> > > It was a deliberate decision made by the maintainer. He said the chroot > > > code in the installation was too complicated and would be removed as a > > > part of the installation clean-up to get all BIND related files out of > > > /usr and /etc. I protested at the time as did someone else, but the > > > maintainer did not respond. I thnk this was a really, really bad > > > decision. > > > > > > I searched a bit for the thread on removing BIND leftovers, but have > > > failed to find it. > > > > > > > You're probably thinking about my November 17 posting: > > http://lists.freebsd.org/pipermail/freebsd-stable/2013-November/075895.html > > > > I'm glad to see others finally speaking up; I was beginning to think I was > > the only one who thought this was not a good idea. I'm a bit surprised > > that no one has responded yet. > > I agree with the protesters here. Removing chroot and symlinking logic > in the ports is a significant disservice to FreeBSD users, and will > make it harder to use BIND in a sensible way. A net disincentive to > use FreeBSD :-(I have now installed my first 10.1 based name server. I had to spend some hours to recreate the changeroot environment that I had so easily available in FreeBSD up to 9.x. <rant> Removing the changeroot environment and symlinking logic is a net disservice to the FreeBSD community, and disincentive to use FreeBSD. </rant> Steinar Haug, Nethelp consulting, sthaug at nethelp.no
Howdy, On 15 December 2014 at 18:20, <sthaug at nethelp.no> wrote:> [snip] > <rant> > Removing the changeroot environment and symlinking logic is a net > disservice to the FreeBSD community, and disincentive to use FreeBSD. > </rant> >+1 This, and the mess that is pkg, is making me reconsider FreeBSD as my Open Source OS of choice, after 20 years of use. The patchwork quilt of components that makes up a Linux distro doesn't need to be complemented by further FreeBSD releases :-( -- Regards, Chris Knight
On Mon, 15 Dec 2014 08:20:38 +0100, <sthaug at nethelp.no> wrote:>> > > It was a deliberate decision made by the maintainer. He said the >> chroot >> > > code in the installation was too complicated and would be removed >> as a >> > > part of the installation clean-up to get all BIND related files out >> of >> > > /usr and /etc. I protested at the time as did someone else, but the >> > > maintainer did not respond. I thnk this was a really, really bad >> > > decision. >> > > >> > > I searched a bit for the thread on removing BIND leftovers, but have >> > > failed to find it. >> > > >> > >> > You're probably thinking about my November 17 posting: >> > >> http://lists.freebsd.org/pipermail/freebsd-stable/2013-November/075895.html >> > >> > I'm glad to see others finally speaking up; I was beginning to think >> I was >> > the only one who thought this was not a good idea. I'm a bit >> surprised >> > that no one has responded yet. >> >> I agree with the protesters here. Removing chroot and symlinking logic >> in the ports is a significant disservice to FreeBSD users, and will >> make it harder to use BIND in a sensible way. A net disincentive to >> use FreeBSD :-( > > I have now installed my first 10.1 based name server. I had to spend > some hours to recreate the changeroot environment that I had so easily > available in FreeBSD up to 9.x. > > <rant> > Removing the changeroot environment and symlinking logic is a net > disservice to the FreeBSD community, and disincentive to use FreeBSD. > </rant> > > Steinar Haug, Nethelp consulting, sthaug at nethelp.noIsn't this reasoning a bit flawed? Something hurt you so you state it is hurting a whole community. I, for one, am glad the security updates of the Bind software are now better maintainable across all FreeBSD version. NB: using a jail might give an easier to maintain secure environment for bind than a chroot. With more restrictions to the process also. Regards, Ronald.
On Mon, 15 Dec 2014 08:20:38 +0100 (CET) sthaug at nethelp.no wrote> > > > It was a deliberate decision made by the maintainer. He said the chroot > > > > code in the installation was too complicated and would be removed as a > > > > part of the installation clean-up to get all BIND related files out of > > > > /usr and /etc. I protested at the time as did someone else, but the > > > > maintainer did not respond. I thnk this was a really, really bad > > > > decision. > > > > > > > > I searched a bit for the thread on removing BIND leftovers, but have > > > > failed to find it. > > > > > > > > > > You're probably thinking about my November 17 posting: > > > > > >http://lists.freebsd.org/pipermail/freebsd-stable/2013-November/075895.html> > > > > > I'm glad to see others finally speaking up; I was beginning to think I > > > was the only one who thought this was not a good idea. I'm a bit > > > surprised that no one has responded yet. > > > > I agree with the protesters here. Removing chroot and symlinking logic > > in the ports is a significant disservice to FreeBSD users, and will > > make it harder to use BIND in a sensible way. A net disincentive to > > use FreeBSD :-( > > I have now installed my first 10.1 based name server. I had to spend > some hours to recreate the changeroot environment that I had so easily > available in FreeBSD up to 9.x. > > <rant> > Removing the changeroot environment and symlinking logic is a net > disservice to the FreeBSD community, and disincentive to use FreeBSD. > </rant>In all fairness (is there even such a thing?); "Convenience" is a two-way street. For each person that thinks the BIND chroot(8) mtree(8) symlink(2) was a great "service". There are at *least* as many whom feel differently. I chose to remove/disable the BIND, from BASE, some time ago. As it wasn't "convenient" to have to overcome/deal with the CVE/security issues. In the end, I was forced to re-examine some of the other resolvers, that ultimately, only proved to be better choice(s). Just sayin' --Chris> > Steinar Haug, Nethelp consulting, sthaug at nethelp.no > _______________________________________________ > freebsd-stable at freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"