|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Reasons why BIND isn't being upgraded
On Sat, Feb 03, 2001 at 12:51:53PM -0800, Paul A Vixie wrote: > > Will the ISC implement similar policies with its INN and DHCP software > > in the foreseeable future, or is this something unique to BIND? > > I don't see INN or DHCP as critical to the internet's infrastructure, so, no. So, the more critical to the Internet's infrastructure software is, the more difficult it should be for non-"privledged" people to be made aware of key security announcements/patches in a timely manner? Why not just notify everyone at once? That way, when vulnerabilities are discovered, people can take whatever action they deem appropriate to protect their infrastructure (write/release their own set of BIND patches? upgrade to djbdns? decide DNS is too daunting to manage in-house, and outsource to Nominum or UltraDNS instead?), rather than remain vulnerable, pending an official announcement from the appropriate sources. -adam
|