On Sat, Feb 03, 2001 at 12:51:53PM -0800, Paul A Vixie wrote:
Will the ISC implement similar policies with its INN and DHCP software in the foreseeable future, or is this something unique to BIND?
I don't see INN or DHCP as critical to the internet's infrastructure, so, no.
So, the more critical to the Internet's infrastructure software is, the more difficult it should be for non-"privledged" people to be made aware of key security announcements/patches in a timely manner? Why not just notify everyone at once? That way, when vulnerabilities are discovered, people can take whatever action they deem appropriate to protect their infrastructure (write/release their own set of BIND patches? upgrade to djbdns? decide DNS is too daunting to manage in-house, and outsource to Nominum or UltraDNS instead?), rather than remain vulnerable, pending an official announcement from the appropriate sources. -adam