How can we ensure security fixes get MFH'd to quarterly?

Wed Jan 2 06:28:29 UTC 2019

Hi!

> On Nov 27, r486043 was committed to head to fix several vulnerabilities 
> in the Samba 4.7 and 4.8 ports, but it wasn't merged to 2018Q4.  A PR 
> was opened, but 2018Q4 sat unfixed until it expired at the end of the year.
> 
> Filing a PR didn't help.  Mentioning the PR on this list didn't help. 
> What can be done to prevent further repetitions of this lapse in the future?

>From what I know, there are two issues:

- it should be clear that it does not cause regressions in quarterly
  this is not always easy to check
- it needs portmgr or -secteam approval (this was missing in that case)

-- 
pi at FreeBSD.org         +49 171 3101372                 One year to go !