From owner-freebsd-security@FreeBSD.ORG Fri Feb 2 22:05:15 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BC88516A402 for ; Fri, 2 Feb 2007 22:05:15 +0000 (UTC) (envelope-from cmarlatt@rxsec.com) Received: from core.rxsec.com (core.rxsec.com [64.132.46.102]) by mx1.freebsd.org (Postfix) with SMTP id 6D7F713C47E for ; Fri, 2 Feb 2007 22:05:15 +0000 (UTC) (envelope-from cmarlatt@rxsec.com) Received: (qmail 62272 invoked by uid 2009); 2 Feb 2007 22:02:23 -0000 Received: from 10.1.0.101 by core.rxsec.com (envelope-from , uid 2008) with qmail-scanner-1.25-st-qms (clamdscan: 0.86.2/1102. spamassassin: 3.0.4. perlscan: 1.25-st-qms. Clear:RC:0(10.1.0.101):SA:0(-4.4/5.0):. Processed in 2.481496 secs); 02 Feb 2007 22:02:23 -0000 X-Spam-Status: No, hits=-4.4 required=5.0 X-Antivirus-RXSEC-Mail-From: cmarlatt@rxsec.com via core.rxsec.com X-Antivirus-RXSEC: 1.25-st-qms (Clear:RC:0(10.1.0.101):SA:0(-4.4/5.0):. Processed in 2.481496 secs Process 62264) Received: from unknown (HELO ?10.1.0.101?) (cmarlatt@rxsec.com@10.1.0.101) by core.rxsec.com with SMTP; 2 Feb 2007 22:02:20 -0000 Message-ID: <45C3B56E.3060706@rxsec.com> Date: Fri, 02 Feb 2007 17:04:30 -0500 From: Chris Marlatt Organization: Receive Security User-Agent: Thunderbird 1.5.0.9 (X11/20070104) MIME-Version: 1.0 To: Doug Barton References: <200702012319.l11NJJ7r065204@drugs.dv.isc.org> <45C2E612.5080002@FreeBSD.org> In-Reply-To: <45C2E612.5080002@FreeBSD.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org, Mark Andrews Subject: Re: What about BIND 9.3.4 in FreeBSD in base system ? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2007 22:05:15 -0000 Doug Barton wrote: > up to create a recursive resolver that only listens on 127.0.0.1. I > would expect that users who rely on BIND in a production setting to > either have upgraded to FreeBSD 6-stable, be using the port, or some > other custom configuration, or both. > > Doug > Again, why would you expect someone to have already upgraded when they have more than a year of advertised support left on a production release? I personally have very few 5.x systems left, primarily because I've been trying to heed the warnings, but seeing how 5 series is being fast tracked into retirement makes me extremely suspicious of what is to happen to 6 series when 7 is released and considered production. I'm sure many other people wonder the same thing and look at the lengthy support for 4 series which lasted 7,... 8 years and have come to expect something similar for future releases. Whereas I'm certainly not going to say progress is evil I will admit that the FreeBSD I see today is not the same one from yesteryear. Now, I can clearly understand and appreciate the burden that, as of yesterday, 3 active versions can impose on the development team but why pass part of that burden onto a user base that's done nothing but embraced the products produced by its efforts? Chris