From owner-freebsd-ports@FreeBSD.ORG Sat Dec 28 01:18:45 2013 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 14AC9CD8; Sat, 28 Dec 2013 01:18:45 +0000 (UTC) Received: from dougbarton.us (dougbarton.us [IPv6:2607:f2f8:ab14::2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id EC3C010ED; Sat, 28 Dec 2013 01:18:44 +0000 (UTC) Received: from [IPv6:2001:470:d:5e7:3d74:3890:5edc:cb26] (unknown [IPv6:2001:470:d:5e7:3d74:3890:5edc:cb26]) by dougbarton.us (Postfix) with ESMTPSA id 8671A22B42; Sat, 28 Dec 2013 01:18:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dougbarton.us; s=dougbarton.us; t=1388193524; bh=M/rAaDcuihTKbWy/220bgsxq88O5iZXrUrmynjRqrf0=; h=Date:From:To:CC:Subject:References:In-Reply-To; b=hQZiuhfIHIFPzd4LG5N7q4ckb+/icXNBGVZlBd835ia1tPvro8aAg++32qwzUoyzA yrWPXWCGc8C73+AGl/EgPp2sN9Jyfyf45qtxsDPgyOIH/D2XFTbPkBwCEvloOifwcx /6IdrPp6JG+TKVUw0Q2IJEYo1FqZ4Vbpph2etXoA= Message-ID: <52BE26F3.2010402@dougbarton.us> Date: Fri, 27 Dec 2013 17:18:43 -0800 From: Doug Barton User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: freebsd-ports@freebsd.org Subject: Re: dns/bind* ports overwriting conf files References: <52BBC9A7.8050106@dougbarton.us> <6F8341277A5BAACC98F195D7@atuin.in.mat.cc> In-Reply-To: <6F8341277A5BAACC98F195D7@atuin.in.mat.cc> X-Enigmail-Version: 1.6 OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Dec 2013 01:18:45 -0000 On 12/27/2013 04:00 PM, Mathieu Arnold wrote: > +--On 25 décembre 2013 22:16:07 -0800 Doug Barton > wrote: > | While looking at the UPDATING entry for the bdb mess (more on that later) > | I happened to see this: > | > | 20131209: > | AFFECTS: users of dns/bind96, dns/bind98 and bind99 on FreeBSD 10.0 > | AUTHOR: erwin@FreeBSD.org > | > | Bind versions before 9.6.3.2.ESV.R10_2, 9.8.6_2, and 9.9.4_2 on > | FreeBSD 10.0 will replace named.conf on upgrade. Make sure to > | backup any local changes before upgrading to the _2 versions. > | > | This is not Ok. FreeBSD ports are NEVER supposed to blindly overwrite > | config files. Please fix this so that it confirms to over a decade of > | policy that FreeBSD ports users should be able to safely depend on. > > That's ok, because FreeBSD 10.0 is not released yet, and the current > version of the bind ports doesn't overwrite the config files. It's not Ok under any circumstances. FreeBSD ports should NEVER blindly overwrite config files. Period, end of discussion. There is no doubt that the work to remove BIND from the base and make the ports version robust on 10.x will be difficult due to the fact that the port relied on several things already being present in the default base install. However "it's hard" is no excuse for not doing the work correctly. What I proposed as part of this work years ago was to create something like a bind-config package that would (optionally) install the same default files and configuration for the port that are still in the base for [89].x. That way users who just wanted the old default local resolver could get that behavior easily, and users with other needs would not have to have it. I still think that's the easiest and least painful way to manage the transition, and would encourage Erwin to consider it. (For extra credit, a different but similar sort of port should be created to enable DNSSEC validation, and should include the root zone trust anchor, and a description of how the user can validate it for themselves.) In any case even a _plan_ to overwrite conf files blindly is a bad idea. So much the better to fix it now before it actually bites any users. Doug