From owner-freebsd-stable@FreeBSD.ORG Wed Dec 4 19:59:18 2013 Return-Path: Delivered-To: stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0503ACDF; Wed, 4 Dec 2013 19:59:18 +0000 (UTC) Received: from mx0.gid.co.uk (mx0.gid.co.uk [194.32.164.250]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 8666F1B52; Wed, 4 Dec 2013 19:59:17 +0000 (UTC) Received: from [194.32.164.24] (80-46-130-69.static.dsl.as9105.com [80.46.130.69]) by mx0.gid.co.uk (8.14.2/8.14.2) with ESMTP id rB4Jx8W2084410; Wed, 4 Dec 2013 19:59:08 GMT (envelope-from rb@gid.co.uk) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1822\)) Subject: Re: BIND chroot environment in 10-RELEASE...gone? From: Bob Bishop In-Reply-To: Date: Wed, 4 Dec 2013 19:59:03 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: References: <529D9CC5.8060709@rancid.berkeley.edu> <20131204095855.GY29825@droso.dk> To: Greg Rivers X-Mailer: Apple Mail (2.1822) Cc: stable@freebsd.org, Michael Sinatra X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Dec 2013 19:59:18 -0000 Hi, On 4 Dec 2013, at 18:49, Greg Rivers = wrote: > ... It's not a matter of BIND being more or less secure than other = software, it's a matter of POLA and the huge duplicated efforts required = by everyone going forward to either maintain their own chroot or migrate = to the non-chroot installation. ... Exactly. This is going to be a PITA. -- Bob Bishop rb@gid.co.uk