On 08/01/2018 19:52, Paul Wouters wrote:
On Mon, 8 Jan 2018, Hugo Salgado-Hernández wrote:
After the patch was released, how long it takes to pass downstream to common OS distros?
It depends. For instance for RHEL, it will be fixed in 7.5. But had we actually not aborted the roll, Red Hat would have done a accelerated update to fix this issue.
At this point, 4 months later, can we assume that a competent operator, with current OS with updated patches, is "safe from the rollover"?
Yes, and not only that, for this issue we could have rolled on the original date as well.
To add on this, we were also in contact with Ubuntu, Debian and FreeBSD. The distributions moved this issue with priority through their process and patches were backported to stable distributions as well as the new Unbound release ended up in new/upcoming/experimental distributions. (OpenBSD 6.2 incorporated Unbound 1.6.6.) So I would like to acknowledge the distribution maintainers for their swift actions to push the patches (backported) or the new Unbound release. Best, -- Benno -- Benno J. Overeinder NLnet Labs https://www.nlnetlabs.nl/