From owner-cvs-all Wed Aug 29 1:52:16 2001 Delivered-To: cvs-all@freebsd.org Received: from elm.phenome.org (elm.phenome.org [194.153.169.3]) by hub.freebsd.org (Postfix) with ESMTP id 0907137B403; Wed, 29 Aug 2001 01:52:11 -0700 (PDT) (envelope-from joshua@roughtrade.net) Received: from localhost (joshua@localhost [127.0.0.1]) by localhost (8.12.0.Beta19/8.12.0.Beta19/Debian 8.12.0.Beta19) with ESMTP id f7T8pkvR007065; Wed, 29 Aug 2001 09:51:50 +0100 Date: Wed, 29 Aug 2001 09:51:46 +0100 (BST) From: Joshua Goodall X-X-Sender: To: Giorgos Keramidas Cc: , Subject: Re: cvs commit: src/etc/defaults rc.conf src/etc/mtree BSD.var.dist src/etc/namedb named.conf In-Reply-To: <20010823202530.A2280@hades.hell.gr> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 23 Aug 2001, Giorgos Keramidas wrote: > I don't agree to running named in a sandbox by default, but can we, at > least, have a note in UPDATING? Please? Breaking parts of -stable configurations is expected during upgrade. pam.conf/sshd springs immediately to mind. In the past I have generally expected mergemaster to tweak my systems, and surely that is highly applicable here? An MFC should (must?) be accompanied by mergemaster gaining the ability to fix up sandbox structures and configuration. Personally I can only applaud further security measures, especially with something so widespread, and with such an insecure history, as BIND. Joshua To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message