Re: Lack of notification of security notices [via digest]

From: <rb_at_gid.co.uk>
Date: Tue, 19 Apr 2022 08:28:53 UTC
Hi,

> From: Kevin Oberman <rkoberman@gmail.com>
> Subject: Lack of notification of security notices
> Date: 18 April 2022 at 20:57:12 BST
> To: freebsd-security@freebsd.org
> 
> 
> As per the FreeBSD Security Information web page, security notifications are sent to:
> 	• FreeBSD-security-notifications@FreeBSD.org
> 
> 	• FreeBSD-security@FreeBSD.org
> 
> 	• FreeBSD-announce@FreeBSD.org
> 
> This policy has lately been ignored. No postings show up in the archives of FreeBSD-security-notifications@FreeBSD.org since January. Likewise for freebsd-announce. The only list showing the April 6 announcements is this one, freebsd-security@freebad.org.

Purely as a data point, I’m seeing the same symptoms here.

> In the past, Security Announcements and Errata Notes have also been copied to the stable and current lists as appropriate, although this is not mentioned.  This delayed the update of my systems by several days. Fortunately, only one of these vulnerabilities was relevant to my systems.
> 
> Even though the announcements are almost 2 weeks old, it is still likely that some people are unaware of them, so I would strongly urge that they be posted to, at least, FreeBSD-Announce and  FreeBSD-Stable lists.
> 
> In passing, I will note  that the same issue appears to be occurring with posts of Errata Notices.
> -- 
> Kevin Oberman, Part time kid herder and retired Network Engineer
> E-mail: rkoberman@gmail.com
> PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683

--
Bob Bishop
rb@gid.co.uk