[34377] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: Reasons why BIND isn't being upgraded

daemon@ATHENA.MIT.EDU (Joe Rhett)
Sun Feb 4 00:30:11 2001

Date: Sat, 3 Feb 2001 20:30:13 -0800
From: Joe Rhett <jrhett@isite.net>
To: J Bacher <jb@jbacher.com>
Cc: Jeffrey Meltzer <meltzer@villageworld.com>, nanog@merit.edu
Message-ID: <20010203203013.F8206@isite.net>
Mail-Followup-To: J Bacher <jb@jbacher.com>,
	Jeffrey Meltzer <meltzer@villageworld.com>, nanog@merit.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.OSF.4.21.0102032056320.5432-100000@ns.shawneelink.net>; from jb@jbacher.com on Sat, Feb 03, 2001 at 08:58:38PM -0600
Errors-To: owner-nanog-outgoing@merit.edu


> > > I'm confused.  I get the TLD server operators part.  But you're saying
> > > that you'd only give OS vendors access to this information.  How long does
> > > it take, say, Sun, to issue a patch update?  Wouldn't it be much more
> > > efficient, and useful, to issue the information directly to the people
> > > using the software?  How many people actually use the default vendor
> > > binaries anyways?
> >  
> > Just about every very large company that I've ever worked with. Also,
> > having spent numerous years working the NAVSEA and other Pentagon systems,
> > you are explicitly not permitted to install anything other than a
> > vendor-provided patch.
> > 
> > My god, are there really this many idiots out there that don't grasp how
> > the world works?
> 
> Good.  Reduce yourself to insults and don't even answer the [first]
> question.

You're right about the insult, but the point remains -- it doesn't matter
how long Sun takes. He isn't changing how the security information gets to
the world, he's providing Sun a support channel for assistance integrating
the security fix. 

In my experience (being a paying Sun support contract customer) I've gotten
security fixes from Sun in a time range from 2-6 hours. 6 hours was the
longest time that I've experienced from handing them a security flaw they
didn't know about until I had a valid patch in my hands.

On a closed circuit channel for security updates.

-- 
Joe Rhett                                         Chief Technology Officer
JRhett@ISite.Net                                      ISite Services, Inc.

PGP keys and contact information:          http://www.noc.isite.net/Staff/
home help back first fref pref prev next nref lref last post