JL> Date: Wed, 26 Mar 2003 13:00:57 -0500 (EST) JL> From: Jon Lewis JL> How hard would it be to have bind do some sort of secure.bind.isc.org JL> query at start-up or perhaps even periodically and have it log lots of JL> warnings or refuse to run if the query comes back and tells it the local JL> version has been deferred due to security updates? One obvious problem Not hard. Again, I'm in favor of refusing to run... I've encountered waaay too many "I click <OK> and it works" people. JL> with this would be that certain vendors prefer to backport security fixes JL> to older versions rather than test and release new versions...so an If they're backporting, they can add their own checks. If they break the version checking, then they become the vendor with the broken software. JL> insecure-looking version string may actually have had fixes applied. JL> Perhaps the query could be for a timestamp that's defined in the source JL> with the assumption that any code older than the most recent security JL> update must be insecure. This would make a good second/additional/whatever check. Eddy -- Brotsman & Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 (785) 865-5885 Lawrence and [inter]national Phone: +1 (316) 794-8922 Wichita ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <blacklist@brics.com> To: blacklist@brics.com Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <blacklist@brics.com>, or you are likely to be blocked.