nanog mailing list archives

Re: Reasons why BIND isn't being upgraded


From: J Bacher <jb () jbacher com>
Date: Sun, 4 Feb 2001 09:02:10 -0600 (CST)



Good.  Reduce yourself to insults and don't even answer the [first]
question.

You're right about the insult, but the point remains -- it doesn't matter
how long Sun takes. He isn't changing how the security information gets to
the world, he's providing Sun a support channel for assistance integrating
the security fix. 

If a new distribution is available, why penalize those that don't need a
distro from a vendor to perform an upgrade?  That's the point.  Big or
small wrt to company size is irrelevant.  This question may have already
been answered but I dropped off early last night.


In my experience (being a paying Sun support contract customer) I've gotten
security fixes from Sun in a time range from 2-6 hours. 6 hours was the
longest time that I've experienced from handing them a security flaw they
didn't know about until I had a valid patch in my hands.

On a closed circuit channel for security updates.

I'm a paying customer with a different vendor.  I use my experience from
a few years ago to not rely on vendor knowledge let alone patches in
emergency mode.

The point is:  there are many companies that don't pay for vendor
support.  They may or may not be big.  Why would you or anyone else prefer
to inject criticism toward their concern for network security
(particularly in light of all of the pissing and moaning that goes on in
this list wrt to this subject) just because they do things differently
than you?



Current thread: