i see that a lot of folks are responding publically. sorry to spawn a thread. niels=nanog@bakker.net (Niels Bakker) writes:
So how much would this differ from `make install' running this shell script?
most bind installations are prefab -- the come with the operating system and there's no "make install" done after the host has a name. christian.kuhtz@BellSouth.com ("Kuhtz, Christian") writes:
Administrator inertia is the root cause. I don't see how an automatism such as the one described changes human behavior. And unless you change that inertia, no amount of notification, databases, registries, yada yada yada will make any difference.
this argues for time bombs, where the software will stop working after it detects some condition (too much time has passed, or an advertisement for newer software is seen, or a vulnerability notice is seen). this would be wildly unpopular, contrary to the open source philosophy, and never adopted. roque@sbcglobal.net (Pedro R Marques) writes:
If you want to address this issue my suggestion would be to make BIND automatically update itself... and option that needs to default to ON and that can be disabled in managed systems where admins are expected to read CERT and act upon it.
this solution implies a trust relationship between a server operator and the software provider which in fact never exists in reality. even my microsoft sysadmin friends carefully eyeball any "software update" patch before they'll put it on production iron. then there's the local customization issue -- and the binary problem, since many name server hosts do not have compilers. again this would be contrary to the open source philosophy. *** i don't want to have this be bimodal (run binaries from someone you're required to trust, or else run source and be out of date most of the time) since neither mode is interesting or useful. i do agree that other open source packages (openssl for example, or apache) would benefit from a good answer to the "how to get folks to upgrade" question. however, i'm not sure a single answer will fit all packages. having the server check for updates and issue local mail is appealing, but i'm more concerned about MIM when fetching update information than i am with simply registering package version numbers, hosts, and e-mail addresses. -- Paul Vixie