[34400] in North American Network Operators' Group
Re: Preferential notice of new versions
daemon@ATHENA.MIT.EDU (jlewis@lewis.org)
Sun Feb 4 13:43:26 2001
Date: Sun, 4 Feb 2001 13:41:24 -0500 (EST)
From: <jlewis@lewis.org>
To: Sean Donelan <sean@donelan.com>
Cc: <nanog@merit.edu>
In-Reply-To: <20010204091047.26695.cpmta@c004.sfo.cp.net>
Message-ID: <Pine.LNX.4.30.0102041333270.6400-100000@redhat1.mmaero.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On 4 Feb 2001, Sean Donelan wrote:
> It seems pretty clear if you don't pay, you receive exactly the same
> advisories you receive now. No more, no less, no sooner, no later.
>
> CERT has always told a few other groups about vulnerabilities prior to
> their public release of advisories (vendors, some affected parties, etc).
The odd thing is, I think Paul said past and future security notifications
have been and will be distributed via CERT (to non-bind-members). I could
be wrong, but I don't think I've ever gotten initial notification of a
BIND security problem from CERT. Heck...even this most recent one was
first publicized via nanog several days before the CERT notification.
Obviously, if the masses have to wait for CERT, we will be getting later
notification than in the past.
--
----------------------------------------------------------------------
Jon Lewis *jlewis@lewis.org*| I route
System Administrator | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
