Date: Wed, 4 Apr 2018 02:30:51 -0700 From: Mel Pilgrim <list_freebsd@bluerosetech.com> To: Thomas Zander <riggs@freebsd.org> Cc: Freebsd Ports <freebsd-ports@freebsd.org> Subject: Re: How to get timely MFH of security commits? Message-ID: <b5723cc4-5bdc-6825-5b33-a3e9e83b5fce@bluerosetech.com> In-Reply-To: <CAFU734zUTexr=UowMkF1u6U8ba-t5=1LF5C0Q0rWwX1RzziiGQ@mail.gmail.com> References: <3757bd87-a536-c3ae-ef71-1a68fe6c3e45@bluerosetech.com> <CAFU734zUTexr=UowMkF1u6U8ba-t5=1LF5C0Q0rWwX1RzziiGQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 04/04/2018 00:00, Thomas Zander wrote:
> Hi,
>
> On 2 April 2018 at 18:50, Mel Pilgrim <list_freebsd@bluerosetech.com> wrote:
>> The update to net/samba4{5,6,7} addressing CVEs went to head on March 13.
>> The security/openssl update to 1.0.2o was committed to head with MFH 2018Q1
>> explicitly asked for in the commit message. In both cases, 2018Q1 expired
>> before the MFH happened.
>> [...]
>> Can those of us who aren't committers do anything to help improve this
>> process?
>
> the timely MFH of important security fixes is of course our top concern.
> In the given example of the samba fixes, we did not receive an email
> (which happens automatically when the MFH: tag in the commit message
> refers to a quarterly branch) to ports-secteam on March 13, hence this
> apparently slipped our attention for several days.
> If you feel like an important and/or urgent fix that needs MFH might
> have slipped, i.e. two days after the commit to head happened, please
> do not hesitate and give us a heads-up to ports-secteam@freebsd.org.
Thank you for clarifying the timeframe for expecting an MFH. In the
future, if I see one missed I'll add ports-secteam@freebsd.org to the CC
list of the bug.
On the topic of MFH emails, were those for r453380 and r465710 (both
security updates to security/openssl with MFH tags) not sent?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b5723cc4-5bdc-6825-5b33-a3e9e83b5fce>