Reasons why BIND isn't being upgraded
Joe Rhett
jrhett at isite.net
Sun Feb 4 04:30:13 UTC 2001
> > > I'm confused. I get the TLD server operators part. But you're saying
> > > that you'd only give OS vendors access to this information. How long does
> > > it take, say, Sun, to issue a patch update? Wouldn't it be much more
> > > efficient, and useful, to issue the information directly to the people
> > > using the software? How many people actually use the default vendor
> > > binaries anyways?
> >
> > Just about every very large company that I've ever worked with. Also,
> > having spent numerous years working the NAVSEA and other Pentagon systems,
> > you are explicitly not permitted to install anything other than a
> > vendor-provided patch.
> >
> > My god, are there really this many idiots out there that don't grasp how
> > the world works?
>
> Good. Reduce yourself to insults and don't even answer the [first]
> question.
You're right about the insult, but the point remains -- it doesn't matter
how long Sun takes. He isn't changing how the security information gets to
the world, he's providing Sun a support channel for assistance integrating
the security fix.
In my experience (being a paying Sun support contract customer) I've gotten
security fixes from Sun in a time range from 2-6 hours. 6 hours was the
longest time that I've experienced from handing them a security flaw they
didn't know about until I had a valid patch in my hands.
On a closed circuit channel for security updates.
--
Joe Rhett Chief Technology Officer
JRhett at ISite.Net ISite Services, Inc.
PGP keys and contact information: http://www.noc.isite.net/Staff/
More information about the NANOG
mailing list