From nobody Mon Apr 18 19:57:12 2022 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 7052711E712F for ; Mon, 18 Apr 2022 19:58:16 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: from mail-oi1-x22b.google.com (mail-oi1-x22b.google.com [IPv6:2607:f8b0:4864:20::22b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KhyRC39ZCz4lgq for ; Mon, 18 Apr 2022 19:58:15 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: by mail-oi1-x22b.google.com with SMTP id 12so15879668oix.12 for ; Mon, 18 Apr 2022 12:58:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=BbD8UzNwZCJBBpFiujug1Xnkc3/hJHQxy+RqhdIkRrE=; b=L9uC7Uhz17R+702zDLvbruVh2QHKX2olZDVMWPUfCyjBz1HSGtle/bFZh9YkW0/POm v/sqbbwLpL8Gf1Gsdu4zw455FfUvD+0nsQCOoEns9emRSl8EEVr7f35I33SyaV/vgpv/ i7/nkXYpnCMfA+gvkbkNCapFgkWrcg3Kfdj97bHkl4c4gYTJhdkM4KmKNwN0mwjLKjvl zu7gJMM9oswGFU7msRZIZzWMVvDF3I/+YNz7CF7Gj5VekCRdyo5YwhsKb1Lh5YLTGGau +ugH1oknmUUJiJbHhKDCz8xJWJJJTcr7HH1LZCC3yK43HFPlcWPBDA8wRNUoM2NxVy57 9CtQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=BbD8UzNwZCJBBpFiujug1Xnkc3/hJHQxy+RqhdIkRrE=; b=HYfQlyF2xuG/givGan9zXVW1rf/gJ/4CSTDEFdbsUTejgmzmMO/NQ3QYfvrA7MrzoK uoMXX77Sc+9gMbvdAO/XArm6YtpYpBx+KqDXdDvuzF6jiAalrB9pEvCIDXcyE65QttqE jXfHeXWCuKDIM1RaXMAI8CdxWI4tGDGyoz4LsSgNnlTMQtt0QGLe7Bap/vbqoxlSmZNy loYbvoPGFZCO5GBjH2zAQE9lYLE06fzdpzGYhqf/h1mN84wFpqpY/3N43EtjUeCdn+WD BC7UNlhuo9/C6EWpSr6UGUUc3ERRfUljA3vVpOcZUTfhdWSY0ThuA8W6pwfvFZBBy/41 w92A== X-Gm-Message-State: AOAM532PvDKCDt/iUlNVli8SkvblptWdtnSfzLxE9zoT385hGBhJi+RY 9mB71PKALYzCz6NfHFRLSE3NIeUVJ5TG6f3Ip1lYYq9FkqU= X-Google-Smtp-Source: ABdhPJw/PWTBx988ubt723oJIjgt24gSZArhsZuUFMxMN3XSO/5pdZZf7wJnAKQkx2bZ8Kx3IYBPPcztUWJ+Q4WKf4E= X-Received: by 2002:a05:6808:1305:b0:2da:5086:fa34 with SMTP id y5-20020a056808130500b002da5086fa34mr5768586oiv.230.1650311894438; Mon, 18 Apr 2022 12:58:14 -0700 (PDT) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 From: Kevin Oberman Date: Mon, 18 Apr 2022 12:57:12 -0700 Message-ID: Subject: Lack of notification of security notices To: freebsd-security@freebsd.org Content-Type: multipart/alternative; boundary="0000000000003c961505dcf32e43" X-Rspamd-Queue-Id: 4KhyRC39ZCz4lgq X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20210112 header.b=L9uC7Uhz; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of kob6558@gmail.com designates 2607:f8b0:4864:20::22b as permitted sender) smtp.mailfrom=kob6558@gmail.com X-Spamd-Result: default: False [-3.70 / 15.00]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; TO_DN_NONE(0.00)[]; MID_RHS_MATCH_FROMTLD(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FORGED_SENDER(0.30)[rkoberman@gmail.com,kob6558@gmail.com]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FROM_NEQ_ENVFROM(0.00)[rkoberman@gmail.com,kob6558@gmail.com]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::22b:from]; MLMMJ_DEST(0.00)[freebsd-security]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-ThisMailContainsUnwantedMimeParts: N --0000000000003c961505dcf32e43 Content-Type: text/plain; charset="UTF-8" As per the FreeBSD Security Information web page , security notifications are sent to: - FreeBSD-security-notifications@FreeBSD.org - FreeBSD-security@FreeBSD.org - FreeBSD-announce@FreeBSD.org This policy has lately been ignored. No postings show up in the archives of FreeBSD-security-notifications@FreeBSD.org since January. Likewise for freebsd-announce. The only list showing the April 6 announcements is this one, freebsd-security@freebad.org. In the past, Security Announcements and Errata Notes have also been copied to the stable and current lists as appropriate, although this is not mentioned. This delayed the update of my systems by several days. Fortunately, only one of these vulnerabilities was relevant to my systems. Even though the announcements are almost 2 weeks old, it is still likely that some people are unaware of them, so I would strongly urge that they be posted to, at least, FreeBSD-Announce and FreeBSD-Stable lists. In passing, I will note that the same issue appears to be occurring with posts of Errata Notices. -- Kevin Oberman, Part time kid herder and retired Network Engineer E-mail: rkoberman@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 --0000000000003c961505dcf32e43 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
This policy has lately been ignored. No postings show= up in the archives of FreeBSD-security-notifications@FreeBSD.org = since January. Likewise for freebsd-announce. The only list showing the Apr= il 6 announcements is this one, freebsd-security@freebad.org.
In the past, Security Announcements and Errata Notes have also been copied to the stable and current lists as appropriate, although this is not menti= oned.=C2=A0 This=20 delayed the update of my systems by several days. Fortunately, only one=20 of these vulnerabilities was relevant to my systems.
Even though the announcements are almost 2 weeks old, it is still likely=20 that some people are unaware of them, so I would strongly urge that they be posted to, at least, FreeBSD-Announce and=C2=A0 FreeBSD-Stable=20 lists.

In passing, I will note=C2=A0 tha= t the same issue appears to be occurring with posts of Errata Notices.
--=
<= div dir=3D"ltr">Kevin Oberman, Part time kid herder and retired Network Eng= ineer
E-mail: r= koberman@gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C169= 4B318AB39EF1B055683
--0000000000003c961505dcf32e43--