On 18/02/2016 3:51 AM, Warren Block wrote:
> On Wed, 17 Feb 2016, Eric van Gyzen wrote:
>> On 02/17/2016 08:19, Warren Block wrote:
>>> On Wed, 17 Feb 2016, Kurt Jaeger wrote:
>>>> A short note on the www.freebsd.org website would probably be helpful,
>>>> as this case will produce a lot of noise.
>>> Maybe a short article like we did for leap seconds?
>>> https://www.freebsd.org/doc/en_US.ISO8859-1/articles/leap-seconds/article.html
>> Articles are permanent, which makes sense for the recurring issue of
>> leap seconds.  This vulnerability is transient, so I would suggest a
>> news item.
> Yes, but news items are usually just links.  For the amount of
> information we have so far, an article seems like the easiest way to do
> this.  Or maybe an addition to the security part of the web site?
> For now, I'll collect the information as just text.

Don't we also want our sec teams to investigate/confirm it anyway,
independent of how it's communicated?

If so, doesn't a security advisory (with secteam and/or ports-secteam as
appropriate) make the most sense here, given the scope of vulnerability
for base/linux emulation/ports is yet to be completely established and
is still to be investigated properly?

Finally, would users expect a news item, an article or a heads up from
our security teams for something like this, even in the case where it's
only a "confirmed we're not affected" ?

freebsd-current@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to