From owner-freebsd-security@FreeBSD.ORG Wed Jul 9 23:41:23 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 082591065678 for ; Wed, 9 Jul 2008 23:41:23 +0000 (UTC) (envelope-from MH@kernel32.de) Received: from crivens.kernel32.de (crivens.terrorteam.de [81.169.171.191]) by mx1.freebsd.org (Postfix) with ESMTP id B14168FC13 for ; Wed, 9 Jul 2008 23:41:22 +0000 (UTC) (envelope-from MH@kernel32.de) Received: from [192.168.100.142] (91-64-131-118-dynip.superkabel.de [91.64.131.118]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by crivens.kernel32.de (Postfix) with ESMTPSA id 2DED3B0297; Thu, 10 Jul 2008 01:21:34 +0200 (CEST) Message-ID: <4875481E.4000100@kernel32.de> Date: Thu, 10 Jul 2008 01:22:06 +0200 From: Marian Hettwer User-Agent: Thunderbird 1.5.0.12 (Macintosh/20070509) MIME-Version: 1.0 To: Chris Palmer References: <17cd1fbe0807090819o2aa28250h13c58dbe262abb7c@mail.gmail.com> <3a558cb8f79e923db0c6945830834ba2.squirrel@galain.elvandar.org> <17cd1fbe0807090909i566e1789s6b7b61bf82dd333e@mail.gmail.com> <4874ECDA.60202@elvandar.org> <4874F149.1040101@FreeBSD.org> <17cd1fbe0807091027n6af312cbwab3d3277f2b5e081@mail.gmail.com> <20080709182340.GD55473@noncombatant.org> In-Reply-To: <20080709182340.GD55473@noncombatant.org> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: BIND update? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2008 23:41:23 -0000 Hi Chris, Chris Palmer schrieb: > So I'm not too worried about the lack of urgency from the FreeBSD security > team on this particular issue. It's not news that DNS is insecure and that > BIND has a bug. Nobody should have been depending on the security of DNS or > on a bulletproof BIND. > > True words! However, since the SecTeam of FreeBSD always did a great job, in this specific case, which had quite a huge coverage in the "press", at least a Heads Up to freebsd-security@ saying something like "Stay tuned for a patch folks, we're investigating" would have been appropriate. When everybody tries to get mad, and that's what happened, a statement like that could have calmed things done in the first place. But maybe I missed that heads up, 'cause I jumped into this discussion quite late... Well, anyway, SecTeam, keep up the good work :) Cheers, ./Marian