From nobody Tue Apr 19 08:28:53 2022 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 0090F11D85BF for ; Tue, 19 Apr 2022 08:29:05 +0000 (UTC) (envelope-from rb@gid.co.uk) Received: from mx0.gid.co.uk (mx0.gid.co.uk [194.32.164.250]) by mx1.freebsd.org (Postfix) with ESMTP id 4KjH5X0fFCz4YYK for ; Tue, 19 Apr 2022 08:29:04 +0000 (UTC) (envelope-from rb@gid.co.uk) Received: from [194.32.164.25] ([194.32.164.25]) by mx0.gid.co.uk (8.14.2/8.14.2) with ESMTP id 23J8Suhj020031 for ; Tue, 19 Apr 2022 09:28:57 +0100 (BST) (envelope-from rb@gid.co.uk) From: rb@gid.co.uk Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\)) Subject: Re: Lack of notification of security notices [via digest] Date: Tue, 19 Apr 2022 09:28:53 +0100 References: <20220419081952.2278811D6AE4@mlmmj.nyi.freebsd.org> To: freebsd-security@freebsd.org In-Reply-To: <20220419081952.2278811D6AE4@mlmmj.nyi.freebsd.org> Message-Id: <67782447-C01D-44DA-B676-DD7FF1E924B5@gid.co.uk> X-Mailer: Apple Mail (2.3608.120.23.2.7) X-Rspamd-Queue-Id: 4KjH5X0fFCz4YYK X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of rb@gid.co.uk designates 194.32.164.250 as permitted sender) smtp.mailfrom=rb@gid.co.uk X-Spamd-Result: default: False [-2.70 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; MV_CASE(0.50)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; DMARC_NA(0.00)[gid.co.uk]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_NO_DN(0.00)[]; MLMMJ_DEST(0.00)[freebsd-security]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:42831, ipnet:194.32.164.0/24, country:GB]; RCVD_COUNT_TWO(0.00)[2]; MID_RHS_MATCH_FROM(0.00)[] X-ThisMailContainsUnwantedMimeParts: N Hi, > From: Kevin Oberman > Subject: Lack of notification of security notices > Date: 18 April 2022 at 20:57:12 BST > To: freebsd-security@freebsd.org >=20 >=20 > As per the FreeBSD Security Information web page, security = notifications are sent to: > =E2=80=A2 FreeBSD-security-notifications@FreeBSD.org >=20 > =E2=80=A2 FreeBSD-security@FreeBSD.org >=20 > =E2=80=A2 FreeBSD-announce@FreeBSD.org >=20 > This policy has lately been ignored. No postings show up in the = archives of FreeBSD-security-notifications@FreeBSD.org since January. = Likewise for freebsd-announce. The only list showing the April 6 = announcements is this one, freebsd-security@freebad.org. Purely as a data point, I=E2=80=99m seeing the same symptoms here. > In the past, Security Announcements and Errata Notes have also been = copied to the stable and current lists as appropriate, although this is = not mentioned. This delayed the update of my systems by several days. = Fortunately, only one of these vulnerabilities was relevant to my = systems. >=20 > Even though the announcements are almost 2 weeks old, it is still = likely that some people are unaware of them, so I would strongly urge = that they be posted to, at least, FreeBSD-Announce and FreeBSD-Stable = lists. >=20 > In passing, I will note that the same issue appears to be occurring = with posts of Errata Notices. > --=20 > Kevin Oberman, Part time kid herder and retired Network Engineer > E-mail: rkoberman@gmail.com > PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 -- Bob Bishop rb@gid.co.uk