Date: Mon, 15 Dec 2014 10:47:56 +0100 From: "Ronald Klop" <ronald-lists@klop.ws> To: freebsd-stable@freebsd.org Subject: Re: BIND chroot environment in 10-RELEASE...gone? Message-ID: <op.xqwlh6utkndu52@ronaldradial.radialsg.local> In-Reply-To: <20141215.082038.41648681.sthaug@nethelp.no> References: <CAN6yY1sVGiQFNkoi0mGZs7grJ5SMAui-rDO1e8UDAs0PTUVL9g@mail.gmail.com> <alpine.BSF.2.00.1312031407090.78399@roadkill.tharned.org> <20131203.223612.74719903.sthaug@nethelp.no> <20141215.082038.41648681.sthaug@nethelp.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 15 Dec 2014 08:20:38 +0100, <sthaug@nethelp.no> wrote: >> > > It was a deliberate decision made by the maintainer. He said the >> chroot >> > > code in the installation was too complicated and would be removed >> as a >> > > part of the installation clean-up to get all BIND related files out >> of >> > > /usr and /etc. I protested at the time as did someone else, but the >> > > maintainer did not respond. I thnk this was a really, really bad >> > > decision. >> > > >> > > I searched a bit for the thread on removing BIND leftovers, but have >> > > failed to find it. >> > > >> > >> > You're probably thinking about my November 17 posting: >> > >> http://lists.freebsd.org/pipermail/freebsd-stable/2013-November/075895.html >> > >> > I'm glad to see others finally speaking up; I was beginning to think >> I was >> > the only one who thought this was not a good idea. I'm a bit >> surprised >> > that no one has responded yet. >> >> I agree with the protesters here. Removing chroot and symlinking logic >> in the ports is a significant disservice to FreeBSD users, and will >> make it harder to use BIND in a sensible way. A net disincentive to >> use FreeBSD :-( > > I have now installed my first 10.1 based name server. I had to spend > some hours to recreate the changeroot environment that I had so easily > available in FreeBSD up to 9.x. > > <rant> > Removing the changeroot environment and symlinking logic is a net > disservice to the FreeBSD community, and disincentive to use FreeBSD. > </rant> > > Steinar Haug, Nethelp consulting, sthaug@nethelp.no Isn't this reasoning a bit flawed? Something hurt you so you state it is hurting a whole community. I, for one, am glad the security updates of the Bind software are now better maintainable across all FreeBSD version. NB: using a jail might give an easier to maintain secure environment for bind than a chroot. With more restrictions to the process also. Regards, Ronald.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.xqwlh6utkndu52>