From owner-freebsd-stable@FreeBSD.ORG  Tue Jul 30 12:48:45 2013
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 45B74948
 for <freebsd-stable@freebsd.org>; Tue, 30 Jul 2013 12:48:45 +0000 (UTC)
 (envelope-from daniel@digsys.bg)
Received: from smtp-sofia.digsys.bg (smtp-sofia.digsys.bg [193.68.21.123])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id C12DA3000
 for <freebsd-stable@freebsd.org>; Tue, 30 Jul 2013 12:48:44 +0000 (UTC)
Received: from dcave.digsys.bg (dcave.digsys.bg [193.68.6.1])
 (authenticated bits=0)
 by smtp-sofia.digsys.bg (8.14.6/8.14.6) with ESMTP id r6UCl3SL074760
 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO)
 for <freebsd-stable@freebsd.org>; Tue, 30 Jul 2013 15:47:03 +0300 (EEST)
 (envelope-from daniel@digsys.bg)
Message-ID: <51F7B5C7.6050008@digsys.bg>
Date: Tue, 30 Jul 2013 15:47:03 +0300
From: Daniel Kalchev <daniel@digsys.bg>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:17.0) Gecko/20130627 Thunderbird/17.0.7
MIME-Version: 1.0
To: freebsd-stable@freebsd.org
Subject: Re: Bind in FreeBSD, security advisories
References: <CAO+PfDctepQY0mGH7H+gOSm4HJwhe-RCND+mxAArnRxpWiCsjg@mail.gmail.com>
 <1375186900.23467.3223791.24CB348A@webmail.messagingengine.com>
In-Reply-To: <1375186900.23467.3223791.24CB348A@webmail.messagingengine.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jul 2013 12:48:45 -0000


On 30.07.13 15:21, Mark Felder wrote:
> People don't seem upset about not having a webserver, IMAP/POP daemon,
> or LDAP server in base, so I don't understand what the big deal is about
> removing BIND.

I believe the primary reason these things are not in the base system is 
that they have plenty of dependencies, with possibly conflicting 
licenses etc.

> If the concern is over the rare case when you absolutely
> need a DNS recursor and there are none you can reach I suppose we should
> just import Unbound.

There are many and good reasons to include an fully featured name 
server, or at least full recursive resolver. For example, for properly 
supporting DNSSEC.
We could in theory remove the BIND's authoritative name server 
executable... if that is attracting the SAs.

The justification "reduce the number of SA's", that is, "the bad PR" is 
probably not enough. Going that direction, we should consider Comrade 
Stalin's maxim "FreeBSD exists, there are problems, here is the solution 
-- no FreeBSD, no problems!" :-)

Daniel