Waiting for BIND security announcement
Colin Percival
cperciva at freebsd.org
Wed Aug 1 20:23:42 UTC 2007
Jeffrey Goldberg wrote:
> Anyway, I was disappointed that the BIND fix didn't make it into
> RELENG_6_2.
Give us a little time. Unless an issue is exceptionally urgent, it
usually takes us about a week to confirm that we're affected, to get
a patch from upstream or create our own, to make sure the patch fixes
the issue and doesn't create any new problems (there have been several
issues lately where the upstream patches were broken), to confirm that
the patch applies cleanly to all of our supported branches, and to
write our advisory.
Usually the FreeBSD Security Team hears about issues in major "contrib"
code (e.g., sendmail, bind, openssl, openssh) ahead of time and is able
to prepare before the issues become public, but this time we didn't get
any advance warning.
Colin Percival
More information about the freebsd-questions
mailing list