how to get people to upgrade? (Re: The weak link? DNS)

Simon Lyall simon.lyall at ihug.co.nz
Wed Mar 26 21:55:08 UTC 2003


On Wed, 26 Mar 2003, E.B. Dreger wrote:
> PV> From: Paul Vixie
> PV> appealing, but i'm more concerned about MIM when fetching
> PV> update information than i am with simply registering package
> PV> version numbers, hosts, and e-mail addresses.
>
> Distribute BIND with public key.  Updates are encrypted or signed
> with its counterpart.

But don't distributors already provide this service? Several Linux
distributions (at least Redhat and Debian) and Unix companies (Sun
at least) already provide [semi-]automatic updates of packages like bind.
Just look at the vendor list in the average CERT notice.

Someone who downloads, compiles and installs bind directly from the ISC
is already indicating that they want to go beyond the safe vendor supplied
version thats good-enough for 99% of people.

I'm also worried about any concept of trying to "force" people to upgrade,
even with bind I use some features (namely an external named-xfer program)
of bind v8 that arn't available in bind v9 . For the servers which I need
this on I run bind 8.3.3 (Vendor backported with the 8.3.4 fixes) of copy
the named-xfer program over to the bind 9 box.

-- 
Simon Lyall.                |  Newsmaster  | Work: simon.lyall at ihug.co.nz
Senior Network/System Admin |  Postmaster  | Home: simon at darkmere.gen.nz
Ihug Ltd, Auckland, NZ      | Asst Doorman | Web: http://www.darkmere.gen.nz




More information about the NANOG mailing list