From owner-freebsd-security@FreeBSD.ORG Wed Apr 9 14:36:58 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4C401CB4 for ; Wed, 9 Apr 2014 14:36:58 +0000 (UTC) Received: from st11p09mm-asmtp001.mac.com (st11p09mm-asmtp001.mac.com [17.164.24.96]) by mx1.freebsd.org (Postfix) with ESMTP id 101771FF8 for ; Wed, 9 Apr 2014 14:36:57 +0000 (UTC) MIME-version: 1.0 Received: from st11p09mm-spool002.mac.com ([17.164.24.93]) by st11p09mm-asmtp001.mac.com (Oracle Communications Messaging Server 7u4-27.08(7.0.4.27.7) 64bit (built Aug 22 2013)) with ESMTP id <0N3R00M53N4SGJ40@st11p09mm-asmtp001.mac.com> for freebsd-security@freebsd.org; Wed, 09 Apr 2014 13:36:29 +0000 (GMT) Received: from localhost ([17.164.24.65]) by st11p09mm-spool002.mac.com (Oracle Communications Messaging Server 7u4-27.01(7.0.4.27.0) 64bit (built Aug 30 2012)) with ESMTP id <0N3R0018DN4S1G50@st11p09mm-spool002.mac.com>; Wed, 09 Apr 2014 13:36:28 +0000 (GMT) To: Pawel Biernacki From: Kimmo Paasiala Subject: Re: Proposal Date: Wed, 09 Apr 2014 13:36:28 +0000 (GMT) X-Mailer: iCloud MailClient14B.126622 MailServer14B.15638 X-Originating-IP: [88.195.128.33] Message-id: <9eeba1ab-2ab0-4188-82aa-686c5573a5db@me.com> In-reply-to: <86fvlm7hzj.fsf@nine.des.no> x-icloud-spam-score: 34444444 f=icloud.com; e=icloud.com; is=no; ir=yes; pp=ham; spf=n/a; dkim=n/a; dmarc=n/a; wl=n/a; pwl=n/a; clxs=n/a; clxl=n/a X-MANTSH: 1TEIXWV4bG1oaGkdHB0lGUkdDRl5PWBoaHhEKTEMXGx0EGx0YBBIZBBsTEBseGh8 aEQpYTRdLEQptfhcaEQpMWRcbGhsbEQpZSRcRClleF2hueREKQ04XSxseGmJCH2lsHm5uGXhzB xkTGxkZHH5pEQpYXBcZBBoEHQdNSx0SSEkcTAUbHQQbHRgEEhkEGxMQGx4aHxsRCl5ZF2FPXGw eEQpMRhdua2sRCkNaFxsdBBscHgQYHgQTGREKQl4XGxEKRFgXGREKREkXGBEKQkUXZn1/E01vX GBlGhIRCkJOF2tFGlJQHkNcWVxoEQpCTBduTR15WWNkaH4YRhEKQmwXYUB8U2xLHxhke34RCkJ AF2JAYmdOemBlSBthEQpwaBdmSXlmbUhLSHt5QhEKcGgXYlhTYB4SH1JHARkRCnBoF2lSc0xhW VIbfGZHEQpwaBdjaX5PeE1raUgdXxEKcGgXYEd6HnpLfHNwbgERCnBsF21nbgUfYU5hHFsbEQp wTBdnYFJHc0RQX0cZZBEKcEMXaW1rXRtATWRNGGgR X-CLX-Spam: false X-CLX-Score: 1011 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.96,1.0.14,0.0.0000 definitions=2014-04-09_02:2014-04-09,2014-04-09,1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1404090078 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: =?utf-8?B?IkRhZy1FcmxpbmcgU23DuHJncmF2Ig==?= , freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Apr 2014 14:36:58 -0000 On Apr 09, 2014, at 03:25 PM, Dag-Erling Sm=C3=B8rgrav wrote:= =0A=0APawel Biernacki wri= tes:=0A =C2=A0 =C2=A0 =C2=A0 =C2=A0> I understand that this is voluntary r= ole and you have another (real=0A =C2=A0 =C2=A0 =C2=A0 =C2=A0> life) respo= nsibilities that=E2=80=99s why I'd like to propose an idea of (at=0A =C2=A0= =C2=A0 =C2=A0 =C2=A0> least partially) paid position of Security Officer,= because we all=0A =C2=A0 =C2=A0 =C2=A0 =C2=A0> need quick and efficient r= esponse in cases like that.=0A=0AHaving a paid Security Officer would not = have made any difference.=0A=0ADES=0A-- =0ADag-Erling Sm=C3=B8rgrav - des@= des.no=0A=C2=A0=0ACould everyone just please stop panicking and take an ob= jective look on this issue. It took only one full DAY to come up with a fi= x and issue the security advisory. That's damn fast if you look at some of= the commercial entities that face the exact same kind of issues and often= struggle to even acknowledge that there is a problem they need to address= and take sometimes weeks to release hotfixes.=0A=0AIn my opinion this iss= ue couldn't have been handled any better considering what it takes to do t= he job properly, congrats to the security team from me.=0A=0A-Kimmo=