Control: tags -1 +wontfix Hi,
seccomp is broken as it needs to be constantly updated to match the running kernel, so upstream is also going to remove seccomp support for subsequent releases. Henceforth it makes no sense to enable it, there are better mechanisms to protect the system. Also there was no RCE in a history of BIND 9 due to the design of BIND 9 (just a lot of crashes). Ondřej -- Ondřej Surý <[email protected]> > On 23 Jan 2018, at 19:39, Simon Deziel <[email protected]> wrote: > > Package: bind9 > Version: 1:9.11.2.P1-1 > Severity: wishlist > > Dear maintainers, > > It would be nice to enable seccomp support for bind9. Upstream added > this feature some time ago [1]. > > Thanks in advance, > Simon > > > [1] > https://deepthought.isc.org/article/AA-01177/0/BIND-9.10.1b1-Release-Notes.html > > _______________________________________________ > pkg-dns-devel mailing list > [email protected] > https://lists.alioth.debian.org/mailman/listinfo/pkg-dns-devel
