Preferential notice of new versions
J Bacher
jb at jbacher.com
Sun Feb 4 14:54:19 UTC 2001
> As far as I can tell, ISC did not say they would stop distributing patches
> through the same methods used now. If you don't want to pay, you will
> get the exact same patches, through the exact same methods you get them
> now. Which is pretty good for "free" software. If you get BIND via a
> vendor distribution, such as AIX, Solaris, OSF/1, Redhat, etc; your support
> channels will not change.
>
> I suspect the reality will be those companies paying ISC for "advanced
> notice" will get some warm fuzzy feelings, and let management feel
> they've done something. But it doesn't alter the fact the software
> had a vulnerability, and someone else could have found the hole long
> before any advanced notice is issued by ISC. How many folks will now
> query the root-name servers CHAOS version numbers looking for a change.
A couple of points on these issues:
1) Noone has suggested that the current public distribution would go
away. What has been a point of concern is that the public may have to
wait [too long?] for vendors to get their act together and publish patches
before the new release hits the general distribution. A good many
companies don't rely on vendor patches.
2) Advanced notice has been called "paranoia" and "warm fuzzy". What it
really is -- is the opportunity to have a bit of time for planning instead
of engaging the gears for emergency mode.
More information about the NANOG
mailing list