From owner-freebsd-stable Sat May 4 23:11:18 2002 Delivered-To: freebsd-stable@freebsd.org Received: from castle.jp.FreeBSD.org (castle.jp.FreeBSD.org [210.226.20.15]) by hub.freebsd.org (Postfix) with ESMTP id 6810937B420 for ; Sat, 4 May 2002 23:11:02 -0700 (PDT) Received: from localhost (localhost [::1]) by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet6 id g456B1f41278 for ; Sun, 5 May 2002 15:11:01 +0900 (JST) (envelope-from matusita@jp.FreeBSD.org) In-Reply-To: <20020504162912.M88188-100000@master.gorean.org> References: <20020504232627100.AAA911@empty1.ekahuna.com@pc02.ekahuna.com> <20020504162912.M88188-100000@master.gorean.org> X-User-Agent: Mew/1.94.2 XEmacs/21.5 (bamboo) X-FaceAnim: (-O_O-)(O_O- )(_O- )(O- )(- -)( -O)( -O_)( -O_O)(-O_O-) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Dispatcher: imput version 20000228(IM140) Lines: 19 From: Makoto Matsushita To: stable@FreeBSD.org Subject: Re: BIND in -stable Date: Sun, 05 May 2002 15:10:58 +0900 Message-Id: <20020505151058Q.matusita@jp.FreeBSD.org> Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG DougB> However, I have clearly said on numerous occasions that BIND 8 DougB> users should be using 8.3.1. The most important point is "8.2.4 is vulnerable or not vulnerable," not "8.2.4 is not the latest version of BIND; BIND 8.3.1 is the latest version and ISC suggests to use 8.3.1" you've said. FreeBSD uses very simple rule: if 8.2.4 is vulnerable RELENG_4_5 branch's BIND is patched to fix the problem (or if no patches are available, import 8.3.1 instead), and if not vulnerable don't touch anything. That's sounds reasonable to me, since RELENG_4_5 should not include any new features not in original 4.5-RELEASE; that's why this branch is also known as -SECURITY branch. -- - Makoto `MAR' Matsushita To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message