PRE-ANNOUNCEMENT: BIND-Members Forum
Christine Tran
Christine.Tran at east.sun.com
Wed Jan 31 23:28:59 UTC 2001
>Who said anything about "no more open source"? Paul's message
>described creating a small forum in which possible and actual
>vulnerabilities in BIND could be announced. I assume this is to
>give vendors and large name server operators a head start on
>patching their BIND code before the details of a vulnerability
>become widely known.
This is not an open source but a full/partial disclosure issue.
Marcus Ranum ignited this issue at DEF CON 8 keynote last year.
I don't get why the non-paying public should wait for bug details
when the software is free for all. Free software, free bug fix.
This consortium doesn't assure quick or even timely response, and the
Sun tikki gods will probably strike me down for saying this in a public
forum but Sun released Security Bulletin #194 in response to
CERT Advisory CA-99-14 at the end of March 2000. Is it ISC's
intention to give vendors 4 month's headstart before the rest us gets
a chance? I don't like that NDA stuff either.
CT
More information about the bind-users
mailing list