rick.jones2 at hp.com
Tue Jun 14 17:22:07 UTC 2011
On Tue, 2011-06-14 at 00:38 +0000, Paul Vixie wrote:
> > From: Rick Jones <rick.jones2 at hp.com>
> > Date: Mon, 13 Jun 2011 15:43:20 -0700
> > And if there is simply a workaround, how does BIND know it has the
> > workaround in place when it still sees its version in the list of the
> > vulnerable? (Or does not see its version in the not known to be
> > vulnerable list?)
> the workaround problem is not as interesting to me; if someone knows they
> are vulnerable then they should upgrade as soon as possible and should "red
> flag" that installation until the upgrade is complete. workarounds don't
> necessarily "stick", another operator may come later and revert the config.
Difficult question I suppose, but how long is the piece of string from
discovery to workaround and then to fix? In particular how long is it
usually from workaround to fix? If it is typically more than, oh, I'll
just pull 36 hours from the ether one would seem to run the very real
"Oh, *that* log message. It is always going-off. Just disable it."
Or would you only raise the red flag when the fix was available?
More information about the bind-workers