Subject: Re: BIND-8.4.3 for netbsd-1-6 (was: CVS commit: src/dist/bind)
To: Manuel Bouyer <firstname.lastname@example.org>
From: Greg A. Woods <email@example.com>
Date: 12/05/2003 18:03:05
[ On Thursday, December 4, 2003 at 12:10:07 (+0100), Manuel Bouyer wrote: ]
> Subject: Re: BIND-8.4.3 for netbsd-1-6 (was: CVS commit: src/dist/bind)
> The changes between 8.3.5 and 8.3.7 are really small, and so much easier
> to audit.
This isn't kernel code.
It isn't even "critical" code for most people, and those who do consider
it critical will likely be running a hand-built, or pkgsrc built,
What is more critical is keeping up appearances and not stagnating --
i.e. avoiding unnecessary creation of a negative perception of NetBSD.
Even if people don't run named they'll look at NetBSD "-stable" and see
that it was just "upgraded" to the oldest and least supported version
available and they'll wonder if maybe there's also a whole lot of
bit-rot in the other parts of NetBSD that they do run. I don't believe
in trying to use things like "market share" to measure the success of
free software, but the negative perceptions that grow from this kind of
thing are quite another matter.
In the mean time I guess I should have started out by asking why
BIND-8.4.x wasn't brought into -current much sooner too. I had thought
it was, but sadly I see I was mistaken. If it had been then pulling it
up to the netbsd-1-6 branch, even back at 8.4.1, would have been a
no-brainer, as would updating both trunk and netbsd-1-6 to 8.4.3 for a
security release. Too bad there is still some bogus use of "cvs import"
in the NetBSD repository too -- it certainly doesn't help any in this
case! What an ugly mess that revision history has turned into!
Greg A. Woods
+1 416 218-0098 VE3TCP RoboHack <firstname.lastname@example.org>
Planix, Inc. <email@example.com> Secrets of the Weird <firstname.lastname@example.org>