PRE-ANNOUNCEMENT: BIND-Members Forum
David R. Conrad
david.conrad at nominum.com
Thu Feb 1 01:46:01 UTC 2001
Larry,
At 07:30 PM 1/31/2001 -0600, Larry Sheldon wrote:
>I do not welcome the prospect that my vendor might know about the problem
...
The situation you do not welcome exists now, albeit the list of
organizations contacted is maintained by CERT. What I gather Paul is
suggesting is that the list is maintained by ISC, not CERT.
> > Or do you believe the appropriate solution to this problem is to tell
> > everyone at once and hope the product and service vendors are faster than
> > the exploit writers?
>That will do for "patronizing" while we wait for somebody that is really good
>at it to come along.
It was not intended as patronizing -- it was an honest question. There are
people who believe that by making security issues public immediately
strongly encourages folks to come up with solutions faster than they would
otherwise. It is a valid position, albeit not one I agree with.
Rgds,
-drc
More information about the bind-users
mailing list