The question is how can we as an interdependent industry close the gaps of the "Bubba" SPs and their software upgrade policies?
The depends upon your definition of a "Bubba SP" I guess. Does that mean small? If so we might qualify. Or does "Bubba" mean not listening to lists like this?
That being said, is there anyone keeping metrics of what upgrades have been done so far?
Like everyone else (I hope!) we're tracking progress in *our* network. The hard part, besides flogging reluctant server owners, is that some OS' are still lacking in "official" patches. Apple for example. Not a peep from them, and as you would expect those server owners are not the sort to install anything unless it shows up in their Software Update app. Has anyone heard any ETA on a patch from Cupertino? Short of unplugging customers there's not much we can do with those... except wait.
OARC is also coordinating a notification effort in conjunction with lawrence baldwin of MyNetWatchman.
We've seen those at our "abuse@" account, and they are helpful. Keep sending them. If we qualify as "bubba" that works.
Personally, I see this event as major driver for deploying dnssec.
Agreed. Patching is just a band-aid and this really needs to be an amputation. --chuck "On any given day, there's always something broken somewhere. In DNS, there's always something broken everywhere." --Paul Vixie @ 4:20 PM 3/31/07, on NANOG