[34328] in North American Network Operators' Group
Re: Reasons why BIND isn't being upgraded
daemon@ATHENA.MIT.EDU (Paul Vixie)
Sat Feb 3 13:27:01 2001
To: nanog@merit.edu
From: Paul Vixie <vixie@mfnx.net>
Date: 03 Feb 2001 10:24:58 -0800
In-Reply-To: patrick@cybernothing.org's message of "2 Feb 2001 08:56:06 -0800"
Message-ID: <g33ddv4oat.fsf@redpaul.mfnx.net>
Errors-To: owner-nanog-outgoing@merit.edu
patrick@cybernothing.org (Patrick Greenwell) writes:
> > hiding it DOES however make it harder for people (including network owners)
> > to do surveys.
>
> By the same token one might argue that atempting to hide vunerabilities
> to those paying you for "early warnings" doesn't help at all.
Wrt the bind-members forum being discussed to death elsewhere, nobody can pay
for early warnings. CERT will still be the source of early earnings. What
people can pay for (bind-members participation) is the legal fees associated
with NDA-level access to early fixes, if and only if they provide part of the
internet's basic infrastructure (e.g., OS vendors and TLD server operators).
> Just something to consider.
I promise that ISC considered everything which was relevant, which your
claim above is emphatically not. (Thanks for the FUD though.)
