[CentOS] BInd Problem or Update SSL ?

Sat Feb 19 06:51:55 UTC 2011
Larry Vaden <vaden at texoma.net>

On Fri, Feb 18, 2011 at 7:39 PM, James Hogarth <james.hogarth at gmail.com> wrote:
>>
>> Joe, Randy and James are my mentors of 15, 5 and 5 years,
>> respectively, and all said the same thing, namely "nuke and repave, be
>> sure to be current on BIND" since it is a purpose-built box (ns1).
>
> Perhaps is it a difference in language and what you mean by mentor and
> where I would mean old colleague/peer who I have discussed this with.

Wikipedia says "This is the source of the modern use of the word
mentor: a trusted friend, counselor or teacher, usually a more
experienced person."  I am not their peer;  they are my mentors.  They
have been invaluable over the 25 combined years of mentorship to this
rural ISP.

> Remember that the version number you see on BIND is not always the
> equivalent of upstream due to backports. You should check the relevant
> RHEL errata, the package %changelog and CVE to get a better
> understanding of what exploits are known and what has been patched.

Johnny has remarked on the importance of trust.

My trust in RedHat went down when I learned they are not shipping all
the SRPMs.  Some say it is due to human error.  If that is the case,
why should I think they are better at backporting security fixes than
at making sure a manifest of SRPMs is complete and correct?