From owner-freebsd-stable@FreeBSD.ORG Tue Jul 30 14:04:48 2013 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 97ADBA9E for ; Tue, 30 Jul 2013 14:04:48 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 6B2FB25B6 for ; Tue, 30 Jul 2013 14:04:48 +0000 (UTC) Received: from compute3.internal (compute3.nyi.mail.srv.osa [10.202.2.43]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 5A3F320DEA for ; Tue, 30 Jul 2013 10:04:46 -0400 (EDT) Received: from web3 ([10.202.2.213]) by compute3.internal (MEProxy); Tue, 30 Jul 2013 10:04:46 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:from:to:mime-version :content-transfer-encoding:content-type:in-reply-to:references :subject:date; s=smtpout; bh=guxMAzbxboOlJTc/oIq1jbY29HY=; b=R7w 5yd/cdXvqp+vLS6rTDwp5/+BnZRfGIPBYNWc+8tb8X5V0NUJ73g/k61FB63YTfdd bPsPr9IWWXJisSeP0veD6NPJoizsQat1DLYWx2+BY8mPf/ioBIumMcTvqjxc5MmJ dkwZH1YRI9KZtrBHljKVKM4gc2h4DTfjOuYQPASw= Received: by web3.nyi.mail.srv.osa (Postfix, from userid 99) id 3B941B01EFA; Tue, 30 Jul 2013 10:04:46 -0400 (EDT) Message-Id: <1375193086.25610.3260371.08421FD0@webmail.messagingengine.com> X-Sasl-Enc: FTO/0yW8WVSor77nNUNLJeQZxcKI+VgvG3o0qoNFev6X 1375193086 From: Mark Felder To: freebsd-stable@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-9e4be734 In-Reply-To: <51F7C07C.9060606@digsys.bg> References: <1375186900.23467.3223791.24CB348A@webmail.messagingengine.com> <51F7B5C7.6050008@digsys.bg> <51F7C07C.9060606@digsys.bg> Subject: Re: Bind in FreeBSD, security advisories Date: Tue, 30 Jul 2013 09:04:46 -0500 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jul 2013 14:04:48 -0000 On Tue, Jul 30, 2013, at 8:32, Daniel Kalchev wrote: > > > This is very much an situation like replacing gcc with clang/llvm. > However, in the case of BIND we have no licensing problems, stability > problems, performance problems etc --- just concerns that BIND generates > many SAs -- which might be actually good indicator, as it demonstrates > that BIND is worked on. > There's a man with a name whose initials match DJB that would strongly disagree. Now he's not always the best person to reference, but he's made a succinct point with his own software, whether or not you like using it. Unbound/NSD are suitable replacements if we really need something in base, and they have been picked up by OpenBSD for a good reason -- clean, secure, readable, maintainable codebases and their use across the internet and on the ROOT servers is growing. > I personally see no reason to remove BIND from base. If someone does not > want BIND in their system, they could always use the WITHOUT_BIND build > switch. I'd be inclined to agree if it wasn't such a wholly insecure chunk of code. You don't see people whining about Sendmail in base when they prefer Postfix or Exim, but Sendmail doesn't have a new exploit every week. You do tend to need an MTA for getting messages off the system more than you need a local recursor/cache, but at least it's not causing you maintenance headaches. If you consider the possibility that a large enough percentage of users really desire a local recursor/cache it should be our duty to give them the best option available.