Reasons why BIND isn't being upgraded

Paul Vixie vixie at mfnx.net
Sat Feb 3 18:24:58 UTC 2001


patrick at cybernothing.org (Patrick Greenwell) writes:

> > hiding it DOES however make it harder for people (including network owners)
> > to do surveys.
> 
> By the same token one might argue that atempting to hide vunerabilities 
> to those paying you for "early warnings" doesn't help at all.

Wrt the bind-members forum being discussed to death elsewhere, nobody can pay
for early warnings.  CERT will still be the source of early earnings.  What
people can pay for (bind-members participation) is the legal fees associated
with NDA-level access to early fixes, if and only if they provide part of the
internet's basic infrastructure (e.g., OS vendors and TLD server operators).

> Just something to consider.

I promise that ISC considered everything which was relevant, which your
claim above is emphatically not.  (Thanks for the FUD though.)




More information about the NANOG mailing list