Waiting for BIND security announcement

[Jeffrey Goldberg]

On Aug 1, 2007, at 2:13 PM, Doug Barton wrote:

> If you want to stay as close as possible to 6.2-RELEASE but also
> include the fixes that the security officer deems important enough to
> release widely, use the tag RELENG_6_2 (usually in your supfile for
> cvsup or csup). If you want the latest code for 6-stable, which will
> eventually become 6.3-RELEASE, use just RELENG_6.

Thank you.  I wasn't clear in my original message.  I meant to talk  
about RELENG_6_2 which is what I meant when I said "6.2 Release with  
patches".  But I fully acknowledge that while I've used RCS for ages,  
I still don't fully grok branches and trunks (or HEADs in CVS), so I  
do state things badly and can always use the reminder of how things  
work.

Anyway, I was disappointed that the BIND fix didn't make it into  
RELENG_6_2.
But ...

> When it comes to BIND stuff in particular, I always update the ports
> first, so anyone with a mission critical DNS operation can get fixes
> ASAP. There is even an option in the port to overwrite the base BIND
> if you so desire.

Ah-ha.  That makes a big difference.  OK.  If I'm going to expose my  
name server to the big bad world while tracking RELENG_N_M ("release  
with patches") I'll use bind from ports.

Are there other things in /usr/src/contrib that follow this pattern?

> hth,

Yes, it helps a great deal.  Thank you very much for your work on  
this and your patience with me.

-j


-- 
Jeffrey Goldberg                        http://www.goldmark.org/jeff/