From owner-freebsd-ports@FreeBSD.ORG Tue Aug 10 17:14:16 2010 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0E5811065672 for ; Tue, 10 Aug 2010 17:14:16 +0000 (UTC) (envelope-from freebsd-ports@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id B7E058FC0A for ; Tue, 10 Aug 2010 17:14:15 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1OisOz-0006tT-SV for freebsd-ports@freebsd.org; Tue, 10 Aug 2010 19:14:13 +0200 Received: from p579150ea.dip.t-dialin.net ([87.145.80.234]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 10 Aug 2010 19:14:13 +0200 Received: from jumper99 by p579150ea.dip.t-dialin.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 10 Aug 2010 19:14:13 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-ports@freebsd.org From: "Helmut Schneider" Date: Tue, 10 Aug 2010 17:14:04 +0000 (UTC) Lines: 37 Message-ID: References: <20100810150433.GB32263@lonesome.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: p579150ea.dip.t-dialin.net User-Agent: XanaNews/1.19.1.194 X-Ref: news.gmane.org ~XNS:00000025 Subject: Re: PRs for Typo3 time out X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Aug 2010 17:14:16 -0000 Mark Linimon wrote: > On Tue, Aug 10, 2010 at 10:56:44AM +0000, Helmut Schneider wrote: > > in the past I created a few PRs with patches for important security > > updates for typo3. Unfortunately they all timed out. > > > > What is the time GNATS is waiting for feedback of the maintainer? > > It's 14 days for a normal update or bugfix. For security problems, > that doesn't matter: they should be fixed as soon as possible. If > the security problem is not serious, I think it's fair to notify the > maintainer before the commit; otherwise, it can go in immediately. > > > Does it make a difference if importance and/or severity are raised? > > No, not really. The values of these have been so over-set in GNATS > that the only people that notice them are the bugbusting team. I try > to keep the Severity=critical ones in order, but everything else is > meaningless. > > > IMHO it is a problem if important security fixes are approved only > > after a 14-day-or-more timeout. Are there mechanisms to avoid such a > > delay? > > a) you can try adding "[security]" to the Synopsis line; this may help > make it more visible. > > b) I will email the maintainer and ask if he is willing to transfer > maintainership to you. Me?! Huh! What does that mean? :) I mean, what if I run into problems? > In general, if people are having problems with how individual ports > are maintained, they should email portmgr@FreeBSD.org and bring it to > our attention directly. Thanks. I didn't mean to blame others, I'm just concerned about security.