How to get timely MFH of security commits?
Thomas Zander
riggs at freebsd.org
Wed Apr 4 07:00:59 UTC 2018
Hi,
On 2 April 2018 at 18:50, Mel Pilgrim <list_freebsd at bluerosetech.com> wrote:
> The update to net/samba4{5,6,7} addressing CVEs went to head on March 13.
> The security/openssl update to 1.0.2o was committed to head with MFH 2018Q1
> explicitly asked for in the commit message. In both cases, 2018Q1 expired
> before the MFH happened.
> [...]
> Can those of us who aren't committers do anything to help improve this
> process?
the timely MFH of important security fixes is of course our top concern.
In the given example of the samba fixes, we did not receive an email
(which happens automatically when the MFH: tag in the commit message
refers to a quarterly branch) to ports-secteam on March 13, hence this
apparently slipped our attention for several days.
If you feel like an important and/or urgent fix that needs MFH might
have slipped, i.e. two days after the commit to head happened, please
do not hesitate and give us a heads-up to ports-secteam at freebsd.org.
Best regards
Riggs
More information about the freebsd-ports
mailing list