On 18/02/2016 3:51 AM, Warren Block wrote: > On Wed, 17 Feb 2016, Eric van Gyzen wrote: > >> On 02/17/2016 08:19, Warren Block wrote: >>> On Wed, 17 Feb 2016, Kurt Jaeger wrote: >>> >>>> A short note on the www.freebsd.org website would probably be helpful, >>>> as this case will produce a lot of noise. >>> >>> Maybe a short article like we did for leap seconds? >>> https://www.freebsd.org/doc/en_US.ISO8859-1/articles/leap-seconds/article.html >>> >>> >> >> Articles are permanent, which makes sense for the recurring issue of >> leap seconds. This vulnerability is transient, so I would suggest a >> news item. > > Yes, but news items are usually just links. For the amount of > information we have so far, an article seems like the easiest way to do > this. Or maybe an addition to the security part of the web site? > > For now, I'll collect the information as just text. Don't we also want our sec teams to investigate/confirm it anyway, independent of how it's communicated? If so, doesn't a security advisory (with secteam and/or ports-secteam as appropriate) make the most sense here, given the scope of vulnerability for base/linux emulation/ports is yet to be completely established and is still to be investigated properly? Finally, would users expect a news item, an article or a heads up from our security teams for something like this, even in the case where it's only a "confirmed we're not affected" ? ./koobsReceived on Wed Feb 17 2016 - 16:02:36 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:02 UTC