The update to net/samba4{5,6,7} addressing CVEs went to head on March
13. The security/openssl update to 1.0.2o was committed to head with
MFH 2018Q1 explicitly asked for in the commit message. In both cases,
2018Q1 expired before the MFH happened.
Last year, r453380 updated security/openssl in head to 1.0.2m the same
day it was available upstream. The commit was flagged MFH 2017Q4, but
it took opening a bug asking for the MFH three weeks later.
Delays like this mean that, for the vast majority of users, security
fixes are delayed by up to three months.
Is there a process hindering security merges?
Can those of us who aren't committers do anything to help improve this
process?
_______________________________________________
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"