Given that the end nodes have to be updated to make things better, it seems that the best solution is to motivate them to upgrade the software (it isn't exactly a difficult task) so that the problem of changing root addresses (and lots of others) mostly goes away.
One thing I noticed about the beta versions of Netscape that was quite annoying at first: they expired. However, they succeeded in forcing me to upgrade my software. Has anyone thrown around the idea of having freeware servers expire (or at least give you lots of warnings/errors). I'm not talking about every 3 months like Netscape, but every couple of years. I know this sounds dangerous from a production standpoint, but having unpatched versions of sendmail x, etc around is also dangerous. Nowadays, compromised security on another system often forces one to track down denial of service attacks from that system. You can always bandaid the problem (except possibly with mail or ntp'ed systems) by changing the date on the systems. And you can always make available "grandfathered" versions that run after the expire date for those people that absolutely have to run the old version. (or let the people change their own source code) Better yet, make it a compile time flag and let the people that want a nonexpiring version change it. Most people use the default on everything anyways (and those are the people that will never upgrade or patch their software). allan allan@bellsouth.net