North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Preferential notice of new versions
> As far as I can tell, ISC did not say they would stop distributing patches > through the same methods used now. If you don't want to pay, you will > get the exact same patches, through the exact same methods you get them > now. Which is pretty good for "free" software. If you get BIND via a > vendor distribution, such as AIX, Solaris, OSF/1, Redhat, etc; your support > channels will not change. > > I suspect the reality will be those companies paying ISC for "advanced > notice" will get some warm fuzzy feelings, and let management feel > they've done something. But it doesn't alter the fact the software > had a vulnerability, and someone else could have found the hole long > before any advanced notice is issued by ISC. How many folks will now > query the root-name servers CHAOS version numbers looking for a change. A couple of points on these issues: 1) Noone has suggested that the current public distribution would go away. What has been a point of concern is that the public may have to wait [too long?] for vendors to get their act together and publish patches before the new release hits the general distribution. A good many companies don't rely on vendor patches. 2) Advanced notice has been called "paranoia" and "warm fuzzy". What it really is -- is the opportunity to have a bit of time for planning instead of engaging the gears for emergency mode.
|