BIND update?
Xin LI
delphij at delphij.net
Thu Jul 10 10:17:50 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jeremy Chadwick wrote:
| On Thu, Jul 10, 2008 at 07:44:51PM +1000, Peter Jeremy wrote:
|> On 2008-Jul-10 11:40:06 +0200, Oliver Brandmueller <ob at e-Gitt.NET> wrote:
|>> shouldn't there be a very urgent BIND update somewhere around?
|> There has been a very long thread about this in -security. Leaving
|> out the trolls and flaming, the salient points are:
|> - The bind port has been updated to include the relevant patches
|> - The security team is aware of the issue and is working on a fix.
|
| I'm curious to know why the BIND ports were updated before the base
| system BIND. Absolutely no offence intended towards Doug, but the
| priority seems reversed.
Speaking as my own: Base system needs more conservative QA process, e.g.
we want to minimize the change, we need to analyst the impact (FWIW the
security fix would negatively affect heavy traffic sites) and document
it (i.e. the security advisory), and we want to make the change a
one-time one (for instance, shall we patch libc's resolver as well?), so
rushing into a "presumably patched" state would not be a very good solution.
Cheers,
- --
Xin LI <delphij at delphij.net> http://www.delphij.net/
FreeBSD - The Power to Serve!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
iEYEARECAAYFAkh14bYACgkQi+vbBBjt66ALTQCdEozuYtUUgI1bn/nitLeIZHqj
6Y0AnRb1wOIklk3h6Q5MFB4keEy9ZRDP
=PAr6
-----END PGP SIGNATURE-----
More information about the freebsd-stable
mailing list