Date: Wed, 4 Apr 2018 09:00:57 +0200 From: Thomas Zander <riggs@freebsd.org> To: Mel Pilgrim <list_freebsd@bluerosetech.com> Cc: Freebsd Ports <freebsd-ports@freebsd.org> Subject: Re: How to get timely MFH of security commits? Message-ID: <CAFU734zUTexr=UowMkF1u6U8ba-t5=1LF5C0Q0rWwX1RzziiGQ@mail.gmail.com> In-Reply-To: <3757bd87-a536-c3ae-ef71-1a68fe6c3e45@bluerosetech.com> References: <3757bd87-a536-c3ae-ef71-1a68fe6c3e45@bluerosetech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
On 2 April 2018 at 18:50, Mel Pilgrim <list_freebsd@bluerosetech.com> wrote:
> The update to net/samba4{5,6,7} addressing CVEs went to head on March 13.
> The security/openssl update to 1.0.2o was committed to head with MFH 2018Q1
> explicitly asked for in the commit message. In both cases, 2018Q1 expired
> before the MFH happened.
> [...]
> Can those of us who aren't committers do anything to help improve this
> process?
the timely MFH of important security fixes is of course our top concern.
In the given example of the samba fixes, we did not receive an email
(which happens automatically when the MFH: tag in the commit message
refers to a quarterly branch) to ports-secteam on March 13, hence this
apparently slipped our attention for several days.
If you feel like an important and/or urgent fix that needs MFH might
have slipped, i.e. two days after the commit to head happened, please
do not hesitate and give us a heads-up to ports-secteam@freebsd.org.
Best regards
Riggs
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFU734zUTexr=UowMkF1u6U8ba-t5=1LF5C0Q0rWwX1RzziiGQ>