Following vendor release cycle (Was: Re: RFC: Upgrade BIND version in RELENG_7 to BIND 9.6.x)

Doug Barton dougb at FreeBSD.org
Sat Dec 18 23:07:15 UTC 2010 

On 12/18/2010 03:15, Kostik Belousov wrote:
> On Fri, Dec 17, 2010 at 09:41:54PM -0800, Doug Barton wrote:
>> Howdy,
>>
>> Traditionally for contributed software generally, and BIND in particular
>> we have tried to keep the major version of the contributed software
>> consistent throughout a given RELENG_$N branch of FreeBSD. Hopefully the
>> reasoning for this is obvious, we want to avoid POLA violations.
> Actually not. My own POV is that we should follow the vendor release
> cycle, and not the FreeBSD release cycle, for the contributed software.
>
> I do not advocate immediate upgrade of the third-party software that
> reached its EOL, but I think that we should do this without pushback
> if maintainer consider the neccessity of upgrade.

Just to be clear, there were considerable discussions, over a long 
period of time; between myself, the release engineers, and the 
security-officer team regarding the subject of BIND 9.3 in RELENG_6. I 
was given the green light to upgrade if I felt it was necessary (as 
you're suggesting here) but the final decision to live with the status 
quo was mine, and I accept responsibility for it.

My reasoning was as follows:

1. All the latest versions of BIND are available in ports, and I made 
sure that they worked in RELENG_6 so that users who wanted to stay at 
that OS level but had more serious DNS needs had an easy path.

2. Because BIND 9.3 lacked the ability to do modern DNSSEC anyone who 
wanted that feature would have to upgrade anyway.

3. BIND 9.3 was still suitable for the (primary) stated purpose of BIND 
in the base, a basic local resolving name server.

4. BIND 9.3 was different enough that users migrating from it to more 
modern versions were experiencing problems.

5. Users were naturally migrating to RELENG_[78] at a pace which 
minimized the impact of the issue.

If any of those things had stopped being true my decision would have 
been different, but as it was I chose to "grin and bear it" in order to 
avoid the POLA violation for any users who were actually using BIND 9.3 
in RELENG_6. However, the circumstances for BIND 9.4 and RELENG_7 are 
different, and much more amenable to the upgrade, which is why I'm 
proposing it.


hth,

Doug

-- 

	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)  http://SupersetSolutions.com/

More information about the freebsd-stable mailing list