Is Bind still broken?
Kevin Darcy
kcd at daimlerchrysler.com
Wed Nov 20 02:10:42 UTC 2002
dns wrote:
> on "11-19-2002" "Kevin Darcy" writ:
>
> : Hey, you get what you pay for. If you don't pay anything, what are your
> : grounds for complaint?
>
> .... how about:
>
> NO FAIR WARNING
>
> isc was at least remiss, in not making it 'perfectly' clear that
> security fixes, et al, go 'first' to those who pay. at least then,
> my system security a 'choice' of mine, not someone else.
Well, "perfect" is a pretty high standard. But, check out
http://marc.theaimsgroup.com/?l=bind-announce&m=98126980802945&w=2 for
Pauls' FAQ on the subject. Perhaps you missed it the first time around...
> for those with an appreciation of the absurd:
>
> with bind, 'you' have to pay to discover the latest security problem.
Incorrect. I know about the security problem without having paid a dime.
> with djbdns, 'they' pay if you can find one ...
Yeah, what's really absurd is that DJB only pays out if, in his sole
discretion, he *agrees* that his software has a security hole. It's quite
absurd that an academic would totally miss the point and/or necessity of
"peer review" (or perhaps DJB doesn't think he *has* any peers in this
area).
But, this is a BIND list, so we're drifting off-topic.
- Kevin
More information about the bind-users
mailing list