Date: Thu, 10 Jul 2008 01:22:06 +0200 From: Marian Hettwer <MH@kernel32.de> To: Chris Palmer <chris@noncombatant.org> Cc: freebsd-security@freebsd.org Subject: Re: BIND update? Message-ID: <4875481E.4000100@kernel32.de> In-Reply-To: <20080709182340.GD55473@noncombatant.org> References: <17cd1fbe0807090819o2aa28250h13c58dbe262abb7c@mail.gmail.com> <3a558cb8f79e923db0c6945830834ba2.squirrel@galain.elvandar.org> <17cd1fbe0807090909i566e1789s6b7b61bf82dd333e@mail.gmail.com> <4874ECDA.60202@elvandar.org> <4874F149.1040101@FreeBSD.org> <17cd1fbe0807091027n6af312cbwab3d3277f2b5e081@mail.gmail.com> <20080709182340.GD55473@noncombatant.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Chris, Chris Palmer schrieb: > So I'm not too worried about the lack of urgency from the FreeBSD security > team on this particular issue. It's not news that DNS is insecure and that > BIND has a bug. Nobody should have been depending on the security of DNS or > on a bulletproof BIND. > > True words! However, since the SecTeam of FreeBSD always did a great job, in this specific case, which had quite a huge coverage in the "press", at least a Heads Up to freebsd-security@ saying something like "Stay tuned for a patch folks, we're investigating" would have been appropriate. When everybody tries to get mad, and that's what happened, a statement like that could have calmed things done in the first place. But maybe I missed that heads up, 'cause I jumped into this discussion quite late... Well, anyway, SecTeam, keep up the good work :) Cheers, ./Marian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4875481E.4000100>