From owner-cvs-all Tue Jul 16 19:25:20 2002 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BCE1C37B400; Tue, 16 Jul 2002 19:25:14 -0700 (PDT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id CAAEF43E65; Tue, 16 Jul 2002 19:25:13 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.12.4/8.12.4) with SMTP id g6H2OsOo092836; Tue, 16 Jul 2002 22:24:54 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Tue, 16 Jul 2002 22:24:53 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: "M. Warner Losh" Cc: danfe@regency.nsu.ru, DougB@FreeBSD.org, never@nevermind.kiev.ua, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/contrib/bind CHANGES INSTALL Makefile README Version src/contrib/bind/bin Makefile src/contrib/bind/bin/addr addr.c src/contrib/bind/bin/dig dig.c src/contrib/bind/bin/dnskeygen dnskeygen.c src/contrib/bind/bin/dnsquery ... In-Reply-To: <20020715.175327.03593087.imp@bsdimp.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, 15 Jul 2002, M. Warner Losh wrote: > : Actually, I've always been under impression that essential security > : problems should be addressed in every stable branch, that is, RELENG_2_2, > : and RELENG_3, not to mention RELENG_4*. I've seen recent commit to > : RELENG_2_2, showing exactly this point AFAIR. > > No. When someone has the time and energy to do it, then it will be > done. However, a MFC of a whole release of bind gets harder and harder > the farther back in time you go. IIRC it breaks binary compatibility > with the crufty old versions we have in RELENG_3 and RELENG_2_2. > > The reason we did the resolve fix all the way back to 2.2 was that it > has existed for that long and was essentially a trivial to fix. It's also worth noting that newer versions of BIND have very different expectations for zone files than old ones, so anyone expecting a smooth upgrade is in for a shock. In the past, we've targetted minor patches in preference to complete sofware upgrades for vulnerabilities, especially on older branches where a large upgrade will introduce binary compatibility/ABI problems, configuration file compatibility issues, etc. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message