From owner-freebsd-stable@FreeBSD.ORG Sun Dec 19 05:57:41 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3D0001065673; Sun, 19 Dec 2010 05:57:41 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from mail.zoral.com.ua (mx0.zoral.com.ua [91.193.166.200]) by mx1.freebsd.org (Postfix) with ESMTP id C5CF08FC08; Sun, 19 Dec 2010 05:57:40 +0000 (UTC) Received: from deviant.kiev.zoral.com.ua (root@deviant.kiev.zoral.com.ua [10.1.1.148]) by mail.zoral.com.ua (8.14.2/8.14.2) with ESMTP id oBJ5vasB060221 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 19 Dec 2010 07:57:36 +0200 (EET) (envelope-from kostikbel@gmail.com) Received: from deviant.kiev.zoral.com.ua (kostik@localhost [127.0.0.1]) by deviant.kiev.zoral.com.ua (8.14.4/8.14.4) with ESMTP id oBJ5vaUF038282; Sun, 19 Dec 2010 07:57:36 +0200 (EET) (envelope-from kostikbel@gmail.com) Received: (from kostik@localhost) by deviant.kiev.zoral.com.ua (8.14.4/8.14.4/Submit) id oBJ5vaAP038281; Sun, 19 Dec 2010 07:57:36 +0200 (EET) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: deviant.kiev.zoral.com.ua: kostik set sender to kostikbel@gmail.com using -f Date: Sun, 19 Dec 2010 07:57:36 +0200 From: Kostik Belousov To: Doug Barton Message-ID: <20101219055736.GI33073@deviant.kiev.zoral.com.ua> References: <4D0C49A2.4000203@FreeBSD.org> <20101218111538.GZ33073@deviant.kiev.zoral.com.ua> <4D0D3E9F.4010100@FreeBSD.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="vV11x03Douyojv5R" Content-Disposition: inline In-Reply-To: <4D0D3E9F.4010100@FreeBSD.org> User-Agent: Mutt/1.4.2.3i X-Virus-Scanned: clamav-milter 0.95.2 at skuns.kiev.zoral.com.ua X-Virus-Status: Clean X-Spam-Status: No, score=-2.6 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_05, DNS_FROM_OPENWHOIS autolearn=no version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on skuns.kiev.zoral.com.ua Cc: freebsd-stable@freebsd.org Subject: Re: Following vendor release cycle (Was: Re: RFC: Upgrade BIND version in RELENG_7 to BIND 9.6.x) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Dec 2010 05:57:41 -0000 --vV11x03Douyojv5R Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Dec 18, 2010 at 03:07:11PM -0800, Doug Barton wrote: > On 12/18/2010 03:15, Kostik Belousov wrote: > >On Fri, Dec 17, 2010 at 09:41:54PM -0800, Doug Barton wrote: > >>Howdy, > >> > >>Traditionally for contributed software generally, and BIND in particular > >>we have tried to keep the major version of the contributed software > >>consistent throughout a given RELENG_$N branch of FreeBSD. Hopefully the > >>reasoning for this is obvious, we want to avoid POLA violations. > >Actually not. My own POV is that we should follow the vendor release > >cycle, and not the FreeBSD release cycle, for the contributed software. > > > >I do not advocate immediate upgrade of the third-party software that > >reached its EOL, but I think that we should do this without pushback > >if maintainer consider the neccessity of upgrade. >=20 > Just to be clear, there were considerable discussions, over a long=20 > period of time; between myself, the release engineers, and the=20 > security-officer team regarding the subject of BIND 9.3 in RELENG_6. I=20 > was given the green light to upgrade if I felt it was necessary (as=20 > you're suggesting here) but the final decision to live with the status=20 > quo was mine, and I accept responsibility for it. >=20 > My reasoning was as follows: >=20 > 1. All the latest versions of BIND are available in ports, and I made=20 > sure that they worked in RELENG_6 so that users who wanted to stay at=20 > that OS level but had more serious DNS needs had an easy path. >=20 > 2. Because BIND 9.3 lacked the ability to do modern DNSSEC anyone who=20 > wanted that feature would have to upgrade anyway. >=20 > 3. BIND 9.3 was still suitable for the (primary) stated purpose of BIND= =20 > in the base, a basic local resolving name server. >=20 > 4. BIND 9.3 was different enough that users migrating from it to more=20 > modern versions were experiencing problems. >=20 > 5. Users were naturally migrating to RELENG_[78] at a pace which=20 > minimized the impact of the issue. >=20 > If any of those things had stopped being true my decision would have=20 > been different, but as it was I chose to "grin and bear it" in order to= =20 > avoid the POLA violation for any users who were actually using BIND 9.3= =20 > in RELENG_6. However, the circumstances for BIND 9.4 and RELENG_7 are=20 > different, and much more amenable to the upgrade, which is why I'm=20 > proposing it. I do not question your decision of upgrading or leaving the legacy version of BIND in the legacy branch of FreeBSD src. I only noted that my personal POV is that we develop the OS, and not are the vendor of the third-party software, in this case the BIND. As such, I think that following the vendor life-cycle for contrib is less resource-intensive for the project, and should be the default. If anybody who does the real work feels that it is interesting/nice to the users/generally better to spend the time neccessary to keep the upgrade path on the branch smoother, I am fine with this. --vV11x03Douyojv5R Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iEYEARECAAYFAk0NntAACgkQC3+MBN1Mb4jZtgCdHRVnerwmoio52JpoaDbl5p0d BBUAnRoIEEQGuMwBfeCfKcmA+nbAMQ6l =1Hx/ -----END PGP SIGNATURE----- --vV11x03Douyojv5R--