Date: Wed, 9 Jul 2008 17:27:42 +0200 (CEST) From: "Remko Lodder" <remko@elvandar.org> To: "Josh Mason" <wtf.matters@gmail.com> Cc: freebsd-security@freebsd.org, astorms@ncircle.com Subject: Re: BIND update? Message-ID: <3a558cb8f79e923db0c6945830834ba2.squirrel@galain.elvandar.org> In-Reply-To: <17cd1fbe0807090819o2aa28250h13c58dbe262abb7c@mail.gmail.com> References: <17cd1fbe0807090819o2aa28250h13c58dbe262abb7c@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, July 9, 2008 5:19 pm, Josh Mason wrote: > Remko Lodder wrote: >> On Tue, July 8, 2008 8:34 pm, Andrew Storms wrote: >>> Are going to expect a update for BIND today? >>> >>> http://www.isc.org/index.pl?/sw/bind/bind-security.php >>> >>> _______________________________________________ >> >> Hello, >> >> I think it's important that we do not overstretch things instantly. The >> FreeBSD Security Team is aware of this situation and will investigate >> how >> to do plan and act upon this. >> >> Thanks, >> Remko >> Hello Josh, > Right, lets not act swiftly. That would be too much to ask. Is there any > reason why FreeBSD is one of the last vendors to release patches for the > vulnerability? Thanks for taking the time to reply to the thread. Sadly the tone you are using makes me feel a bit sad. There is a deeper reply in the reply you send, and I do not like it. We as the Security Team do our best to act as soon as possible on things. Items like these tend to take up a lot of time and resources, we need to test things properly, make sure all the bits and bytes are OK, so that we don't make people grumpy about things we overlook. I am sure you can understand that and leave away the attitude. > > I apologize, perhaps I should simply do it myself as has been the common > response as of late, or perhaps install from source retrieved from > isc.orgshould be the expected answer? If you want to do that, no one will be stopping you. We as the security team will be working as hard as possible to try and understand the problem, wrap up the correct response and make sure it gets fixed where needed, these things just take time. > > Most other vendors seem to have taken this seriously, yet FreeBSD seems to > be sitting on their hands for some unknown reason while its users remain > vulnerable. We also take this seriously, I think you are short-visioned by telling something like this. There is a mitigation strategy for the BIND issue as already reported on the list. Given your response you must be clever enough to find it. > > Thanks for all the hard work, Thanks for the deeper attitude and the email. I hope you can understand that we are a volunteer organisation which does not have paid people working on items 24/7 which other vendors might have. If you want to have that, I am sure we can get some people so far for getting payed for their normal wages so that we can do that as well. Till that time you should understand volunteer organisations better, or come up with a better proposal you simply don't know how much is involved here. > > Your incredibly loyal follower > Sarcastic. -- /"\ Best regards, | remko@FreeBSD.org \ / Remko Lodder | remko@EFnet X http://www.evilcoder.org/ | / \ ASCII Ribbon Campaign | Against HTML Mail and News
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3a558cb8f79e923db0c6945830834ba2.squirrel>