Date: Thu, 10 Jul 2008 03:17:26 -0700 From: Xin LI <delphij@delphij.net> To: Jeremy Chadwick <koitsu@FreeBSD.org> Cc: Peter Jeremy <peterjeremy@optushome.com.au>, freebsd-stable@freebsd.org Subject: Re: BIND update? Message-ID: <4875E1B6.3010407@delphij.net> In-Reply-To: <20080710095809.GA59288@eos.sc1.parodius.com> References: <20080710094006.GX6902@e-Gitt.NET> <20080710094451.GS62764@server.vk2pj.dyndns.org> <20080710095809.GA59288@eos.sc1.parodius.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeremy Chadwick wrote: | On Thu, Jul 10, 2008 at 07:44:51PM +1000, Peter Jeremy wrote: |> On 2008-Jul-10 11:40:06 +0200, Oliver Brandmueller <ob@e-Gitt.NET> wrote: |>> shouldn't there be a very urgent BIND update somewhere around? |> There has been a very long thread about this in -security. Leaving |> out the trolls and flaming, the salient points are: |> - The bind port has been updated to include the relevant patches |> - The security team is aware of the issue and is working on a fix. | | I'm curious to know why the BIND ports were updated before the base | system BIND. Absolutely no offence intended towards Doug, but the | priority seems reversed. Speaking as my own: Base system needs more conservative QA process, e.g. we want to minimize the change, we need to analyst the impact (FWIW the security fix would negatively affect heavy traffic sites) and document it (i.e. the security advisory), and we want to make the change a one-time one (for instance, shall we patch libc's resolver as well?), so rushing into a "presumably patched" state would not be a very good solution. Cheers, - -- Xin LI <delphij@delphij.net> http://www.delphij.net/ FreeBSD - The Power to Serve! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkh14bYACgkQi+vbBBjt66ALTQCdEozuYtUUgI1bn/nitLeIZHqj 6Y0AnRb1wOIklk3h6Q5MFB4keEy9ZRDP =PAr6 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4875E1B6.3010407>