BGP Experiment
Randy Bush
randy at psg.com
Sun Jan 27 00:01:38 UTC 2019
> As we've discovered after many such events, the overlap between the
> people who read those lists and the people running outdated vulnerable
> software isn't very large.
to steal from a reply to a private message:
there are a jillion folk at the edges of the net running with low end
gear, low margins, and 312 pressures. *knowingly* abusing them into an
update a week is just not reasonable ops behavior.
and, at the other extreme, big core isps have a pre-deployment test
window of six or more months. the only win here is that public
embarrassment does help to get the big vendors to give us a fix with
which to start the lab test cycle. bug reports to tac seem not to.
randy
More information about the NANOG
mailing list