BIND chroot environment in 10-RELEASE...gone?
Chris H
bsd-lists at bsdforge.com
Tue Dec 16 04:24:44 UTC 2014
On Mon, 15 Dec 2014 08:20:38 +0100 (CET) sthaug at nethelp.no wrote
> > > > It was a deliberate decision made by the maintainer. He said the chroot
> > > > code in the installation was too complicated and would be removed as a
> > > > part of the installation clean-up to get all BIND related files out of
> > > > /usr and /etc. I protested at the time as did someone else, but the
> > > > maintainer did not respond. I thnk this was a really, really bad
> > > > decision.
> > > >
> > > > I searched a bit for the thread on removing BIND leftovers, but have
> > > > failed to find it.
> > > >
> > >
> > > You're probably thinking about my November 17 posting:
> > >
> > >
http://lists.freebsd.org/pipermail/freebsd-stable/2013-November/075895.html
> > >
> > > I'm glad to see others finally speaking up; I was beginning to think I
> > > was the only one who thought this was not a good idea. I'm a bit
> > > surprised that no one has responded yet.
> >
> > I agree with the protesters here. Removing chroot and symlinking logic
> > in the ports is a significant disservice to FreeBSD users, and will
> > make it harder to use BIND in a sensible way. A net disincentive to
> > use FreeBSD :-(
>
> I have now installed my first 10.1 based name server. I had to spend
> some hours to recreate the changeroot environment that I had so easily
> available in FreeBSD up to 9.x.
>
> <rant>
> Removing the changeroot environment and symlinking logic is a net
> disservice to the FreeBSD community, and disincentive to use FreeBSD.
> </rant>
In all fairness (is there even such a thing?);
"Convenience" is a two-way street. For each person that thinks
the BIND chroot(8) mtree(8) symlink(2) was a great "service". There
are at *least* as many whom feel differently. I chose to remove/disable
the BIND, from BASE, some time ago. As it wasn't "convenient" to have
to overcome/deal with the CVE/security issues. In the end, I was forced
to re-examine some of the other resolvers, that ultimately, only proved
to be better choice(s).
Just sayin'
--Chris
>
> Steinar Haug, Nethelp consulting, sthaug at nethelp.no
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
More information about the freebsd-stable
mailing list