On 04/04/2018 00:00, Thomas Zander wrote:
Hi,
On 2 April 2018 at 18:50, Mel Pilgrim <list_free...@bluerosetech.com> wrote:
The update to net/samba4{5,6,7} addressing CVEs went to head on March 13.
The security/openssl update to 1.0.2o was committed to head with MFH 2018Q1
explicitly asked for in the commit message. In both cases, 2018Q1 expired
before the MFH happened.
[...]
Can those of us who aren't committers do anything to help improve this
process?
the timely MFH of important security fixes is of course our top concern.
In the given example of the samba fixes, we did not receive an email
(which happens automatically when the MFH: tag in the commit message
refers to a quarterly branch) to ports-secteam on March 13, hence this
apparently slipped our attention for several days.
If you feel like an important and/or urgent fix that needs MFH might
have slipped, i.e. two days after the commit to head happened, please
do not hesitate and give us a heads-up to ports-sect...@freebsd.org.
Thank you for clarifying the timeframe for expecting an MFH. In the
future, if I see one missed I'll add ports-sect...@freebsd.org to the CC
list of the bug.
On the topic of MFH emails, were those for r453380 and r465710 (both
security updates to security/openssl with MFH tags) not sent?
_______________________________________________
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
