From owner-freebsd-stable@FreeBSD.ORG Thu Dec 5 18:43:44 2013 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 69C7AE41 for ; Thu, 5 Dec 2013 18:43:44 +0000 (UTC) Received: from galore.getmail.no (galore.getmail.no [84.210.184.6]) by mx1.freebsd.org (Postfix) with ESMTP id 13A9812C2 for ; Thu, 5 Dec 2013 18:43:43 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by galore.getmail.no (Postfix) with ESMTP id CD7621B50C6 for ; Thu, 5 Dec 2013 19:38:16 +0100 (CET) X-Spam-Flag: NO X-Spam-Score: -2.989 X-Spam-Level: X-Spam-Status: No, score=-2.989 tagged_above=-10 required=6.6 tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_KHOP_THREADED=-0.01, T_NICE_REPLY_A=0.01, T_UNKNOWN_ORIGIN=0.01, URIBL_RED=0.001] autolearn=ham Authentication-Results: galore.get.c.bitbit.net (amavisd-new); dkim=pass (1024-bit key) header.d=getmail.no Received: from galore.getmail.no ([127.0.0.1]) by localhost (galore.get.c.bitbit.net [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id Oz11IH5022fG for ; Thu, 5 Dec 2013 19:38:16 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by galore.getmail.no (Postfix) with ESMTP id E58A51B50B5 for ; Thu, 5 Dec 2013 19:38:15 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.7.1 galore.getmail.no E58A51B50B5 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=getmail.no; s=8A9C8B4C-D727-11E2-8095-B6466E6B3FA2; t=1386268695; bh=9DKhTyM9WZROUlPwOLuRGmPOtHMtl94QKN0mfHbcztE=; h=Date:From:To:Subject:Message-Id:Mime-Version:Content-Type: Content-Transfer-Encoding; b=puqjyx1uk7+3x57pvdQ9J8g7Xb1vQIeMDgslENM/Q4YokUwHPm8wOdffCukpq+tJ/ YQ1+JUqzQxwAVPXCUfza+hmerP7KWN6clvi4kOdVwOeWkG8PjIx2Yoskcx4bHl7Bfk vVpIL6sLwD1tMr8r+Az9ytUuvCCdtvpj7tNVi9qU= X-Virus-Scanned: amavisd-new at Received: from galore.getmail.no ([127.0.0.1]) by localhost (galore.get.c.bitbit.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id c9l-y-6-MPhh for ; Thu, 5 Dec 2013 19:38:15 +0100 (CET) Received: from kg-core1.kg4.no (cm-84.215.180.206.getinternet.no [84.215.180.206]) by galore.getmail.no (Postfix) with ESMTPSA id BCF791B50C6 for ; Thu, 5 Dec 2013 19:38:15 +0100 (CET) Date: Thu, 5 Dec 2013 19:38:15 +0100 From: Torfinn Ingolfsen To: freebsd-stable@freebsd.org Subject: Re: BIND chroot environment in 10-RELEASE...gone? Message-Id: <20131205193815.05de3829de9e33197fe210ac@getmail.no> In-Reply-To: References: <529D9CC5.8060709@rancid.berkeley.edu> <20131204095855.GY29825@droso.dk> X-Mailer: Sylpheed 3.3.0 (GTK+ 2.24.19; amd64-portbld-freebsd8.4) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Dec 2013 18:43:44 -0000 On Wed, 4 Dec 2013 19:59:03 +0000 Bob Bishop wrote: > Hi, > > On 4 Dec 2013, at 18:49, Greg Rivers wrote: > > > ... It's not a matter of BIND being more or less secure than other software, it's a matter of POLA and the huge duplicated efforts required by everyone going forward to either maintain > > their own chroot or migrate to the non-chroot installation. ... > > Exactly. This is going to be a PITA. I just hope for two things: 1) that creating POLA violations is not a general policy for FreeBSD going forward 2) that this mess around FreeBSD 10 will not slow the adoption rate of FreeBSD 10. -- Torfinn Ingolfsen