Quarterly packages and security updates...
Glen Barber
gjb at FreeBSD.org
Thu Aug 13 21:15:31 UTC 2015
On Thu, Aug 13, 2015 at 05:01:29PM -0400, Mason Loring Bliss wrote:
> On Thu, Aug 13, 2015 at 08:40:23PM +0000, Glen Barber wrote:
>
> > [info@ removed, not sure why that email address was included.]
>
> I'm hoping for pressure from above, as this is an important step that's
> evidently being taken without quarterly branch security being bumped up in
> priority. It seems to come as a surprise to many folks, and certainly I
> wasn't aware of it until last week. (Also, board@ is now deprecated.)
>
"Putting pressure" isn't the role of the Foundation.
Quarterly package builds happen every few days (two, if I remember
correctly), and as I was writing this reply, and updated package set for
10.x i386 was made available.
So the appropriate steps are to contact the committer that resolved
a vulnerable port in the latest branch to remind them to also fix it in
the quarterly branch, and failing that, contact ports-secteam@ (similar
to how one would report an issue in the base system to secteam@).
Glen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20150813/02969821/attachment.bin>
More information about the freebsd-security
mailing list