Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Reasons why BIND isn't being upgraded

  • From: mdevney
  • Date: Sat Feb 03 18:15:22 2001

On 3 Feb 2001, Paul Vixie wrote:

> (Patrick Greenwell) writes:
> > > hiding it DOES however make it harder for people (including network owners)
> > > to do surveys.
> > 
> > By the same token one might argue that atempting to hide vunerabilities 
> > to those paying you for "early warnings" doesn't help at all.
> Wrt the bind-members forum being discussed to death elsewhere, nobody can pay
> for early warnings.  CERT will still be the source of early earnings.  What
> people can pay for (bind-members participation) is the legal fees associated
> with NDA-level access to early fixes, if and only if they provide part of the
> internet's basic infrastructure (e.g., OS vendors and TLD server operators).
The category "OS vendors" gets a little fishy... Do Linus Torvalds and
Alan Cox get on the list if they sign the NDA?  How about Patrick
Volkerding?  Someone like Microsoft or Sun obviously qualifies, but with
respect to Open Source OSes, fact is *everyone* is an OS vendor at some

This is my main objection to the proposed private list: That it assumes
everything is done from a couple centralized sources, such as companies
like Microsoft or Sun.  This is decidedly not true.

> > Just something to consider.
> I promise that ISC considered everything which was relevant, which your
> claim above is emphatically not.  (Thanks for the FUD though.)
Now I wonder if my thoughts are relevant.

Matthew Devney

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.