On Mon, 24 Nov 2008, David F. Severski wrote: > On Mon, Nov 24, 2008 at 11:06:56PM +0100, William Palfreman wrote: > > That's nice. I am sure it is very useful on the ports mailinglist > > where it belongs. I also greatly enjoy the frequent interesting and > > informed discussion on the security mailinglist - of which Eirik > > Overby's thread recently about syn+fin is one example. But all these > > ports announcements, raw patches, garbled html etc. I could really do > > without. It is why there are separate lists. > > Was there a discussion or even an announcement indicating that the > security-related port commit messages would be sent to freebsd-security?
Not that I could find. The other day I reviewed the last three months' archives looking for any notice I'd missed. These ports security issues and patches postings began on Nov 8; I've resisted commenting until now. > This seems to have started just this month. Like William, I also find the > explosion of commit messages and bug tracking minutia detracts from the > low volume and high value of the freebsd-security list. The list > description on mailman indicates the intent of the list is to be a > 'high-signal, low-noise discussion of issues affecting the security of > FreeBSD.' Including every single obliquely security related port commit > seems counter to this intention. > > I'd very much like to see a separate list for the automated port postings, > leaving this list to it's historical usage. I'm also finding these to be swamping S/N (as are these posts, I know!) and no, switching to security-advisories@ wouldn't cut it for me, for the same reasons William mentions above. We're heading towards 20,000 ports these days, and while I appreciate and rely on the vuxml database and portaudit for vulns and updates for those ports I use, and am glad to see such active work going on, I'm feeling the separation of base system (including contrib) from ports remains important - especially in the security context. My 2c (now scarcely U$1.3c), Ian _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
