nanog mailing list archives
Preferential notice of new versions
From: Sean Donelan <sean () donelan com>
Date: 3 Feb 2001 19:10:23 -0800
On Sat, 03 February 2001, Joe Rhett wrote:
Just about every very large company that I've ever worked with. Also, having spent numerous years working the NAVSEA and other Pentagon systems, you are explicitly not permitted to install anything other than a vendor-provided patch.
This may explain why Pentagon systems got hit with 250,000+ (depending on whose numbers you believe) intrusions last year, almost all through "known" vulnerabilities which had not been patched. Perhaps the Pentagon would have fewer intrusions if they fixed their systems instead of waiting for vendor-provided $700 toilet seat patches. As far as I can tell, ISC did not say they would stop distributing patches through the same methods used now. If you don't want to pay, you will get the exact same patches, through the exact same methods you get them now. Which is pretty good for "free" software. If you get BIND via a vendor distribution, such as AIX, Solaris, OSF/1, Redhat, etc; your support channels will not change. I suspect the reality will be those companies paying ISC for "advanced notice" will get some warm fuzzy feelings, and let management feel they've done something. But it doesn't alter the fact the software had a vulnerability, and someone else could have found the hole long before any advanced notice is issued by ISC. How many folks will now query the root-name servers CHAOS version numbers looking for a change. If you are a clever programmer, I'm sure you can fix all the flaws in the BIND code yourself, and you never need to pay ISC a penny.
Current thread:
- Preferential notice of new versions Sean Donelan (Feb 24)
- Re: Preferential notice of new versions Joe Rhett (Feb 24)
- Re: Preferential notice of new versions J Bacher (Feb 24)
- <Possible follow-ups>
- Re: Preferential notice of new versions Jeffrey Meltzer (Feb 24)
- Re: Preferential notice of new versions Joe Rhett (Feb 24)
- Re: Preferential notice of new versions Adam Rothschild (Feb 24)
- Re: Preferential notice of new versions Jimmy Kyriannis (Feb 24)
- Re: Preferential notice of new versions Joe Rhett (Feb 24)
- Re: Preferential notice of new versions Jeffrey Meltzer (Feb 24)
- Re: Preferential notice of new versions Joe Rhett (Feb 24)
- Re: Preferential notice of new versions Sean Donelan (Feb 24)
- Re: Preferential notice of new versions jlewis (Feb 24)
(Thread continues...)