On Wed, 26 Mar 2003, E.B. Dreger wrote:
PV> From: Paul Vixie PV> appealing, but i'm more concerned about MIM when fetching PV> update information than i am with simply registering package PV> version numbers, hosts, and e-mail addresses.
Distribute BIND with public key. Updates are encrypted or signed with its counterpart.
But don't distributors already provide this service? Several Linux distributions (at least Redhat and Debian) and Unix companies (Sun at least) already provide [semi-]automatic updates of packages like bind. Just look at the vendor list in the average CERT notice. Someone who downloads, compiles and installs bind directly from the ISC is already indicating that they want to go beyond the safe vendor supplied version thats good-enough for 99% of people. I'm also worried about any concept of trying to "force" people to upgrade, even with bind I use some features (namely an external named-xfer program) of bind v8 that arn't available in bind v9 . For the servers which I need this on I run bind 8.3.3 (Vendor backported with the 8.3.4 fixes) of copy the named-xfer program over to the bind 9 box. -- Simon Lyall. | Newsmaster | Work: simon.lyall@ihug.co.nz Senior Network/System Admin | Postmaster | Home: simon@darkmere.gen.nz Ihug Ltd, Auckland, NZ | Asst Doorman | Web: http://www.darkmere.gen.nz