Bind in FreeBSD, security advisories
Tim Daneliuk
tundra at tundraware.com
Tue Jul 30 14:05:08 UTC 2013
On 07/30/2013 08:13 AM, Mehmet Erol Sanliturk wrote:
> On Tue, Jul 30, 2013 at 8:47 AM, Daniel Kalchev <daniel at digsys.bg> wrote:
>
>>
>> On 30.07.13 15:21, Mark Felder wrote:
>>
>>> People don't seem upset about not having a webserver, IMAP/POP daemon,
>>> or LDAP server in base, so I don't understand what the big deal is about
>>> removing BIND.
>>>
>>
>> I believe the primary reason these things are not in the base system is
>> that they have plenty of dependencies, with possibly conflicting licenses
>> etc.
>>
>> If the concern is over the rare case when you absolutely
>>> need a DNS recursor and there are none you can reach I suppose we should
>>> just import Unbound.
>>>
>>
>> There are many and good reasons to include an fully featured name server,
>> or at least full recursive resolver. For example, for properly supporting
>> DNSSEC.
>> We could in theory remove the BIND's authoritative name server
>> executable... if that is attracting the SAs.
>>
>> The justification "reduce the number of SA's", that is, "the bad PR" is
>> probably not enough. Going that direction, we should consider Comrade
>> Stalin's maxim "FreeBSD exists, there are problems, here is the solution --
>> no FreeBSD, no problems!" :-)
>>
>> Daniel
>>
>
>
>
> Then , there exists a new problem :
>
>
> "There is no FreeBSD ..."
>
>
> Thank you very much .
>
>
Exactly. Either strip everything out of the base
including things like perl or admit that there is more
to a modern OS than just kernel and admin tools.
--
-----------------------------------------------------------------------
Tim Daneliuk
More information about the freebsd-stable
mailing list