North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Reasons why BIND isn't being upgraded

  • From: mdevney
  • Date: Sat Feb 03 18:15:22 2001


On 3 Feb 2001, Paul Vixie wrote:

> 
> [email protected] (Patrick Greenwell) writes:
> 
> > > hiding it DOES however make it harder for people (including network owners)
> > > to do surveys.
> > 
> > By the same token one might argue that atempting to hide vunerabilities 
> > to those paying you for "early warnings" doesn't help at all.
> 
> Wrt the bind-members forum being discussed to death elsewhere, nobody can pay
> for early warnings.  CERT will still be the source of early earnings.  What
> people can pay for (bind-members participation) is the legal fees associated
> with NDA-level access to early fixes, if and only if they provide part of the
> internet's basic infrastructure (e.g., OS vendors and TLD server operators).
> 
The category "OS vendors" gets a little fishy... Do Linus Torvalds and
Alan Cox get on the list if they sign the NDA?  How about Patrick
Volkerding?  Someone like Microsoft or Sun obviously qualifies, but with
respect to Open Source OSes, fact is *everyone* is an OS vendor at some
level.  

This is my main objection to the proposed private list: That it assumes
everything is done from a couple centralized sources, such as companies
like Microsoft or Sun.  This is decidedly not true.


> > Just something to consider.
> 
> I promise that ISC considered everything which was relevant, which your
> claim above is emphatically not.  (Thanks for the FUD though.)
> 
Now I wonder if my thoughts are relevant.


Matthew Devney