Does bind8.2.3 enough?

Mon Mar 4 17:20:57 UTC 2002

>>>>> "Barry" == Barry Margolin <barmar at genuity.net> writes:

    >>  The ISC web page makes it perfectly clear which known security
    >> vulnerabilities exist in which old versions of BIND. Obviously
    >> no-one can provide that information about unknown
    >> vulnerabilities which may or may not exist. This does not mean
    >> it's OK to run old code that has known security holes plugged.

    Barry> But supposedly none of the fixes between 8.2.3 and 8.2.5
    Barry> were known security holes.

Correct. The web site and CHANGES file says so. But that *still*
doesn't mean it's OK to run old code. I gave some of the reasons for
that already. And how many times have we seen questions here about old
bugs in old code that have been fixed in the BIND current release?
It's a pity you seem to want to encourage even more of those sorts of
questions. 