On 4 Feb 2001, Sean Donelan wrote:
It seems pretty clear if you don't pay, you receive exactly the same advisories you receive now. No more, no less, no sooner, no later.
CERT has always told a few other groups about vulnerabilities prior to their public release of advisories (vendors, some affected parties, etc).
The odd thing is, I think Paul said past and future security notifications have been and will be distributed via CERT (to non-bind-members). I could be wrong, but I don't think I've ever gotten initial notification of a BIND security problem from CERT. Heck...even this most recent one was first publicized via nanog several days before the CERT notification. Obviously, if the masses have to wait for CERT, we will be getting later notification than in the past. -- ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________