From owner-freebsd-stable@FreeBSD.ORG Tue Jul 30 13:32:47 2013 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id CF10DC66 for ; Tue, 30 Jul 2013 13:32:47 +0000 (UTC) (envelope-from daniel@digsys.bg) Received: from smtp-sofia.digsys.bg (smtp-sofia.digsys.bg [193.68.21.123]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 4A08423F7 for ; Tue, 30 Jul 2013 13:32:46 +0000 (UTC) Received: from dcave.digsys.bg (dcave.digsys.bg [193.68.6.1]) (authenticated bits=0) by smtp-sofia.digsys.bg (8.14.6/8.14.6) with ESMTP id r6UDWi09084351 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Tue, 30 Jul 2013 16:32:44 +0300 (EEST) (envelope-from daniel@digsys.bg) Message-ID: <51F7C07C.9060606@digsys.bg> Date: Tue, 30 Jul 2013 16:32:44 +0300 From: Daniel Kalchev User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/20130627 Thunderbird/17.0.7 MIME-Version: 1.0 To: Mehmet Erol Sanliturk Subject: Re: Bind in FreeBSD, security advisories References: <1375186900.23467.3223791.24CB348A@webmail.messagingengine.com> <51F7B5C7.6050008@digsys.bg> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: freebsd-stable X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jul 2013 13:32:47 -0000 On 30.07.13 16:13, Mehmet Erol Sanliturk wrote: > > > > On Tue, Jul 30, 2013 at 8:47 AM, Daniel Kalchev > wrote: > > > Going that direction, we should consider Comrade Stalin's maxim > "FreeBSD exists, there are problems, here is the solution -- no > FreeBSD, no problems!" :-) > > Daniel > > > > > Then , there exists a new problem : > > > "There is no FreeBSD ..." We already know Comrade Stalin's solution had... bugs. Not before millions parted with their lives... When/if we remove BIND from FreeBSD, we might find out whether that solution has bugs, or not. Not until then, though. Back to the topic :) My take on this is that removing BIND from the base today is.. irresponsible. First, most who use FreeBSD expect an DNS server to be readily available. Some people would just avoid to use any ports etc. BIND in base is well tested and known evil. If we are ever to replace it with something else, that something else has to prove itself - demonstrate that it is at least as good as BIND -- in the base system. In practice, not in theory. This is very much an situation like replacing gcc with clang/llvm. However, in the case of BIND we have no licensing problems, stability problems, performance problems etc --- just concerns that BIND generates many SAs -- which might be actually good indicator, as it demonstrates that BIND is worked on. I personally see no reason to remove BIND from base. If someone does not want BIND in their system, they could always use the WITHOUT_BIND build switch. Daniel