phoning home

Paul Vixie vixie at isc.org
Mon Jun 13 22:22:47 UTC 2011


> From: Rick Jones <rick.jones2 at hp.com>
> Date: Mon, 13 Jun 2011 15:11:56 -0700
> 
> > a week ago <http://www.isc.org/software/bind/advisories/cve-2011-1910>
> > came out and i realized that it was time for bolder steps.  our installed
> > base is worldwide and we are the dominant DNS platform.  at some point
> > the needs of the many (to be protected against the effects and side
> > effects of these vulnerabilities) outweigh the needs of the few (to avoid
> > being annoyed by syslog'd vulnerability notices.)
> 
> baby steps and all, but doesn't that line of reasoning lead to a call
> for BIND to automagically update itself?

well, yes, but what i've found by running "firefox" on my unix desktops and
laptops is that when it wants to "automagically update itself" i end up with
a browser binary in my home directory since it has no permissions to update
the binary in /usr/local.  i *think* this is trying to tell us that this sort
of update must be left to the OS and the OS's vendor, and that what we need
is only a way to trigger this and not a way to accomplish it.



More information about the bind-workers mailing list