In message <87k39qc36o....@mid.deneb.enyo.de>, Florian Weimer writes: > * Mark Andrews: > > > What's needed here is for OS maintainers to actually "maintain" > > their OS's by including maintainence releases of the software they > > are shipping and not just cherry-pick security fixes back into older > > releases. There are bugs which don't rise to the level of requiring > > a security advisary but are still critical bugs which need to fixed. > > Common lore suggests that BIND is best compiled from source, so the > impact of downstreams in this area is fairly limited. Sure, you get > the latest and greatest at the time of installation, but what happens > after that? > > As far as I understand it, this is not about some version of BIND in > Fedora failing, but issues at ISP resolvers, so Fedora's maintenance > (which actually tracks upstream fairly aggressively) doesn't come into > play.
All the OS's I am aware of issue maintenance releases. If ISC's fixes make it into them, then there is a chance that they will be picked up by the end customer. Yes there are still large numbers of end systems that follow this maintanence path. B.T.W. I was not trying to single out Fedora here as I have not checked whether they pick up the maintenance releases or just back port security advisaries. The behaviour of pack porting security fixes is pretty common. Perhaps we should start calling maintenance releases "Service Packs" as "Service Packs" seem to get installed but are essentially the same thing. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
