Date: Wed, 2 Jan 2019 07:28:24 +0100 From: Kurt Jaeger <pi@freebsd.org> To: Mel Pilgrim <list_freebsd@bluerosetech.com> Cc: Freebsd Ports <freebsd-ports@freebsd.org> Subject: Re: How can we ensure security fixes get MFH'd to quarterly? Message-ID: <20190102062824.GP84895@home.opsec.eu> In-Reply-To: <187df4a2-4402-8492-6536-cd6b6cdf07de@bluerosetech.com> References: <187df4a2-4402-8492-6536-cd6b6cdf07de@bluerosetech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! > On Nov 27, r486043 was committed to head to fix several vulnerabilities > in the Samba 4.7 and 4.8 ports, but it wasn't merged to 2018Q4. A PR > was opened, but 2018Q4 sat unfixed until it expired at the end of the year. > > Filing a PR didn't help. Mentioning the PR on this list didn't help. > What can be done to prevent further repetitions of this lapse in the future? >From what I know, there are two issues: - it should be clear that it does not cause regressions in quarterly this is not always easy to check - it needs portmgr or -secteam approval (this was missing in that case) -- pi@FreeBSD.org +49 171 3101372 One year to go !
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190102062824.GP84895>