From owner-freebsd-stable@freebsd.org Wed May 15 16:02:49 2019 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EC05815974C9 for ; Wed, 15 May 2019 16:02:48 +0000 (UTC) (envelope-from gjb@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 6BBDA93443 for ; Wed, 15 May 2019 16:02:48 +0000 (UTC) (envelope-from gjb@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 2CCF615974C7; Wed, 15 May 2019 16:02:48 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1B4EE15974C5 for ; Wed, 15 May 2019 16:02:48 +0000 (UTC) (envelope-from gjb@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B386F9343D; Wed, 15 May 2019 16:02:47 +0000 (UTC) (envelope-from gjb@freebsd.org) Received: from FreeBSD.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by freefall.freebsd.org (Postfix) with ESMTPS id 2425A7CDC; Wed, 15 May 2019 16:02:47 +0000 (UTC) (envelope-from gjb@freebsd.org) Date: Wed, 15 May 2019 16:02:44 +0000 From: Glen Barber To: Kurt Jaeger Cc: "Julian H. Stacey" , stable@freebsd.org, re@freebsd.org, FreeBSD Security Officer Subject: Re: FreeBSD flood of 8 breakage announcements in 3 mins. Message-ID: <20190515160244.GU15455@FreeBSD.org> References: <20190515153836.GU20962@fc.opsec.eu> <201905151551.x4FFp0UP067236@fire.js.berklix.net> <20190515155838.GV20962@fc.opsec.eu> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="3yk1sSvxP8cRAjBs" Content-Disposition: inline In-Reply-To: <20190515155838.GV20962@fc.opsec.eu> User-Agent: Mutt/1.11.2 (2019-01-07) X-Rspamd-Queue-Id: B386F9343D X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.89 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.89)[-0.894,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 May 2019 16:02:49 -0000 --3yk1sSvxP8cRAjBs Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, May 15, 2019 at 05:58:38PM +0200, Kurt Jaeger wrote: > Hi! >=20 > > > > Alternative is to for announcers to do Less work:=20 > > > > Send each announcement when ready. >=20 > > > The problem is not the announcement, the problem is providing > > > the freebsd-update. >=20 > > > If announcements are send when ready, and the freebsd-update is > > > not ready, therefore, the timeframes to attack systems with unpatched > > > problems are much longer. >=20 > > True as far as that goes for binary users, but often source patches > > are available faster, which begs the question: when to announce ? > > When there's diffs ? When diffs are commited to src/ (used to be the no= rm *) ? > > When there's some binary update ?=20 > > Whne a whole bunch of 8 arrive in 3 minutes ? Gasp ! >=20 > Now I understand why you bring this up. >=20 > I guess the majority of users are using the binary update path. >=20 > Maybe re@ can explain how the process is for these steps ? >=20 This is an so@ thing (CCd). re@ does not have any involvement in this process. Glen --3yk1sSvxP8cRAjBs Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjRJAPC5sqwhs9k2jAxRYpUeP4pMFAlzcOCQACgkQAxRYpUeP 4pOCaw/+KmuAxkQgN/pBRqZEvq4B0K8OCToE2XBavpugNMUJwEmlG5sPYHEc2tg2 mIPmQVzM47x/SdwARXkqUoUGh+jvOcYoEzfK2rLXNR5nAz7zrA5fcBkGe/wNZ23t N4GsCYym54lwalFWWXzmsUfiUMlLvkhLPW6N97buDftNw5B0RQKNCymVWc2butM7 dBSWQKW0BgKq9vh+X+6T6z0u05nbO7prsM8nWu3DYPwRvgdzxxEmoui2C8cQvda/ 3F5aXi8HrYgQO4JzI0VYbqkCrXkt+r7ZYM4D/UO0u+LRv8vEglM/TRhWxxPLsbaD GCN8C6DFusGwVQB2Kg+81IreHclRkotQw4iosvZrr3ElkRW7Np8eRRWTedg/D5Ui Ne05aJlZzrU1AxUOhInvMrQg+o685CJx1Kz+dNaastuv4/Qnqz5kpb4oNgjvBKPY y0XJpsE6X/lFCkKhVcAbpy1Q5MdCesb4u2Zdv2gcnKtltIOIZPtbqXfV40aFmM85 2YkQAmt/bo0GCo2RNAowgxUx5kcxxLlqSir2+kWlv7xeOCnL4Ayw4FX9uyA/bwHa nBvUFk4Fos2edGgEvWt4ZLWc7nTbAb6312AphzpaShwUxPY56JUlD+aM1vMSHRqL hlhVHVbhB8ipqYh3Csg4f7P5xkseU16iJXR2A+uGosq7XCNnKEk= =FqGO -----END PGP SIGNATURE----- --3yk1sSvxP8cRAjBs--