Security advisories, errata

As I’m sure many people are aware, the security team released two advisories today (they’re visible on the main FreeBSD site). The timing of some of this stuff forced us (re@) to hand-over RELENG_5_5 to the security team a little faster than we might have otherwise (so they could deal with patches for that branch). We try to cooperate as much as we can with secteam@, and in turn they give us hints about upcoming issues that might affect a release we’re working on. So it’s all good.

It’s been awhile since I had to deal with an advisory (SA-06:16 in particular) that affected four codelines (HEAD, RELENG_6, RELENG_5, and RELENG_4). So that was changes to four release notes and three errata files, plus some Web site updates. That’s a lot to do in a short time (admittedly a self-imposed deadline), but that’s probably nothing compared to the behind-the-scenes work that secteam@ had to do in order to devise and test the fixes (on over ten codelines, worst-case). So my hat’s off to them, as always.

The PDF output for the errata, specifically the table describing the security advisories, is unbelievably ugly. I remember discussing this with someone (hrs?) when this style of documenting advisories was first adopted, but at the time I was getting too burned out to care much (and neither of us had any good answers). Maybe we need to start thinking about this again.

We’re also thinking about some possible errata issues (non-security-related) to be fixed on RELENG_6_1 before handing it off. In some cases we’re waiting for the bugfixes to have proven themselves on HEAD and RELENG_6 first. I might try to at least write some of these items up for the errata document first, even if we don’t have fixes committed yet.

Leave a Reply

You must be logged in to post a comment.