From owner-freebsd-current@FreeBSD.ORG  Tue Oct  5 02:17:07 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6D3E216A4CE; Tue,  5 Oct 2004 02:17:07 +0000 (GMT)
Received: from smtp1.server.rpi.edu (smtp1.server.rpi.edu [128.113.2.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 10CC943D53; Tue,  5 Oct 2004 02:17:07 +0000 (GMT)
	(envelope-from gad@FreeBSD.org)
Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47])
	by smtp1.server.rpi.edu (8.13.0/8.13.0) with ESMTP id i952H40I005320;
	Mon, 4 Oct 2004 22:17:06 -0400
Mime-Version: 1.0
X-Sender: gad@gilead.netel.rpi.edu (Unverified)
Message-Id: <p06110406bd87b32f23d7@[128.113.24.47]>
In-Reply-To: <20041004181933.H96420@bo.vpnaa.bet>
References: <4160259A.3070708@FreeBSD.org>
 <200410041734.53316.freebsd@redesjm.local>
 <200410042343.19211.freebsd@redesjm.local>
 <20041004181933.H96420@bo.vpnaa.bet>
Date: Mon, 4 Oct 2004 22:17:03 -0400
To: Doug Barton <DougB@FreeBSD.org>
From: Garance A Drosehn <gad@FreeBSD.org>
Content-Type: text/plain; charset="iso-8859-1" ; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-CanItPRO-Stream: default
X-RPI-SA-Score: undef - spam-scanning disabled
X-Scanned-By: CanIt (www . canit . ca)
cc: freebsd-current@FreeBSD.org
Subject: Re: New BIND 9 chroot directories
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Oct 2004 02:17:07 -0000

At 6:25 PM -0700 10/4/04, Doug Barton wrote:
>On Mon, 4 Oct 2004, Jose M Rodriguez wrote:
>
>>El Lunes, 4 de Octubre de 2004 22:10, Doug Barton escribi=F3:
>
>>Really good work.  But, this is really needed?
>>I can't see why.
>
>Because running bind chrooted is considerably safer, and
>the defaults should be as safe as possible unless it is an
>inconvenience to the majority of our users.

=46wiw, I do believe it is better to have the chrooted setup
by default.  We're already making a significant change in
going from bind8 to bind9, so anyone running bind is going
to have to check over their machines anyway.  No one running
bind is going to be able to "blindly update" to 5.3-release.

We might as well go with the safer configuration by default,
because I would rather do it now than wait for 6.0-release.
After all, if this change is "too scary" to do for the first
release to be called 5.x-STABLE, then it must be too scary to
do for later releases in that STABLE branch.

Just my 2 cents.

-- 
Garance Alistair Drosehn     =3D      gad@gilead.netel.rpi.edu
Senior Systems Programmer               or   gad@FreeBSD.org
Rensselaer Polytechnic Institute;             Troy, NY;  USA