[18962] in bugtraq
Re: Security information for dollars?
daemon@ATHENA.MIT.EDU (Shalon Wood)
Fri Feb 2 15:20:00 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <87y9vpjkts.fsf@pele.pele.cx>
Date: Fri, 2 Feb 2001 07:06:23 -0600
Reply-To: Shalon Wood <dstar@PELE.CX>
From: Shalon Wood <dstar@PELE.CX>
X-To: Cooper <Cooper@LINUXFAN.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3A79D041.230A21C1@Linuxfan.com>
Cooper <Cooper@LINUXFAN.COM> writes:
> Now, could someone explain to me why a select list of individuals should
> get an earlier warning?
I think this is the crux of the matter. Before you can say that this
is a good idea, you first have to show that some people should get
early notice. Quite frankly, I can see a *very* strong argument in
favor of the root servers, CCTLD, &c operators getting advance
notice. I can't think of *any* good reason for anyone else to get
it. Sun, HP, IBM -- none of those are critical infrastructure.
So, my question to Paul and company is: Why *should* anyone other than
critical infrastructure get that notice? I'm willing to be convinced;
I just haven't seen an answer to this question yet. And note that
'They bitched and screamed because we didn't notify them this time'
isn't a good enough reason.
Shalon Wood
--
