Re: Reasons why BIND isn't being upgraded

[Joe Rhett <jrhett () isite net>]

> > > I'm confused.  I get the TLD server operators part.  But you're saying
> > > that you'd only give OS vendors access to this information.  How long does
> > > it take, say, Sun, to issue a patch update?  Wouldn't it be much more
> > > efficient, and useful, to issue the information directly to the people
> > > using the software?  How many people actually use the default vendor
> > > binaries anyways?
> >  
> > Just about every very large company that I've ever worked with. Also,
> > having spent numerous years working the NAVSEA and other Pentagon systems,
> > you are explicitly not permitted to install anything other than a
> > vendor-provided patch.
> >
> > My god, are there really this many idiots out there that don't grasp how
> > the world works?
>
> Good.  Reduce yourself to insults and don't even answer the [first]
> question.

You're right about the insult, but the point remains -- it doesn't matter
how long Sun takes. He isn't changing how the security information gets to
the world, he's providing Sun a support channel for assistance integrating
the security fix. 

In my experience (being a paying Sun support contract customer) I've gotten
security fixes from Sun in a time range from 2-6 hours. 6 hours was the
longest time that I've experienced from handing them a security flaw they
didn't know about until I had a valid patch in my hands.

On a closed circuit channel for security updates.

-- 
Joe Rhett                                         Chief Technology Officer
JRhett () ISite Net                                      ISite Services, Inc.

PGP keys and contact information:          http://www.noc.isite.net/Staff/