As people most likely already found out, there is a problem with DNS, and there was already a problem for some extensive time with DNS. There is the possibility to spoof the reply’s returning from a DNS server.
Beyond that, some discussion was raised last night with regard to the responsiveness of the FreeBSD Security Team.
The FreeBSD Security Team is a team of people, that were picked from a volunteer pool out of the FreeBSD Development Community. These volunteers, analyse, patch and create an advisory for incoming security problems. The latter is only done ofcourse after verifying that it is really a security problem.
The moment the FreeBSD Security Team enters an advisory stage, a lot of time investment is required. Which we ofcourse do not mind but it’s something that should be emphasized. For example, patches need to be generated, tested etc. Then after that the FreeBSD-Update builds have to be started and in parallel we also write the advisory.
The advisory is proof-read by multiple people, and the FreeBSD-Update process takes time to deliver the required patches. Because of that we need a little time to do the job right.
We also want to take the time, the moment something comes in, we properly need to evaluate the incoming items, and see whether it would harm the -RELEASE branches or not. Our -RELEASE branches are not something we would like to mess with if it generates a regression. We try to prevent that or emphasize that this will be the case after a required update.
Now, for my official blog entry subject: what does that have to do with a volunteer job?
I hope that it’s easy to guess at this stage. We are all volunteers, that we do the job in our spare time, outside of our regular working hours and social life. We only have a few hours per day in which we can do things. We are geographically spread, so in case of an issue there is a small timeframe we can work together, but that could take a little to get aligned properly. We also have to feed our kids, make sure we generate money to keep on living. And we need to be socially active, not only for FreeBSD, but also for our wives and kids. That all just takes tremendous amounts of time. A part of that is put into the FreeBSD Project by us, the volunteers.
Sometimes, people start crying out loud that they need something NOW because THEY want it NOW. That is a bit unfair; they do not realise that we need to invest our precious spare-time in it, and a
re happy to do so, but that sometimes things can take some time. They start ranting that everyone else has already the fixes in place, that they did it very quick etc. That’s all fine, but most of those vendors have paid people working on these things. No wonder they can quickly respond to such a thing. We do not have that.
Instead of ranting around and demanding OUR -FREE- Time, it could be beneficial to have a couple of people around that are payed to keep an eye out for these things, on a structural basis. That will cost a lot of money, because people are not for free. They also need to be on guard all the time, so it’s a full time job. Costing a lot of money. The moment thigs comes in play, most people hook-off the challenge and remain quiet, only to start ranting again the next time when something (insert your favorite ‘requirement’ here) occurs.
When you counter those people and ask them to paint your entire hous in their freetime, they get angry and tell you that they are not idiots and that you are not entitled to demand this time from that. But it’s exactly the same thing as they demand from us, the volunteers.
The above hopefully makes clear that we try to do our best whenever possible but that it’s not always possible to respond as quickly as possible to anything that comes in. We feel responsible for the tree that we maintain and are willing to do our best for that. But every now and then, people are on holiday, not in, sick, busy with other things, and we have to respect that as long as we do not have a paid staff that can work on these items.
Please, try to understand that this is just common life for a volunteer. It’s OK to disagree on something, but it’s very selfish to demand something from a volunteer if you are not willing to put something in yourself as well.
If you have a suggestion on how we can improve this, with YOUR support included. Give me or the FreeBSD Foundation a poke, I am sure there are ways to get things done, as long as it’s feasible to spend our precious time on, or when paid to do the things people want the payed person to do.
But do remember that in case you are not willing to put something in, your demands are shouts in the space and are likely to be ignored. Just a fact of life.
Thanks for taking the time to read this!
BTW: I’ll be giving a talk about my life as a volunteer in December in Utrecht. The NLUUG/NLGG is doing a Linux/BSD day then, if you are able to visit this. Please do so.