Date: Fri, 8 Feb 2002 12:59:58 -0500 From: Garance A Drosihn <drosih@rpi.edu> To: Jeroen Ruigrok/asmodai <asmodai@wxs.nl>, John Hay <jhay@icomtek.csir.co.za> Cc: "Jacques A. Vidrine" <nectar@FreeBSD.ORG>, freebsd-arch@FreeBSD.ORG Subject: Re: cvs commit: src/contrib/bind FREEBSD-Xlist Message-ID: <p05101419b8892e91c540@[128.113.24.47]> In-Reply-To: <20020208065440.GB52378@daemon.ninth-circle.org> References: <20020206152311.GB66083@madman.nectar.cc> <200202061530.g16FUq970877@zibbi.icomtek.csir.co.za> <20020208065440.GB52378@daemon.ninth-circle.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 7:54 AM +0100 2/8/02, Jeroen Ruigrok/asmodai wrote: >-On [20020206 16:45], John Hay (jhay@icomtek.csir.co.za) wrote: >>Well like I tried to imply in my previous email, you can look at >>"upgrading to v9.x" as a feature enhancement or measured against the >>history of v8 as preventative security fixes. :-) > >That argument does not hold much ground. > >When I discussed BIND 9 with Kris Kennaway a bunch of months ago he >decided to look at the code a bit. A day later the BIND folks had a >patchset to fix a lot of security problems noted by one auditor. This tells me that a bunch of months ago, they were taking the prudent step of paying attention to someone who audited their code, and they tried to fix the problems which were found. Are they still coming out with frequent patchsets to fix a lot of security problems? [I don't have idea idea if they are or they are not, I just think it might be worthwhile to revisit the idea if this has not been considered for several months...] -- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p05101419b8892e91c540>