North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Preferential notice of new versions

  • From: jlewis
  • Date: Sun Feb 04 13:44:15 2001

On 4 Feb 2001, Sean Donelan wrote:

> It seems pretty clear if you don't pay, you receive exactly the same
> advisories you receive now.  No more, no less, no sooner, no later.
>
> CERT has always told a few other groups about vulnerabilities prior to
> their public release of advisories (vendors, some affected parties, etc).

The odd thing is, I think Paul said past and future security notifications
have been and will be distributed via CERT (to non-bind-members).  I could
be wrong, but I don't think I've ever gotten initial notification of a
BIND security problem from CERT.  Heck...even this most recent one was
first publicized via nanog several days before the CERT notification.

Obviously, if the masses have to wait for CERT, we will be getting later
notification than in the past.

-- 
----------------------------------------------------------------------
 Jon Lewis *[email protected]*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________