On 18/02/2016 3:51 AM, Warren Block wrote: > On Wed, 17 Feb 2016, Eric van Gyzen wrote: > >> On 02/17/2016 08:19, Warren Block wrote: >>> On Wed, 17 Feb 2016, Kurt Jaeger wrote: >>> >>>> A short note on the www.freebsd.org website would probably be helpful, >>>> as this case will produce a lot of noise. >>> >>> Maybe a short article like we did for leap seconds? >>> https://www.freebsd.org/doc/en_US.ISO8859-1/articles/leap-seconds/article.html >>> >>> >> >> Articles are permanent, which makes sense for the recurring issue of >> leap seconds. This vulnerability is transient, so I would suggest a >> news item. > > Yes, but news items are usually just links. For the amount of > information we have so far, an article seems like the easiest way to do > this. Or maybe an addition to the security part of the web site? > > For now, I'll collect the information as just text.
Don't we also want our sec teams to investigate/confirm it anyway, independent of how it's communicated? If so, doesn't a security advisory (with secteam and/or ports-secteam as appropriate) make the most sense here, given the scope of vulnerability for base/linux emulation/ports is yet to be completely established and is still to be investigated properly? Finally, would users expect a news item, an article or a heads up from our security teams for something like this, even in the case where it's only a "confirmed we're not affected" ? ./koobs _______________________________________________ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
