[moving to the ML] On Sat 23 Mar 2024 at 06:14am -04, Roberto C. Sánchez wrote: > If you happen to need any help or review, I have worked on some > complex issues for bind9 in the past and I would be happy to assist. I've started looking at the first vulnerability, CVE-2023-4408, and have some confusions/questions. The ISC website that 9.11 is EOL as of March 2022. But there is a lot of activity on the 9.11 branch, including a fix for this CVE. Are we generally able to assume that changes are intended not to break anything for users? For example, commit 2fc28056b3 is a backport of API changes, and I can do the work to *confirm* that they don't appear to break anything for users, but I wouldn't like to rely on my own *discovery* as to whether they might break anything. At any point did you consider just backporting snapshots of upstream's 9.11 branch into LTS? Do you know if any other vendors do that? I'm wondering if, on balance, that might be safest -- if, that is, upstream are indeed not intending to break anything. Finally, do you you have any notes on testing? Thanks. -- Sean Whitton
Attachment:
signature.asc
Description: PGP signature