From owner-freebsd-ports@freebsd.org  Wed Apr  4 09:30:56 2018
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8BA33FA0086
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Wed,  4 Apr 2018 09:30:56 +0000 (UTC)
 (envelope-from melissa@bluerosetech.com)
Received: from echo.brtsvcs.net (echo.brtsvcs.net [208.111.40.118])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 31AB76E872;
 Wed,  4 Apr 2018 09:30:55 +0000 (UTC)
 (envelope-from melissa@bluerosetech.com)
Received: from chombo.houseloki.net (unknown
 [IPv6:2601:1c2:1402:1770:21c:c0ff:fe7f:96ee])
 by echo.brtsvcs.net (Postfix) with ESMTPS id 23C4D38D0F;
 Wed,  4 Apr 2018 02:30:49 -0700 (PDT)
Received: from [IPv6:fe80::7102:4df8:1f13:5c55] (unknown
 [IPv6:fe80::7102:4df8:1f13:5c55])
 by chombo.houseloki.net (Postfix) with ESMTPSA id 6842B1052;
 Wed,  4 Apr 2018 02:30:48 -0700 (PDT)
Subject: Re: How to get timely MFH of security commits?
To: Thomas Zander <riggs@freebsd.org>
Cc: Freebsd Ports <freebsd-ports@freebsd.org>
References: <3757bd87-a536-c3ae-ef71-1a68fe6c3e45@bluerosetech.com>
 <CAFU734zUTexr=UowMkF1u6U8ba-t5=1LF5C0Q0rWwX1RzziiGQ@mail.gmail.com>
From: Mel Pilgrim <list_freebsd@bluerosetech.com>
Message-ID: <b5723cc4-5bdc-6825-5b33-a3e9e83b5fce@bluerosetech.com>
Date: Wed, 4 Apr 2018 02:30:51 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <CAFU734zUTexr=UowMkF1u6U8ba-t5=1LF5C0Q0rWwX1RzziiGQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Apr 2018 09:30:56 -0000

On 04/04/2018 00:00, Thomas Zander wrote:
> Hi,
> 
> On 2 April 2018 at 18:50, Mel Pilgrim <list_freebsd@bluerosetech.com> wrote:
>> The update to net/samba4{5,6,7} addressing CVEs went to head on March 13.
>> The security/openssl update to 1.0.2o was committed to head with MFH 2018Q1
>> explicitly asked for in the commit message.  In both cases, 2018Q1 expired
>> before the MFH happened.
>> [...]
>> Can those of us who aren't committers do anything to help improve this
>> process?
> 
> the timely MFH of important security fixes is of course our top concern.
> In the given example of the samba fixes, we did not receive an email
> (which happens automatically when the MFH: tag in the commit message
> refers to a quarterly branch) to ports-secteam on March 13, hence this
> apparently slipped our attention for several days.
> If you feel like an important and/or urgent fix that needs MFH might
> have slipped, i.e. two days after the commit to head happened, please
> do not hesitate and give us a heads-up to ports-secteam@freebsd.org.

Thank you for clarifying the timeframe for expecting an MFH. In the 
future, if I see one missed I'll add ports-secteam@freebsd.org to the CC 
list of the bug.

On the topic of MFH emails, were those for r453380 and r465710 (both 
security updates to security/openssl with MFH tags) not sent?