From owner-freebsd-security@FreeBSD.ORG Fri Feb 2 08:17:58 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B789F16A403 for ; Fri, 2 Feb 2007 08:17:58 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from turion.vk2pj.dyndns.org (c220-239-3-125.belrs4.nsw.optusnet.com.au [220.239.3.125]) by mx1.freebsd.org (Postfix) with ESMTP id 22F8513C481 for ; Fri, 2 Feb 2007 08:17:57 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from turion.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by turion.vk2pj.dyndns.org (8.13.8/8.13.8) with ESMTP id l128Huhb001355; Fri, 2 Feb 2007 19:17:56 +1100 (EST) (envelope-from peter@turion.vk2pj.dyndns.org) Received: (from peter@localhost) by turion.vk2pj.dyndns.org (8.13.8/8.13.8/Submit) id l128HuTh001354; Fri, 2 Feb 2007 19:17:56 +1100 (EST) (envelope-from peter) Date: Fri, 2 Feb 2007 19:17:56 +1100 From: Peter Jeremy To: Chuck Swiger Message-ID: <20070202081756.GE909@turion.vk2pj.dyndns.org> References: <001601c74428$ff9d54b0$ab76ed54@odipw> <45BEE27D.1050804@FreeBSD.org> <45BFA1B3.9040000@rxsec.com> <45C23DAA.9040108@FreeBSD.org> <45C24D57.3000704@mac.com> <45C25696.10806@FreeBSD.org> <45C26ACC.9020702@mac.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="3lcZGd9BuhuYXNfi" Content-Disposition: inline In-Reply-To: <45C26ACC.9020702@mac.com> X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.13 (2006-08-11) Cc: freebsd-security@freebsd.org Subject: Re: What about BIND 9.3.4 in FreeBSD in base system ? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2007 08:17:58 -0000 --3lcZGd9BuhuYXNfi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, 2007-Feb-01 17:33:48 -0500, Chuck Swiger wrote: >That's OK, I wasn't soliciting advice on which platform or OS version a=20 >given set of machines ought to run. When the number of machines one deals= =20 >with in a given environment changes from single-digit, to dozens, to=20 >hundreds, to tens of thousands, keeping machines updated to a bug-free,=20 >stable environment is more important than chasing features off the latest= =20 >branch. This is a perfectly valid decision. At work, I have systems running software (not FreeBSD) that is getting close to 10 years old for similar reasons. In general, support of your systems will comprise some combination of in-house support, vendor (eg FreeBSD Project) support and 3rd-party (eg consultant) support. Over time, this mix will change as the vendor reduces the level of support they provide for a given software version. You need to take this into account when making a decision to stay at some version X: As vendor support is reduced then your in- house and 3rd-party support effort will increase. At some point, the cost/effort involved in staying at version X outweighs the cost of migrating to a newer "supported" version of the software. The FreeBSD SO has advised that 5.x will receive security updates until 31 May 2008. This gives you 15 months to either migrate to 6.x (or 7.x) or arrange alternative security support. --=20 Peter Jeremy --3lcZGd9BuhuYXNfi Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFFwvO0/opHv/APuIcRAhhbAJ9pQ2e1HwmpvT4RC9ESQaAuPGdk1wCgg7tN L1/1C3Kri4F3KoVu4ATv3D8= =hcc0 -----END PGP SIGNATURE----- --3lcZGd9BuhuYXNfi--