From owner-freebsd-security@FreeBSD.ORG  Thu Apr 10 06:39:30 2014
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 7DB9D29E
 for <freebsd-security@freebsd.org>; Thu, 10 Apr 2014 06:39:30 +0000 (UTC)
Received: from eu1sys200aog125.obsmtp.com (eu1sys200aog125.obsmtp.com
 [207.126.144.159])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id C7AF418CC
 for <freebsd-security@freebsd.org>; Thu, 10 Apr 2014 06:39:29 +0000 (UTC)
Received: from mail-wg0-f48.google.com ([74.125.82.48]) (using TLSv1) by
 eu1sys200aob125.postini.com ([207.126.147.11]) with SMTP
 ID DSNKU0Y8hUqknKxUdMgIsNGolsy1VH6bXOQW@postini.com;
 Thu, 10 Apr 2014 06:39:29 UTC
Received: by mail-wg0-f48.google.com with SMTP id l18so3524648wgh.7
 for <freebsd-security@freebsd.org>; Wed, 09 Apr 2014 23:39:01 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:sender:date:from:message-id:to:subject:reply-to
 :in-reply-to;
 bh=mAd6zmuoIXrHKKmetZlDA76GPiQpOgnxOEkX/yd4Mrc=;
 b=FtJRdjGnKSJOmmb7ZD4V4We+5SrqkB4x7zROtyBztg8R9K99pMpXPvpiwQ9jDzzmxS
 +pcm4U6ZB7PLQULQi5KfR6rNJJhOVwY+F7RYvmEjbm+BvvnRUh4BsCFnu+TzRKAt6b/S
 45arM48csKKcmrkRVcE/NdeTrZnXQR7kAvezdkNkQvbuOVumA757rfSkItRUV022ZgcG
 tqIiZEicZpxivsKXbLHnvIwU6lsF+s0tLpN6CYd+VMYzDB1PLydycMp4+S+MTkCUxDqE
 DeE7YqDN30aJWhjSCjvy8tHcHelDsm7HT2ifnPXqI444nQUYkj7sDCGb8K1zd4rI7vPn
 y/qA==
X-Gm-Message-State: ALoCoQlSzGnHxvgvB3GxrxLegeXo+MeVXu2C/ex6E/mYGX0tAFtOZYEjxCmZMUnrDZLnokGxViSkTryrfhLUboBvywMq/LF/0hFfQF4jlfFur13PBGszSrvvksW5fdbUeNrYn1z7lmjD8o3dsjoZPC3lGkjZlmqyrA==
X-Received: by 10.194.90.107 with SMTP id bv11mr13266620wjb.11.1397111941503; 
 Wed, 09 Apr 2014 23:39:01 -0700 (PDT)
X-Received: by 10.194.90.107 with SMTP id bv11mr13266611wjb.11.1397111941381; 
 Wed, 09 Apr 2014 23:39:01 -0700 (PDT)
Received: from mech-cluster241.men.bris.ac.uk (mech-cluster241.men.bris.ac.uk.
 [137.222.187.241])
 by mx.google.com with ESMTPSA id dr2sm5068715wid.2.2014.04.09.23.39.00
 for <multiple recipients>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Wed, 09 Apr 2014 23:39:00 -0700 (PDT)
Sender: Anton Shterenlikht <mexas@bristol.ac.uk>
Received: from mech-cluster241.men.bris.ac.uk (localhost [127.0.0.1])
 by mech-cluster241.men.bris.ac.uk (8.14.8/8.14.6) with ESMTP id s3A6cx6b057731
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Thu, 10 Apr 2014 07:38:59 +0100 (BST)
 (envelope-from mexas@mech-cluster241.men.bris.ac.uk)
Received: (from mexas@localhost)
 by mech-cluster241.men.bris.ac.uk (8.14.8/8.14.6/Submit) id s3A6cwxF057730;
 Thu, 10 Apr 2014 07:38:58 +0100 (BST) (envelope-from mexas)
Date: Thu, 10 Apr 2014 07:38:58 +0100 (BST)
From: Anton Shterenlikht <mexas@bris.ac.uk>
Message-Id: <201404100638.s3A6cwxF057730@mech-cluster241.men.bris.ac.uk>
To: freebsd-security@freebsd.org, lists@rewt.org.uk
Subject: Re: Proposal
In-Reply-To: <5345C98D.7030907@rewt.org.uk>
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: mexas@bris.ac.uk
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Apr 2014 06:39:30 -0000

>Date: Wed, 09 Apr 2014 23:28:29 +0100
>From: Joe Holden <lists@rewt.org.uk>
>To: freebsd-security@freebsd.org
>Subject: Re: Proposal
>
>The problem here is that a workaround wasn't communicated and I suspect 
>a very small number of religous users actually sub to security@

I do read it.

> - also 
>bare in mmind that the website wasn't updated until a number of hours 
>after, including rss which I suspect most people use.

I don't use rss

>I am not trying to undermine the required testing here, but a simple 
>binary patch via freebsd-update to disable heartbeats would have done in 
>the interim (who even uses them, or knows about them).

not for me. I much prefer a verified
security advisory.

Anton