Date: Wed, 29 Aug 2001 12:25:21 +0100 From: Brian Somers <brian@Awfulhak.org> To: Joshua Goodall <joshua@roughtrade.net> Cc: Giorgos Keramidas <keramida@ceid.upatras.gr>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, brian@freebsd-services.com Subject: Re: cvs commit: src/etc/defaults rc.conf src/etc/mtree BSD.var.dist src/etc/namedb named.conf Message-ID: <200108291125.f7TBPLf74224@hak.lan.Awfulhak.org> In-Reply-To: Message from Joshua Goodall <joshua@roughtrade.net> of "Wed, 29 Aug 2001 09:51:46 BST." <Pine.LNX.4.33.0108290946460.23691-100000@elm.phenome.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Thu, 23 Aug 2001, Giorgos Keramidas wrote:
>
> > I don't agree to running named in a sandbox by default, but can we, at
> > least, have a note in UPDATING? Please?
>
> Breaking parts of -stable configurations is expected during upgrade.
> pam.conf/sshd springs immediately to mind. In the past I have generally
> expected mergemaster to tweak my systems, and surely that is highly
> applicable here? An MFC should (must?) be accompanied by mergemaster
> gaining the ability to fix up sandbox structures and configuration.
>
> Personally I can only applaud further security measures, especially with
> something so widespread, and with such an insecure history, as BIND.
A not-updated configuration file should never become invalid after a
-stable update, not unless there are exceptional circumstances and
it's documented in UPDATING.
> Joshua
--
Brian <brian@freebsd-services.com> <brian@Awfulhak.org>
http://www.freebsd-services.com/ <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour ! <brian@[uk.]OpenBSD.org>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108291125.f7TBPLf74224>