BIND update?
Edwin Groothuis
edwin at mavetju.org
Thu Jul 10 12:17:49 UTC 2008
On Thu, Jul 10, 2008 at 12:29:55PM +0200, Oliver Brandmueller wrote:
> Hi,
>
> On Thu, Jul 10, 2008 at 03:17:26AM -0700, Xin LI wrote:
> > Speaking as my own: Base system needs more conservative QA process,
> > e.g. we want to minimize the change, we need to analyst the impact
> > (FWIW the security fix would negatively affect heavy traffic sites)
> > and document it (i.e. the security advisory), and we want to make the
> > change a one-time one (for instance, shall we patch libc's resolver as
> > well?), so rushing into a "presumably patched" state would not be a
> > very good solution.
>
> I understand the reasons and that surely needs to be taken into account.
> Does that imply that the FreeBSD project got the information later than
> f.e. M$ or Debian, who are usually not really known for coming up too
> fast with such fixes?
According to http://www.kb.cert.org/vuls/id/800113, FreeBSD was
tested, but it doesn't say if it was informed.
Microsoft knew about it earlier than yesterday, because they are a
DNS software provider.
Edwin
--
Edwin Groothuis | Personal website: http://www.mavetju.org
edwin at mavetju.org | Weblog: http://www.mavetju.org/weblog/
More information about the freebsd-stable
mailing list