linux-admin.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* BIND:  Intentional Security Compromise ..
@ 2002-11-15 22:14 terry white
  2002-11-16  0:09 ` Milan P. Stanic
  0 siblings, 1 reply; 2+ messages in thread
From: terry white @ 2002-11-15 22:14 UTC (permalink / raw)
  To: linux-admin


... for them what care:

    remotely exploitable vulnerabilities have been found in bind 4 and 8.
from my reading, it appears this known by 10-23-2002 at the 'latest'.
the announcement maybe a week ago, and a fix showed up (publicly)
yesterday.

    on another list, i complained that isc's paying customers got
preferential security fixes.  in response to that complaint, i told
the practice documented in their (isc's) archives.
    for those of us with an interest in 'system security', being told
that it depends on a willingness to pay, is one thing.  having to search
for that information another.  isc's unwillingness to make the
association between 'security and money' obvious, seems unscrupulous.

    from a security standpoint, djbdns sets a dns standard.  by
implication, bind sub-standard.  given the above, users of bind have to
pay to get the "very best" sub-standard dns.  the only problem with
djbdns is their attitude about 'having' to deal with users.  unless
you've read all the documentation, you can 'eat shit and die'.  isc on
the other hand offers user friendly list support, much like this one.

    i've never had a problem with having to build bind when security
problems required it, shit happens.  and my confidence not all that
assaulted.  but there is something 'wrong' about the way isc has handled
this latest, and i think it may well hurt them in the long run.

    the long and the short of it is this:

    global dns security is not isc's primary interest ...


-- 
... i'm a man, but i can change,
    if i have to , i guess ...




^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: BIND:  Intentional Security Compromise ..
  2002-11-15 22:14 BIND: Intentional Security Compromise terry white
@ 2002-11-16  0:09 ` Milan P. Stanic
  0 siblings, 0 replies; 2+ messages in thread
From: Milan P. Stanic @ 2002-11-16  0:09 UTC (permalink / raw)
  To: linux-admin

On Fri, Nov 15, 2002 at 02:14:05PM -0800, terry white wrote:
[...]
>     for those of us with an interest in 'system security', being told
> that it depends on a willingness to pay, is one thing.  having to search
> for that information another.  isc's unwillingness to make the
> association between 'security and money' obvious, seems unscrupulous.
[...]
>     global dns security is not isc's primary interest ...
 
If software works flawlessly and doesn't have security holes who will
pay for "support" (or anything like that) ;-)

BIND = remote shell for years

Milan

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-11-16  0:09 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-11-15 22:14 BIND: Intentional Security Compromise terry white
2002-11-16  0:09 ` Milan P. Stanic

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).