Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Preferential notice of new versions

  • From: J Bacher
  • Date: Sun Feb 04 09:57:14 2001


> As far as I can tell, ISC did not say they would stop distributing patches
> through the same methods used now.  If you don't want to pay, you will
> get the exact same patches, through the exact same methods you get them
> now.  Which is pretty good for "free" software.  If you get BIND via a
> vendor distribution, such as AIX, Solaris, OSF/1, Redhat, etc; your support
> channels will not change.
> 
> I suspect the reality will be those companies paying ISC for "advanced
> notice" will get some warm fuzzy feelings, and let management feel
> they've done something.  But it doesn't alter the fact the software
> had a vulnerability, and someone else could have found the hole long
> before any advanced notice is issued by ISC.  How many folks will now
> query the root-name servers CHAOS version numbers looking for a change.

A couple of points on these issues:

1)  Noone has suggested that the current public distribution would go
away.  What has been a point of concern is that the public may have to
wait [too long?] for vendors to get their act together and publish patches
before the new release hits the general distribution.  A good many
companies don't rely on vendor patches. 

2)  Advanced notice has been called "paranoia" and "warm fuzzy".  What it
really is -- is the opportunity to have a bit of time for planning instead
of engaging the gears for emergency mode.  






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.