Date: Wed, 31 Jul 2013 08:55:41 +0200 (CEST) From: sthaug@nethelp.no To: marka@isc.org Cc: bsd-lists@1command.com, freebsd-stable@freebsd.org Subject: Re: Bind in FreeBSD, security advisories Message-ID: <20130731.085541.74748290.sthaug@nethelp.no> In-Reply-To: <20130731020623.7243C37DF218@drugs.dv.isc.org> References: <2F6932C3-EF37-49FC-83EE-05512DD5A05C@digsys.bg> <9b0056db5b760c755dd4acc45bfbd1ad.authenticated@ultimatedns.net> <20130731020623.7243C37DF218@drugs.dv.isc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Considering the topic, and how many times it's come up. I'm not sure that's a > > nything to > > be proud of. ;) > > Given not all CVE's are created equal and given the amount of > internal self consistancy checks (all of which kill the server if > they don't pass (and push the CVSS score to 7.x)) there are in BIND > the number of advisaries is actually very small. > > Yes, this was a internal self consistancy check failing. > > We are human and despite code reviews, unit and system tests, static > analysis checkers etc. some errors do make it through. I'm also more than a little surprised about people dragging out sendmail as a shining example of *good* (bug-free?) software. Does nobody remember any history here? It wasn't *that* many years ago that we seemed to have "sendmail-bug-of-the-day"... Steinar Haug, Nethelp consulting, sthaug@nethelp.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130731.085541.74748290.sthaug>