[34294] in North American Network Operators' Group
Re: Reasons why BIND isn't being upgraded
daemon@ATHENA.MIT.EDU (Bill Woodcock)
Fri Feb 2 12:04:37 2001
Date: Fri, 2 Feb 2001 09:02:16 -0800 (PST)
From: Bill Woodcock <woody@zocalo.net>
To: Patrick Greenwell <patrick@cybernothing.org>
Cc: nanog@merit.edu
In-Reply-To: <Pine.BSF.4.21.0102020847130.38021-100000@localhost>
Message-ID: <Pine.SOL.3.96.1010202085811.27849R-100000@secure>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, 2 Feb 2001, Patrick Greenwell wrote:
> By the same token one might argue that atempting to hide vunerabilities
> to those paying you for "early warnings" doesn't help at all.
Not at all... If you're trying to hide a vulnerability by lying about
your version number, that presupposes generally-held knowledge of an
association between a vulnerability and a version number.
"Early warning" is specifically a means of delaying the general
availability of knowledge of that association.
These are temporally sequential states. Not comparable strategies within
the same context.
-Bill
