Date: Thu, 13 Aug 2015 21:15:29 +0000 From: Glen Barber <gjb@FreeBSD.org> To: Mason Loring Bliss <mason@blisses.org> Cc: freebsd-security@freebsd.org Subject: Re: Quarterly packages and security updates... Message-ID: <20150813211528.GK24069@FreeBSD.org> In-Reply-To: <20150813210129.GF4093@blisses.org> References: <20150813202007.GC4093@blisses.org> <20150813204023.GJ24069@FreeBSD.org> <20150813210129.GF4093@blisses.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--T4Djgzn3z2HSNnx0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Aug 13, 2015 at 05:01:29PM -0400, Mason Loring Bliss wrote: > On Thu, Aug 13, 2015 at 08:40:23PM +0000, Glen Barber wrote: >=20 > > [info@ removed, not sure why that email address was included.] >=20 > I'm hoping for pressure from above, as this is an important step that's > evidently being taken without quarterly branch security being bumped up in > priority. It seems to come as a surprise to many folks, and certainly I > wasn't aware of it until last week. (Also, board@ is now deprecated.) >=20 "Putting pressure" isn't the role of the Foundation. Quarterly package builds happen every few days (two, if I remember correctly), and as I was writing this reply, and updated package set for 10.x i386 was made available. So the appropriate steps are to contact the committer that resolved a vulnerable port in the latest branch to remind them to also fix it in the quarterly branch, and failing that, contact ports-secteam@ (similar to how one would report an issue in the base system to secteam@). Glen --T4Djgzn3z2HSNnx0 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVzQjsAAoJEAMUWKVHj+KTyFsP/iz2w4uocBIzJteNZUIzepS3 F80czix3utU/9dLKzqEXPu+6fV9zSpSe9y3PWYa6uJHvXPSC+sARt0/BSmDIAzBN AlzEfNqvbNclvr2q8hW3OZvySrbalqYa8djpwXF9WMjEH1yLNGICoPwSzWM3waDv GlbKluTJ3hmxQmNUVeC6h6146+AftxFilibS+myZ/9WrR6dymV8ybPrSHl7aE4xx u8HOCp+8OXg4NGZlc0BMTlt7n98urJCtQx9tjC4naruhxrJySQ3k3OVJes3NeuLY fIGBQsoGdkQwpMjB9tc4gLmGxG7zUEPMP5wiOk/pYWZtRFGMJVcD5echpkZye08f iB6cbCA+jCWR3GPsawIgWjKsZVcqPLkyQcJ0J3yrz/KFJ1lL8AspWcLcTGuSO6RD pOYMT+AhBwQLYsmShWZC1g8K4Fr4lDwmHNOk4V8RYWD4iRb+dbJbDVbAqPZZRLTe IbBBKczH7v+VHnGqvxd33CMcca0SKaAwU2tFSvhRlPIBEq/+9KjyxMuf+f5YE7OJ LAa6OfFUh99LHyhWt8CpP9cJ0eilNDKPGcNIqnkb5G4EHNmSBDWuJ4v6RPntMVuX 99U2l5gTJq3FZQUdEf831QUTzyNBldDAhtOdbgqHtzmQMoU1+42+L91cW2iqQfc8 n6tMYHfygWPSEwZghsCc =JZDq -----END PGP SIGNATURE----- --T4Djgzn3z2HSNnx0--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150813211528.GK24069>