Date: Wed, 09 Jul 2008 11:46:19 -0400 From: Peter Thoenen <peter.thoenen@yahoo.com> To: remko@elvandar.org Cc: freebsd-security@freebsd.org, astorms@ncircle.com, Josh Mason <wtf.matters@gmail.com> Subject: Re: BIND update? Message-ID: <4874DD4B.5020608@yahoo.com> In-Reply-To: <3a558cb8f79e923db0c6945830834ba2.squirrel@galain.elvandar.org> References: <17cd1fbe0807090819o2aa28250h13c58dbe262abb7c@mail.gmail.com> <3a558cb8f79e923db0c6945830834ba2.squirrel@galain.elvandar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>> Right, lets not act swiftly. That would be too much to ask. Is there any >> reason why FreeBSD is one of the last vendors to release patches for the >> vulnerability? Actually IIRC all the press releases from the *alliance* stated 30 days and as this is a fundamental flaw that has known for the past 6 months and doesn't provide any sort of elevated privileges (or effect those smart enough to run DNSSEC like you should be IIRC) its really not a CRITICAL patch .. its more of a when you get around to it seriously. Let the Security Team do their job and quit pestering them on your now now now next day patch wants for a trivial issue.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4874DD4B.5020608>