mgraff at isc.org
Mon Jun 13 22:12:58 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
On 6/13/11 4:21 AM, Jim Reid wrote:
> I'm not convinced that getting BIND to phone home (when? how often?) is
There is one reason: it is useful for ISC to know what versions of BIND
are actually in use "in the wild" when we run into a security hole or
protocol edge case.
It is very, very hard to judge the severity of security events when we
cannot even know who our customers are, or how popular an affected
release actually is. It would be extremely useful to have a way to
insert a message indicating that a given version is out of date with
respect to current versions into logs to try to reach people. Beyond
that, it would be good to know the population of BIND 9.4.2 (for
instance) so we know if we should also patch that, or at least worry
I'd make all version reporting anonymous, and all log messages generic.
I have no intent of using this as a marketing back-channel.
Many software products use some form of phone home / version reporting
technology. If this question had been asked 5 years ago we'd get a very
different answer than we did now.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the bind-workers