Information Security News mailing list archives
Re: BIND Flaws Reignite Security Debate
From: InfoSec News <isn () c4i org>
Date: Wed, 20 Nov 2002 01:57:45 -0600 (CST)
Forwarded from: Felix von Leitner <felix-isn () fefe de> Thus spake InfoSec News (isn () c4i org):
The ISC told him that they wanted to make sure that the right audience had the patches first.
Am I the only one who thinks this reeks of extortion? This is by the way not the only questionable behaviour from the BIND company; see http://cr.yp.to/djbdns/axfr-clarify.html for a further example.
In an e-mail interview, Brennen said he chose not to pay the fee to join the early announcement list and is now preparing to remove BIND from his environment.
Well, to be fair even the BIND company says BIND 8 sucks and you should not used it. On the other hand, it is used on the root server the ISC houses. Mhh. I think we as security experts should educate the public that this kind of extortion and blackmail is not a sign of trustworthy software and should not be tolerated. After all, not being hold hostage by one vendor is exactly the key strength of the open source movement. Finally, You have the choice! Use it wisely! Felix - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- BIND Flaws Reignite Security Debate InfoSec News (Nov 18)
- <Possible follow-ups>
- Re: BIND Flaws Reignite Security Debate InfoSec News (Nov 20)