Date: Wed, 9 Apr 2014 17:17:37 +0200 From: Walter Hop <freebsd@spam.lifeforms.nl> To: Kimmo Paasiala <kpaasial@icloud.com> Cc: freebsd-security@freebsd.org, =?iso-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>, Pawel Biernacki <pawel.biernacki@gmail.com> Subject: Re: Proposal Message-ID: <8D81F198-36A7-47F4-B486-DA059910A6B4@spam.lifeforms.nl> In-Reply-To: <9eeba1ab-2ab0-4188-82aa-686c5573a5db@me.com> References: <9eeba1ab-2ab0-4188-82aa-686c5573a5db@me.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> In my opinion this issue couldn't have been handled any better = considering what it takes to do the job properly, congrats to the = security team from me. >=20 > -Kimmo Please don=92t frame this as criticism of the security people, that=92s = not fair. Of course we all congratulate them :) I think we=92re just interested in discussing what could be improved to = improve response time and also make their lives better. Do we need moar Jenkins? Extra build boxes? More cash to keep people on = retainer? Resources for training new people? Liaisons with other = projects to improve prior notification channels? Etc. FreeBSD ports had a fix after ~4 hours I think, Ubuntu patched their = base about an hour later, FreeBSD base took around 24 hours. Not super = bad, but I think it=92s safe to expect much more scrutiny of = security-critical code in the coming years, so it looks like a good time = to try to streamline if possible at all. The public attention for this and similar events may also provide a = unique window of opportunity for soliciting extra resources from = professional users (e.g. via a Foundation campaign). --=20 Walter Hop | PGP key: https://lifeforms.nl/pgp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8D81F198-36A7-47F4-B486-DA059910A6B4>