Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 9 Apr 2014 17:17:37 +0200
From:      Walter Hop <freebsd@spam.lifeforms.nl>
To:        Kimmo Paasiala <kpaasial@icloud.com>
Cc:        freebsd-security@freebsd.org, =?iso-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>, Pawel Biernacki <pawel.biernacki@gmail.com>
Subject:   Re: Proposal
Message-ID:  <8D81F198-36A7-47F4-B486-DA059910A6B4@spam.lifeforms.nl>
In-Reply-To: <9eeba1ab-2ab0-4188-82aa-686c5573a5db@me.com>
References:  <9eeba1ab-2ab0-4188-82aa-686c5573a5db@me.com>

next in thread | previous in thread | raw e-mail | index | archive | help
> In my opinion this issue couldn't have been handled any better =
considering what it takes to do the job properly, congrats to the =
security team from me.
>=20
> -Kimmo

Please don=92t frame this as criticism of the security people, that=92s =
not fair. Of course we all congratulate them :)

I think we=92re just interested in discussing what could be improved to =
improve response time and also make their lives better.

Do we need moar Jenkins? Extra build boxes? More cash to keep people on =
retainer? Resources for training new people? Liaisons with other =
projects to improve prior notification channels? Etc.

FreeBSD ports had a fix after ~4 hours I think, Ubuntu patched their =
base about an hour later, FreeBSD base took around 24 hours. Not super =
bad, but I think it=92s safe to expect much more scrutiny of =
security-critical code in the coming years, so it looks like a good time =
to try to streamline if possible at all.

The public attention for this and similar events may also provide a =
unique window of opportunity for soliciting extra resources from =
professional users (e.g. via a Foundation campaign).

--=20
Walter Hop | PGP key: https://lifeforms.nl/pgp




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8D81F198-36A7-47F4-B486-DA059910A6B4>