From owner-freebsd-ports@FreeBSD.ORG Wed Apr 22 13:58:46 2009 Return-Path: Delivered-To: freebsd-ports@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 17CF61065673 for ; Wed, 22 Apr 2009 13:58:46 +0000 (UTC) (envelope-from shaun@FreeBSD.org) Received: from dione.picobyte.net (81-86-230-94.dsl.pipex.com [81.86.230.94]) by mx1.freebsd.org (Postfix) with SMTP id 9CFC98FC1D for ; Wed, 22 Apr 2009 13:58:45 +0000 (UTC) (envelope-from shaun@FreeBSD.org) Received: from charon.picobyte.net (charon.picobyte.net [IPv6:2001:770:15d::fe03]) by dione.picobyte.net (Postfix) with ESMTP id 5AF62B835; Wed, 22 Apr 2009 14:30:49 +0100 (BST) Date: Wed, 22 Apr 2009 14:30:49 +0100 From: Shaun Amott To: Mark Foster Message-ID: <20090422133048.GA85102@charon.picobyte.net> References: <49E8A264.7000001@foster.cc> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <49E8A264.7000001@foster.cc> User-Agent: Mutt/1.5.18 (FreeBSD i386) Cc: freebsd-ports@FreeBSD.org Subject: Re: ports/132800: vuxml submission for net-im/ejabberd X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Apr 2009 13:58:46 -0000 On Fri, Apr 17, 2009 at 08:38:12AM -0700, Mark Foster wrote: > > I'm following up regarding this apparent maintainer timeout. It's not my > intention to place blame, but to me it is unacceptable that important > security (vuxml) updates are sometimes blocked by unresponsive > maintainers. It is not in the best interest of the users or FreeBSD to > let these things slip. > > The vuxml updates should be reviewed & committed without waiting on the > maintainer of the port. Perhaps a simple non-blocking heads-up (Cc:) to > the maintainer is more appropriate. Once publicized, the security > notifications (via portaudit) become known to a wider, targetted > audience. This establishes an important feedback loop as opposed to > keeping the problem a "secret", since the users are more likely to > either nudge the maintainer for an update to the port or submit one (via > send-pr) themselves. > Sorry about this - I forgot about this particular PR. VuXML entries often do get fast-tracked if they are particularly serious. In fact, I'm not sure the usual maintainer timeout even applies. However, I do think maintainers should be consulted, as it is not always clear if a bug affects the FreeBSD build of a given piece of software; sometimes the issue may even have been patched already in a port. -- Shaun Amott // PGP: 0x6B387A9A "A foolish consistency is the hobgoblin of little minds." - Ralph Waldo Emerson