The odd thing is, I think Paul said past and future security notifications have been and will be distributed via CERT (to non-bind-members). I could be wrong, but I don't think I've ever gotten initial notification of a BIND security problem from CERT. Heck...even this most recent one was first publicized via nanog several days before the CERT notification.
Paul has repeatedly stated that nothing will change about how notifications are done, thus you can probably expect to see a notification here in advance of CERT. Note that I'm not speaking for Paul, ISC, etc. -- Joe Rhett Chief Technology Officer JRhett@ISite.Net ISite Services, Inc. PGP keys and contact information: http://www.noc.isite.net/Staff/