From owner-freebsd-arch  Fri Feb  8 10: 0:18 2002
Delivered-To: freebsd-arch@freebsd.org
Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40])
	by hub.freebsd.org (Postfix) with ESMTP
	id 20AA637B422; Fri,  8 Feb 2002 10:00:15 -0800 (PST)
Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47])
	by mail.rpi.edu (8.11.3/8.11.3) with ESMTP id g18Hxxp08992;
	Fri, 8 Feb 2002 12:59:59 -0500
Mime-Version: 1.0
X-Sender: drosih@mail.rpi.edu
Message-Id: <p05101419b8892e91c540@[128.113.24.47]>
In-Reply-To: <20020208065440.GB52378@daemon.ninth-circle.org>
References: <20020206152311.GB66083@madman.nectar.cc>
 <200202061530.g16FUq970877@zibbi.icomtek.csir.co.za>
 <20020208065440.GB52378@daemon.ninth-circle.org>
Date: Fri, 8 Feb 2002 12:59:58 -0500
To: Jeroen Ruigrok/asmodai <asmodai@wxs.nl>,
	John Hay <jhay@icomtek.csir.co.za>
From: Garance A Drosihn <drosih@rpi.edu>
Subject: Re: cvs commit: src/contrib/bind FREEBSD-Xlist
Cc: "Jacques A. Vidrine" <nectar@FreeBSD.ORG>,
	freebsd-arch@FreeBSD.ORG
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Scanned-By: MIMEDefang 2.3 (www dot roaringpenguin dot com slash mimedefang)
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG

At 7:54 AM +0100 2/8/02, Jeroen Ruigrok/asmodai wrote:
>-On [20020206 16:45], John Hay (jhay@icomtek.csir.co.za) wrote:
>>Well like I tried to imply in my previous email, you can look at
>>"upgrading to v9.x" as a feature enhancement or measured against the
>>history of v8 as preventative security fixes. :-)
>
>That argument does not hold much ground.
>
>When I discussed BIND 9 with Kris Kennaway a bunch of months ago he
>decided to look at the code a bit.  A day later the BIND folks had a
>patchset to fix a lot of security problems noted by one auditor.

This tells me that a bunch of months ago, they were taking the prudent
step of paying attention to someone who audited their code, and they
tried to fix the problems which were found.

Are they still coming out with frequent patchsets to fix a lot of
security problems?  [I don't have idea idea if they are or they
are not, I just think it might be worthwhile to revisit the idea
if this has not been considered for several months...]

-- 
Garance Alistair Drosehn            =   gad@eclipse.acs.rpi.edu
Senior Systems Programmer           or  gad@freebsd.org
Rensselaer Polytechnic Institute    or  drosih@rpi.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message