Re: Preferential notice of new versions

[J Bacher <jb () jbacher com>]

> As far as I can tell, ISC did not say they would stop distributing patches
> through the same methods used now.  If you don't want to pay, you will
> get the exact same patches, through the exact same methods you get them
> now.  Which is pretty good for "free" software.  If you get BIND via a
> vendor distribution, such as AIX, Solaris, OSF/1, Redhat, etc; your support
> channels will not change.
>
> I suspect the reality will be those companies paying ISC for "advanced
> notice" will get some warm fuzzy feelings, and let management feel
> they've done something.  But it doesn't alter the fact the software
> had a vulnerability, and someone else could have found the hole long
> before any advanced notice is issued by ISC.  How many folks will now
> query the root-name servers CHAOS version numbers looking for a change.

A couple of points on these issues:

1)  Noone has suggested that the current public distribution would go
away.  What has been a point of concern is that the public may have to
wait [too long?] for vendors to get their act together and publish patches
before the new release hits the general distribution.  A good many
companies don't rely on vendor patches. 

2)  Advanced notice has been called "paranoia" and "warm fuzzy".  What it
really is -- is the opportunity to have a bit of time for planning instead
of engaging the gears for emergency mode.