From owner-freebsd-stable@FreeBSD.ORG Wed Dec 4 01:13:48 2013 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EE78DA36 for ; Wed, 4 Dec 2013 01:13:47 +0000 (UTC) Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 874F2126F for ; Wed, 4 Dec 2013 01:13:47 +0000 (UTC) Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) by mx.ams1.isc.org (Postfix) with ESMTP id 803182383B1; Wed, 4 Dec 2013 01:13:33 +0000 (UTC) (envelope-from marka@isc.org) Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 6EB1E160446; Wed, 4 Dec 2013 01:21:20 +0000 (UTC) Received: from rock.dv.isc.org (c211-30-183-50.carlnfd1.nsw.optusnet.com.au [211.30.183.50]) by zmx1.isc.org (Postfix) with ESMTPSA id 3DA9A160436; Wed, 4 Dec 2013 01:21:20 +0000 (UTC) Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 88434B13F15; Wed, 4 Dec 2013 12:13:30 +1100 (EST) To: "Chris H" From: Mark Andrews References: <1386086749.9599.54995173.6CD35E54@webmail.messagingengine.com> <20131203.223612.74719903.sthaug@nethelp.no> <560e9b24248600b4125c8786712d0bf9.authenticated@ultimatedns.net> Subject: Re: BIND chroot environment in 10-RELEASE...gone? In-reply-to: Your message of "Tue, 03 Dec 2013 14:10:29 -0800." <560e9b24248600b4125c8786712d0bf9.authenticated@ultimatedns.net> Date: Wed, 04 Dec 2013 12:13:30 +1100 Message-Id: <20131204011330.88434B13F15@rock.dv.isc.org> X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on mx.ams1.isc.org Cc: freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Dec 2013 01:13:48 -0000 In message <560e9b24248600b4125c8786712d0bf9.authenticated@ultimatedns.net>, "Chris H" writes: > >> > It was a deliberate decision made by the maintainer. He said the chroot > >> > code in the installation was too complicated and would be removed as a > >> > part of the installation clean-up to get all BIND related files out of > >> > /usr and /etc. I protested at the time as did someone else, but the > >> > maintainer did not respond. I thnk this was a really, really bad > >> > decision. > >> > > >> > I searched a bit for the thread on removing BIND leftovers, but have > >> > failed to find it. > >> > > >> > >> You're probably thinking about my November 17 posting: > >> http://lists.freebsd.org/pipermail/freebsd-stable/2013-November/075895.html > >> > >> I'm glad to see others finally speaking up; I was beginning to think I was > >> the only one who thought this was not a good idea. I'm a bit surprised > >> that no one has responded yet. > > > > I agree with the protesters here. Removing chroot and symlinking logic > > in the ports is a significant disservice to FreeBSD users, and will > > make it harder to use BIND in a sensible way. A net disincentive to > > use FreeBSD :-( > > I strongly disagree. The BIND is still available within FreeBSD for anyone who chooses to > use/install it. Further, nothing stops anyone who wishes to continue using the CHROOT(8) > script(s) that provided the BIND with a chroot. Any copy of a FreeBSD-8 (maybe even 9) > install CD/DVD holds all the "magic" required. It is _easily_ acquired, and implemented. In > fact, one could easily turn the whole affair into an automated routine. > So. Bottom line; the BIND still remains with FreeBSD, nothing has been taken away. > The CHROOT(8) scripts are still easily available, and can be implemented, at will, by > anyone who cares to continue using it. > What's the big deal? If it is easily aquired why isn't it in the port or is it as Erwin claims that it is too hard. So what is it? In any case it would be better if the port supported chroot as of FBSD 10. /var/named is still as far as I can see the sensible place to default the chroot directory. Copying BIND.chroot.dist and installing it in /usr/local/etc as BIND.chroot should be a no brainer as of FBSD 10.0. Then there is tweeking chroot_autoupdate. Anyway I suspect there will be a lot of pr requests about this. > > Steinar Haug, Nethelp consulting, sthaug@nethelp.no > > > > _______________________________________________ > > freebsd-stable@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > > > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org