From owner-freebsd-security@freebsd.org Tue Aug 25 23:02:21 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A89AC99AD9A for ; Tue, 25 Aug 2015 23:02:21 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 90C74C53; Tue, 25 Aug 2015 23:02:21 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from mail.xzibition.com (localhost [IPv6:::1]) by freefall.freebsd.org (Postfix) with ESMTP id 89B631211; Tue, 25 Aug 2015 23:02:21 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from mail.xzibition.com (localhost [172.31.3.2]) by mail.xzibition.com (Postfix) with ESMTP id 308047DC0; Tue, 25 Aug 2015 23:02:21 +0000 (UTC) X-Virus-Scanned: amavisd-new at mail.xzibition.com Received: from mail.xzibition.com ([172.31.3.2]) by mail.xzibition.com (mail.xzibition.com [172.31.3.2]) (amavisd-new, port 10026) with LMTP id sYZUjXZP8cyP; Tue, 25 Aug 2015 23:02:18 +0000 (UTC) Subject: Re: Quarterly packages and security updates... DKIM-Filter: OpenDKIM Filter v2.9.2 mail.xzibition.com 9675B7DBB To: Mason Loring Bliss References: <20150813202007.GC4093@blisses.org> <20150813204023.GJ24069@FreeBSD.org> <20150813210129.GF4093@blisses.org> <20150813211528.GK24069@FreeBSD.org> Cc: freebsd-security@freebsd.org From: Bryan Drewery Openpgp: id=F9173CB2C3AAEA7A5C8A1F0935D771BB6E4697CF; url=http://www.shatow.net/bryan/bryan2.asc Organization: FreeBSD Message-ID: <55DCF3F9.4040304@FreeBSD.org> Date: Tue, 25 Aug 2015 16:02:17 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: <20150813211528.GK24069@FreeBSD.org> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="2HLLCgnoMWmMvT4pfIvrn4CeN86wfkc2g" X-Mailman-Approved-At: Tue, 25 Aug 2015 23:21:34 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Aug 2015 23:02:21 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --2HLLCgnoMWmMvT4pfIvrn4CeN86wfkc2g Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 8/13/2015 2:15 PM, Glen Barber wrote: > On Thu, Aug 13, 2015 at 05:01:29PM -0400, Mason Loring Bliss wrote: >> On Thu, Aug 13, 2015 at 08:40:23PM +0000, Glen Barber wrote: >> >>> [info@ removed, not sure why that email address was included.] >> >> I'm hoping for pressure from above, as this is an important step that'= s >> evidently being taken without quarterly branch security being bumped u= p in >> priority. It seems to come as a surprise to many folks, and certainly = I >> wasn't aware of it until last week. (Also, board@ is now deprecated.) >> >=20 > "Putting pressure" isn't the role of the Foundation. >=20 > Quarterly package builds happen every few days (two, if I remember > correctly), and as I was writing this reply, and updated package set fo= r > 10.x i386 was made available. >=20 [I run the package builds] Correct, two. I think the biggest problem is just the frequency of builds. The items listed in the `pkg audit' output are normally backported to the quarterly branch quickly. I am exploring ways of making the quarterly builds run multiples times per day. --=20 Regards, Bryan Drewery --2HLLCgnoMWmMvT4pfIvrn4CeN86wfkc2g Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJV3PP6AAoJEDXXcbtuRpfPXxUH/29YKEcJr3/X08chPZOkL1Eg xKwaIIQ566GoXy2fbgrC719nCJ99CivpiPzoCWtoFUzFdVVOb7+e2yOYTpnAqA8Y FYD3jyVDKjcNQsONfU1/6SSGLVLWMYw/IiQFMAYAK/79NeE7EbTVIsaZeAiJzPB5 HhEBSHgfGRSzm7Yt8zxAzRGAVIvlMSMNK0aJeaCbTuTPZ3S5kIemytcbWCDy3y8S RN0iKUiAcvxAvIccGKhQ9uPKqqeCM8ray7o+9HyXwWye/HSFhpAMECZlHShR6ABy 5Rdnm9k5DgfoXFQoLBP3hNtFJxqUz8tkyMj1iw6LM9sAhZ+0qns4CKvz+EVNU1A= =Ub+S -----END PGP SIGNATURE----- --2HLLCgnoMWmMvT4pfIvrn4CeN86wfkc2g--