Date: Mon, 18 Apr 2022 13:19:19 -0700 From: Gordon Tetlow <gordon@tetlows.org> To: Kevin Oberman <rkoberman@gmail.com>, postmaster@freebsd.org Cc: freebsd-security@freebsd.org Subject: Re: Lack of notification of security notices Message-ID: <D0D174DB-B479-478C-8C48-6B862A0DADCB@tetlows.org> In-Reply-To: <CAN6yY1tcGowuUPG0TGBvLuVZzm_inRt77yp7efpvU3JWHk2Dcg@mail.gmail.com> References: <CAN6yY1tcGowuUPG0TGBvLuVZzm_inRt77yp7efpvU3JWHk2Dcg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_B697FF60-E4DF-4BE7-AE9F-E4F04450C2FD Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii =46rom the secteam point of view, we haven't changed anything in the way = we send messages to the mailing lists. I have double checked and all SAs = are sent to the three addresses listed. I suspect this is likely fallout = of the mailing list change over. I can say for my part, I have gotten a copy of the messages from both = the freebsd-announce and freebsd-security mailing lists for the SAs I = have sent out (I'm not subscribed to the freebsd-security-notifications = list). I just confirmed the headers for the 2 copies of SA-22:08.zlib = that I received that it is routing through the lists.=20 It does appear as though the messages are not properly archiving into = the mailing list archives. Adding postmaster to the thread for them to = dig into why that might be. Gordon Hat: security-officer > On Apr 18, 2022, at 12:57 PM, Kevin Oberman <rkoberman@gmail.com> = wrote: >=20 > As per the FreeBSD Security Information web page = <https://www.freebsd.org/security/>, security notifications are sent to: > FreeBSD-security-notifications@FreeBSD.org = <mailto:FreeBSD-security-notifications@FreeBSD.org> > FreeBSD-security@FreeBSD.org <mailto:FreeBSD-security@FreeBSD.org> > FreeBSD-announce@FreeBSD.org <mailto:FreeBSD-announce@FreeBSD.org> > This policy has lately been ignored. No postings show up in the = archives of FreeBSD-security-notifications@FreeBSD.org = <mailto:FreeBSD-security-notifications@FreeBSD.org> since January. = Likewise for freebsd-announce. The only list showing the April 6 = announcements is this one, freebsd-security@freebad.org = <mailto:freebsd-security@freebad.org>. >=20 > In the past, Security Announcements and Errata Notes have also been = copied to the stable and current lists as appropriate, although this is = not mentioned. This delayed the update of my systems by several days. = Fortunately, only one of these vulnerabilities was relevant to my = systems. >=20 > Even though the announcements are almost 2 weeks old, it is still = likely that some people are unaware of them, so I would strongly urge = that they be posted to, at least, FreeBSD-Announce and FreeBSD-Stable = lists. >=20 > In passing, I will note that the same issue appears to be occurring = with posts of Errata Notices. > --=20 > Kevin Oberman, Part time kid herder and retired Network Engineer > E-mail: rkoberman@gmail.com <mailto:rkoberman@gmail.com> > PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 --Apple-Mail=_B697FF60-E4DF-4BE7-AE9F-E4F04450C2FD Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; = charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; line-break: after-white-space;" class=3D"">=46ro= m the secteam point of view, we haven't changed anything in the way we = send messages to the mailing lists. I have double checked and all SAs = are sent to the three addresses listed. I suspect this is likely fallout = of the mailing list change over.<div class=3D""><br class=3D""></div><div = class=3D"">I can say for my part, I have gotten a copy of the messages = from both the freebsd-announce and freebsd-security mailing lists for = the SAs I have sent out (I'm not subscribed to the = freebsd-security-notifications list). I just confirmed the headers for = the 2 copies of SA-22:08.zlib that I received that it is routing through = the lists. </div><div class=3D""><br class=3D""></div><div = class=3D"">It does appear as though the messages are not properly = archiving into the mailing list archives. Adding postmaster to the = thread for them to dig into why that might be.</div><div class=3D""><br = class=3D""></div><div class=3D"">Gordon</div><div class=3D"">Hat: = security-officer</div><div class=3D""><div><br class=3D""><blockquote = type=3D"cite" class=3D""><div class=3D"">On Apr 18, 2022, at 12:57 PM, = Kevin Oberman <<a href=3D"mailto:rkoberman@gmail.com" = class=3D"">rkoberman@gmail.com</a>> wrote:</div><br = class=3D"Apple-interchange-newline"><div class=3D""><div dir=3D"ltr" = class=3D""><div class=3D"gmail_default" = style=3D"font-family:tahoma,sans-serif;font-size:small"><div = class=3D"gmail_default" = style=3D"font-family:tahoma,sans-serif;font-size:small">As per the <a = href=3D"https://www.freebsd.org/security/" target=3D"_blank" = class=3D"">FreeBSD Security Information web page</a>, security = notifications are sent to:</div><div class=3D"gmail_default" = style=3D"font-family:tahoma,sans-serif;font-size:small"><div class=3D""> <ul class=3D""><li class=3D""><p class=3D""><a = href=3D"mailto:FreeBSD-security-notifications@FreeBSD.org" = target=3D"_blank" = class=3D"">FreeBSD-security-notifications@FreeBSD.org</a></p> </li><li class=3D""><p class=3D""><a = href=3D"mailto:FreeBSD-security@FreeBSD.org" target=3D"_blank" = class=3D"">FreeBSD-security@FreeBSD.org</a></p> </li><li class=3D""><p class=3D""><a = href=3D"mailto:FreeBSD-announce@FreeBSD.org" target=3D"_blank" = class=3D"">FreeBSD-announce@FreeBSD.org</a></p> </li></ul> </div></div><div style=3D"font-family:tahoma,sans-serif;font-size:small" = class=3D"gmail_default">This policy has lately been ignored. No postings = show up in the archives of <a = href=3D"mailto:FreeBSD-security-notifications@FreeBSD.org" = target=3D"_blank" = class=3D"">FreeBSD-security-notifications@FreeBSD.org</a> since January. = Likewise for freebsd-announce. The only list showing the April 6 = announcements is this one, <a href=3D"mailto:freebsd-security@freebad.org"= target=3D"_blank" class=3D"">freebsd-security@freebad.org</a>.</div><div = style=3D"font-family:tahoma,sans-serif;font-size:small" = class=3D"gmail_default"><br class=3D""></div><div = style=3D"font-family:tahoma,sans-serif;font-size:small" = class=3D"gmail_default">In the past, Security Announcements and Errata Notes have also been copied to the stable and current lists as appropriate, although this is not = mentioned. This=20 delayed the update of my systems by several days. Fortunately, only one=20= of these vulnerabilities was relevant to my systems.<br = class=3D""></div><div = style=3D"font-family:tahoma,sans-serif;font-size:small" = class=3D"gmail_default"><br class=3D""></div><div = style=3D"font-family:tahoma,sans-serif;font-size:small" = class=3D"gmail_default">Even though the announcements are almost 2 weeks old, it is still likely=20 that some people are unaware of them, so I would strongly urge that they be posted to, at least, FreeBSD-Announce and FreeBSD-Stable=20= lists.</div><div style=3D"font-family:tahoma,sans-serif;font-size:small" = class=3D"gmail_default"><br class=3D""></div><div = style=3D"font-family:tahoma,sans-serif;font-size:small" = class=3D"gmail_default">In passing, I will note that the same = issue appears to be occurring with posts of Errata Notices.<font = color=3D"#888888" class=3D""><br class=3D""></font></div><font = color=3D"#888888" class=3D""></font></div>-- <br class=3D""><div = dir=3D"ltr" class=3D"gmail_signature" = data-smartmail=3D"gmail_signature"><div dir=3D"ltr" class=3D""><div = class=3D""><div dir=3D"ltr" class=3D""><div class=3D""><div dir=3D"ltr" = class=3D""><div class=3D""><div dir=3D"ltr" class=3D"">Kevin Oberman, = Part time kid herder and retired Network Engineer<br class=3D"">E-mail: = <a href=3D"mailto:rkoberman@gmail.com" target=3D"_blank" = class=3D"">rkoberman@gmail.com</a><br class=3D""></div><div class=3D"">PGP= Fingerprint: = D03FB98AFA78E3B78C1694B318AB39EF1B055683</div></div></div></div></div></di= v></div></div></div> </div></blockquote></div><br class=3D""></div></body></html>= --Apple-Mail=_B697FF60-E4DF-4BE7-AE9F-E4F04450C2FD--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D0D174DB-B479-478C-8C48-6B862A0DADCB>