On Wed, Feb 23, 2011 at 07:28:15PM +0000, Trutwin, Joshua wrote: [ > Larry Vaden wrote: (please don't snip attributions)] > > Please take off the blinders and realize there are lots of folks (some x% of a > > million or more) on this list who compile from current source in order to > > minimize their risks and are therefore the subject audience. If they have compiled from source then it is by definition not a CentOS issue. > > On the one hand, you have Paul Vixie and crew (authors of BIND) and > > US_CERT saying "US-CERT encourages users and administrators using the > > affected versions of BIND to upgrade to BIND 9.7.3." Anyone running a CentOS-provided version of BIND is not using an affected version. > > On the other hand, you > > have "don't bother me with reality, I'm comfortable, am not affected and > > don't want to read messages to those who are affected." Those messages are offtopic on this mailing list, so I sympathize with people who have the attitude you describe. Someone who had more credibility with the list might be able to post offtopic messages (which they would have marked [OT]) without causing a flamewar. > I've only been subscribed here a week and this topic seems very heated, so sorry if this stirs the pot up again, but don't patches for these things get back-ported? So even if you're running bind v9.5.1 on CentOS/upstream 4/5.x you'd still have security fixes like those in this article backported right? If you're running BIND 9.5.1, you are not susceptible to the bug that Larry posted at all. In general, security bugs that are applicable to RHEL packages are patched upstream then rebuilt and released by CentOS. > And yeah I suppose rolling your own is always an option but in my experience it's to easy to get behind. This seems more like a Slackware approach tho, nothing against Slack of course! Rolling one's own is an option for any distribution, including CentOS. But rolling one's own by definition removes those packages from the support stream for that distro, so should be taken into consideration when deciding whether to roll one's own or not. --keith -- kkeller at wombat.san-francisco.ca.us -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20110223/7acd0b34/attachment-0005.sig>