Waiting for BIND security announcement
Doug Barton
dougb at FreeBSD.org
Wed Aug 1 19:13:38 UTC 2007
Jeffrey Goldberg wrote:
> It appears that BIND has only been fixed in -STABLE and -CURRENT, but
> not in -RELEASE. Does anyone know if there are plans to get this
> patched in 6.2?
>
> For me it makes little difference since I am not (yet) running named in
> a publicly accessible way. But my medium term plans for my DNS do
> involve me running a public nameserver on the latest RELEASE with all
> patches.
>
> It does worry me if this kind of thing doesn't get patched in the latest
> RELEASE.
Um, it doesn't work that way. "6.2-RELEASE" is just a symbolic name
that is related to the files that have the RELENG_6_2_0_RELEASE flag.
If you want to stay as close as possible to 6.2-RELEASE but also
include the fixes that the security officer deems important enough to
release widely, use the tag RELENG_6_2 (usually in your supfile for
cvsup or csup). If you want the latest code for 6-stable, which will
eventually become 6.3-RELEASE, use just RELENG_6.
When it comes to BIND stuff in particular, I always update the ports
first, so anyone with a mission critical DNS operation can get fixes
ASAP. There is even an option in the port to overwrite the base BIND
if you so desire.
hth,
Doug
--
This .signature sanitized for your protection
More information about the freebsd-questions
mailing list