> In my opinion this issue couldn't have been handled any better considerin= g what it takes to do the job properly, congrats to the security team from = me. > = > -Kimmo Please don=92t frame this as criticism of the security people, that=92s not= fair. Of course we all congratulate them :) I think we=92re just interested in discussing what could be improved to imp= rove response time and also make their lives better. Do we need moar Jenkins? Extra build boxes? More cash to keep people on ret= ainer? Resources for training new people? Liaisons with other projects to i= mprove prior notification channels? Etc. FreeBSD ports had a fix after ~4 hours I think, Ubuntu patched their base a= bout an hour later, FreeBSD base took around 24 hours. Not super bad, but I= think it=92s safe to expect much more scrutiny of security-critical code i= n the coming years, so it looks like a good time to try to streamline if po= ssible at all. The public attention for this and similar events may also provide a unique = window of opportunity for soliciting extra resources from professional user= s (e.g. via a Foundation campaign). -- = Walter Hop | PGP key: https://lifeforms.nl/pgp _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"