ports were not updated for a few recent releases that contained relatively important fixes, so I (erroneously) assumed that you may be busy and decided to make the change myself after some basic sanity tests and give you notification after that. Sorry about that. In the future, will the following procedure be an improvement to our existing practice, when a vendor have released a new (full) release to address a security issue, if it's not a vendor issued patch that can be done as a PORTREVISION bump plus adding vendor security patch? - We update vuxml first, and then mark port as FORBIDDEN with a reference to the entry; send maintainer a notification with a special timeout of 24 hours to response with objection; - An update to the port is only done if maintainer approved or did not respond within the deadline. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTILoBAAoJEJW2GBstM+nsL0gP/1Pxn6LJRanQuDAUQ1HoMkHs xktNIokrMjB9aYLoFahvZBbnKBJTVZk674yhFissOtHVHaxGAEnDmPqQXj9ue+Z3 EERg2xsmmg88Fw8b+VhgZ0SzkEt2kuDnnF/AY1AlPKJV8rx8vAT3LUEQi9rk2ruf 3aVpjfpVxqJn4qyUIHi77+zsVfkvnWmpjMGy5HNUOdql16J//rIdiV3ENA2m8woi PNKe3FTsfC326E3dCfRZhID/2JJRta/ogdhJJPRJ5Ntkjq8ha4pJhJ1h3hUgxgkz nhIOYvU5+IDt9Xlm2/Gbo1OcIsxgBqbDjawmzJ+UkxK4yHB7eTrGYnK5jqYyyExa RDdTyeSv+nBPJ+08JCnn2Fx5HAeVRmurwDo4bigrl5eE5noiTxwb/qH6Nh6iDRvu PMGXpRRxeU95u7r2S/Uax5ajRCPo2Ngz2UmAdpb5BOexBhn5VyXIXs1IqF0YOO6L ClMy8ive+1yFW8ZS42C/wXLcYlZkvLnw8BOvXf0s4eB0M7W9YES7GrLJCHVjqiIL thCj4TpR1OsHWLtjfzKvgwMZZWeUBQKR27bvmzjC7XOxoOky6HplSLd+9uXltYmE rpBrSrtkpzjxdrVS/6IA3EzgCMd/VC0joauhhiOV6NY+y1Xgw0vWmZq59dIeYgHO vNUgsgGMYElWCXQOMwIv =J8oX -----END PGP SIGNATURE-----