From owner-freebsd-stable@FreeBSD.ORG Sun Jul 20 16:44:32 2008 Return-Path: Delivered-To: stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AC17B106567B for ; Sun, 20 Jul 2008 16:44:32 +0000 (UTC) (envelope-from oberman@es.net) Received: from postal1.es.net (postal1.es.net [198.128.3.205]) by mx1.freebsd.org (Postfix) with ESMTP id 9758A8FC0A for ; Sun, 20 Jul 2008 16:44:32 +0000 (UTC) (envelope-from oberman@es.net) Received: from ptavv.es.net (ptavv.es.net [198.128.4.29]) by postal1.es.net (Postal Node 1) with ESMTP (SSL) id AXM15332; Sun, 20 Jul 2008 09:44:32 -0700 Received: from ptavv.es.net (ptavv.es.net [127.0.0.1]) by ptavv.es.net (Tachyon Server) with ESMTP id 01C024500E; Sun, 20 Jul 2008 09:44:32 -0700 (PDT) To: Edwin Groothuis In-Reply-To: Your message of "Sun, 20 Jul 2008 14:22:09 +1000." <20080720042209.GA3928@k7.mavetju> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_1216572271_14758P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Sun, 20 Jul 2008 09:44:31 -0700 From: "Kevin Oberman" Message-Id: <20080720164432.01C024500E@ptavv.es.net> Cc: Brett Glass , stable@freebsd.org Subject: Re: FreeBSD 7.1 and BIND exploit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Jul 2008 16:44:32 -0000 --==_Exmh_1216572271_14758P Content-Type: text/plain; charset=us-ascii Content-Disposition: inline > Date: Sun, 20 Jul 2008 14:22:09 +1000 > From: Edwin Groothuis > Sender: owner-freebsd-stable@freebsd.org > > On Sat, Jul 19, 2008 at 09:36:38PM -0600, Brett Glass wrote: > > At 09:28 PM 7/19/2008, Subhro wrote: > > > > >You need to understand the release engineering process of FreeeBSD. > > > > I've been watching it (and testing release candidates) since 2.x, so > > I think I may possibly have some understanding of it by now. ;-) > > > > >The release edition is essential created from the stabe edition. 7.1R > > >would not be something new which is *not* present on 7-STABLE today. > > > > Mostly true. But the new release would undergo extensive testing, and > > changes which were "not ready for prime time" would be rolled back or > > made solid. I've had enough trouble with some recent snapshots of > > -STABLE that I'd rather install a release that's been thoroughly > > tested... preferably with the latest ports. That's why I'm asking > > about the likely actual release date of 7.1. > > The best thing a looking glass can come up with is: > > http://www.freebsd.org/releng/#schedule > > But that unless an announcement that as much worth as the lifetime > of the electrons hitting the back of your eyes. I think we might have a communications issue. If I am wrong, sorry for the waste of bandwidth, First, 7.1 will not be out before Black Hat where the details of the vulnerability will be discussed publicly, so scratch that. Second, RELENG_7_0 has the patch plus two other security patches. IT IS NOT STABLE! It is 7.0 with exactly three important security patches and nothing else. While I find stable to be more stable and generally far better tested than release versions, I understand th preference many have for release versions. You have three options: 1. Upgrade to STABLE 2. Apply the patch to your existing system 3. Upgrade to RELENG_7_0 Of these, 2 is generally the easiest. 3 is probably the closest you can get to what you want, but pulls in two other security patches (which you probably should have installed, anyway) and 1 is probably the best approach in terms of system stability, but it does make a great many changes and it is probably not the best choice for a production environment where careful testing would be needed before deployment. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 --==_Exmh_1216572271_14758P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) Comment: Exmh version 2.5 06/03/2002 iD8DBQFIg2tvkn3rs5h7N1ERAsWwAJ99C4FOk/EfYrwBLcRbIuvgMk8xAgCfd6r0 YJ4kM3YQM0YTnzfbXh/M9DQ= =kUp3 -----END PGP SIGNATURE----- --==_Exmh_1216572271_14758P--