Re: Bind update

[David Rhodus <drhodus@xxxxxxxxx>]

Jeroen Ruigrok/asmodai wrote:

> -On [20031122 22:22], David Rhodus (drhodus@xxxxxxxxx) wrote:
>  
>
> > Do you have examples of these security problems ? The only ones I can 
> > think of are root'd inside the design of bind 8.x. I would be very 
> > intrested to see if we couldn't replace the 8.x series with bind 9.x 
> > without many implications.
> >    
>
> Sorry, I wasn't making myself clear, what I was asking was more like:
>
> But what if in the time between now and when we have the new system in
> place we find security holes in the contrib code, how do we handle that?
>
>  
Ah, ok, we apply the vendor released patches to that and/or import the 
newer version of the
software. I'm not planning on letting any of the contrib code go stale 
on us as I maintain
other internal distro's of BSD for companies and update the code for 
them. The same process is follow by FreeBSD and we have done as you'll 
see in the cvs tree with openssl / openssh / sendmail already. I'm 
planning on updating the sendmail code in DragonFly over the next few 
days as well.

I think things like bind / openssl /sendmail / gcc / etc... things we 
have, should always be "inside" the base system though they may just 
become references to packages later on once
someone has time to lay down some big iron on the packaging system.

-DR