Merge lp://qastaging/~yolanda.robla/ubuntu/saucy/bind9/server_banner into lp://qastaging/ubuntu/saucy/bind9

Hi Yolanda

Quick question - is this correct?

54 +if test -x /usr/bin/lsb_release; then
55 + BIND9_DISTRIBUTION="BIND9_DISTRIBUTION=$(lsb_release -si)"
56 +else

The inclusion of BIND9_DISTRIBUTION= within the "" looked odd to me?

It's ok, the way that it works is that it defines a var called BIND9_DISTRIBUTION, with the key=value content in it.
Then, it can be replaced literally, using the ${BIND9_DISTRIBUTION} tag.

It replaces ${BIND9_DISTRIBUTION} with BIND9_DISTRIBUTION="Ubuntu" in our case. And this can be used in the code later.

IMHO, it's better to use DEB_VENDOR

. /usr/share/dpkg/vendor.mk

will define

$(DEB_VENDOR)

variable in the debian/rules, and then use that to pass it to configure. Ideally configure.in would allow to override that variable. This avoids lsb-release dependency, as well as properly attributes ubuntu derivatives (e.g. Mint, etc.).

Maybe call lsb-release, if BIND9_DISTRIBUTION is not defined?

In other package i'm trying to do it like that:
+DISTRIBUTION := $(shell dpkg-vendor --query vendor)

Do you think it can be an alternative?

recheck

Thanks for your patch! :)

This merge is attempting to change something like this:
$ host -c chaos -t txt version.bind <server>
...
version.bind descriptive text "9.9.2-P1"

to:
$ host -c chaos -t txt version.bind <server>
...
version.bind Ubuntu "9.9.2-P1"

but the patch is wrong, because it changes the 'descriptive text' in the dig command itself, not what is returned by the server. Eg:

On the machine with the updated bind9 packages:
$ host -c chaos -t txt version.bind 127.0.0.1
...
version.bind Ubuntu "9.9.2-P1"
$ host -c chaos -t txt version.bind ns1.canonical.com
...
version.bind Ubuntu "9.8.1-P1"

On some other machine:
$ host -c chaos -t txt version.bind <server with updated bind>
...
version.bind descriptive text "9.9.2-P1"
$ host -c chaos -t txt version.bind ns1.canonical.com
...
version.bind descriptive text "9.8.1-P1"

I think you'd be better off updating the version if you were going to pursue this so that the server returns something like this instead:
$ host -c chaos -t txt version.bind <server with updated bind>
...
version.bind descriptive text "Ubuntu 9.9.2-P1"

However, https://blueprints.launchpad.net/ubuntu/+spec/servercloud-s-server-app-banner-updates states that the rationale is 'When looking at Ubuntu Server, some services such as ssh say "Debian" rather than "Ubuntu"'. This is not the case with bind9. In fact, it doesn't even show the specific Ubuntu version. For example on saucy, I currently have 1:9.9.2.dfsg.P1-2ubuntu2 installed, but the server reports itself as 9.9.2-P1. Understanding that hiding the OS vendor from the banner can be considered security through obscurity, adding it doesn't seem hugely beneficial and I'd prefer that we not make this banner change. If you feel strongly about the change, this the sort of change that should be upstreamed to Debian, and I suggest you take it up with lamont (he is the Debian maintainer and cares for our Ubuntu packages as well) and report back the outcome.

Thanks again

Please set back to "needs review" when this is ready to merge.

My initial take on this was largely in the "Why???" category, but I see also that other distros have done this for some time, so there is no reason not to jump on the bandwagon...

Given that, -1 to this, since what needs to change is the chaos txt version, rather than what we have here.

I'll take the action item to update bind9 and get that into 9.9.3 this before 3 sep. (It is likely to be done on the weekend, though I'll glance at it tonight.)

Hi LaMont, just checking status of it. Can you confirm if it has been updated?