On 31.07.13 09:38, Shane Ambler wrote:
On 31/07/2013 01:31, Daniel Kalchev wrote:
But here is an idea: Remove BIND from HEAD overnight and see how many
will complain ;-) If nobody complains, don't put it back in.
Or change the default to off. If you want bind add WITH_BIND=yes to
src.conf
That is just as good solution as removing BIND from base. It is also
easier and faster to ass it as package/point, instead of recompiling the
whole base system.
It's hard to say FreeBSD is a safe and secure OS when part of the base
install is always being shown to have security flaws. New features need
to prove they are reliable before they are accepted into a release yet
we allow something that has a long proven history of being a source of
security concerns.
Stop right here! There is plenty of other software that is in base and
is just as "buggy" or even more than BIND.
BIND, by the way benefits from the fact that it runs on many other
platforms and that those bugs are typically found there, not on FreeBSD.
In contrast to that the "perfect FreeBSD only code" has bugs discovered
only when someone stumbles on them in FreeBSD.
For something that needs to be constantly updated in between system
updates then ports is the place to install it from.
You don't have to update BIND constantly, especially if you are not
using it. If you are using it, you will want it updated, no matter what.
I think it is less about whether bind is useful and needs to be in base
and more about should every user of FreeBSD be open to security issues
or should a user have the option to say "yes I want potentially insecure
software on my machine". The ports system allows messages that make it
obvious to the user about security concerns.
You are reading too much into that messages. FreeBSD is not bug free,
nor is any other piece of code.
How many people setup and use a FreeBSD machine without adding something
from ports or packages?
Anyone who can, does prefer to not install any ports. I have over a
dozens servers (and a gazillion jailed instances) that don't have one
single port installed. I find this feature of FreeBSD especially
appealing and something we should keep.
By the way, for those inclined to ask me for statistics: this is my
personal experience. It works for me. If you don't do that, it tells me
nothing I care about. We might have different reasons to make different
choices.
Daniel
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[email protected]"
