[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bind 8 bug experience
> Three bugs in bind 4 and 8 were announced this morning, November 12.
> At least one has the possibility of arbitrary code execution
[. . .]
> I don't know of a similar incident when the known patches to such a
> serious problem were withheld by a software provider.
Speaking for myself, I never expected anything different. In my
experience, when security information is restricted, the people who
have it aren't particularly concerned about getting it to the people
who don't. More than a year and a half ago, when I saw ISC's message
indicating that security information about BIND would be withheld
from the public, I removed BIND from all my systems and installed
Particularly ironic in light of ISC's apparent delay in releasing
patches is this from the BIND Member Forum FAQ:
Q: So the bind-members Forum programme does not restrict or delay any
access to which the industry has become accustomed?
The documents referred to are archived at: