From owner-freebsd-stable@FreeBSD.ORG Thu Jul 10 12:17:49 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4AFF51065678 for ; Thu, 10 Jul 2008 12:17:49 +0000 (UTC) (envelope-from edwin@mavetju.org) Received: from mail5out.barnet.com.au (mail5.barnet.com.au [202.83.178.78]) by mx1.freebsd.org (Postfix) with ESMTP id 0DAEE8FC16 for ; Thu, 10 Jul 2008 12:17:49 +0000 (UTC) (envelope-from edwin@mavetju.org) Received: by mail5out.barnet.com.au (Postfix, from userid 1001) id 2859A2218A88; Thu, 10 Jul 2008 22:17:48 +1000 (EST) X-Viruscan-Id: <4875FDEC0000D84C59180E@BarNet> Received: from mail5auth.barnet.com.au (mail5.barnet.com.au [202.83.178.78]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mail5auth.barnet.com.au", Issuer "*.barnet.com.au" (verified OK)) by mail5.barnet.com.au (Postfix) with ESMTP id E0B4321B4379 for ; Thu, 10 Jul 2008 22:17:47 +1000 (EST) Received: from k7.mavetju (unknown [10.10.26.6]) by mail5auth.barnet.com.au (Postfix) with ESMTP id 94B8C2218A76 for ; Thu, 10 Jul 2008 22:17:47 +1000 (EST) Received: by k7.mavetju (Postfix, from userid 1001) id AA0A69A1; Thu, 10 Jul 2008 22:17:15 +1000 (EST) Date: Thu, 10 Jul 2008 22:17:15 +1000 From: Edwin Groothuis To: freebsd-stable@freebsd.org Message-ID: <20080710121715.GB41541@k7.mavetju> Mail-Followup-To: Edwin Groothuis , freebsd-stable@freebsd.org References: <20080710094006.GX6902@e-Gitt.NET> <20080710094451.GS62764@server.vk2pj.dyndns.org> <20080710095809.GA59288@eos.sc1.parodius.com> <4875E1B6.3010407@delphij.net> <20080710102955.GA6902@e-Gitt.NET> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20080710102955.GA6902@e-Gitt.NET> User-Agent: Mutt/1.4.2.3i Subject: Re: BIND update? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2008 12:17:49 -0000 On Thu, Jul 10, 2008 at 12:29:55PM +0200, Oliver Brandmueller wrote: > Hi, > > On Thu, Jul 10, 2008 at 03:17:26AM -0700, Xin LI wrote: > > Speaking as my own: Base system needs more conservative QA process, > > e.g. we want to minimize the change, we need to analyst the impact > > (FWIW the security fix would negatively affect heavy traffic sites) > > and document it (i.e. the security advisory), and we want to make the > > change a one-time one (for instance, shall we patch libc's resolver as > > well?), so rushing into a "presumably patched" state would not be a > > very good solution. > > I understand the reasons and that surely needs to be taken into account. > Does that imply that the FreeBSD project got the information later than > f.e. M$ or Debian, who are usually not really known for coming up too > fast with such fixes? According to http://www.kb.cert.org/vuls/id/800113, FreeBSD was tested, but it doesn't say if it was informed. Microsoft knew about it earlier than yesterday, because they are a DNS software provider. Edwin -- Edwin Groothuis | Personal website: http://www.mavetju.org edwin@mavetju.org | Weblog: http://www.mavetju.org/weblog/