On Sat, Feb 03, 2001 at 07:10:23PM -0800, Sean Donelan typed:
As far as I can tell, ISC did not say they would stop distributing patches
through the same methods used now. If you don't want to pay, you will
get the exact same patches, through the exact same methods you get them
now.
I think the issue some of us have is ISC won't *let* you pay. It's not an
issue of wanting to. They're playing favorites, which just doesn't seem
right.
Jeff
On Sat, Feb 03, 2001 at 07:10:23PM -0800, Sean Donelan typed:
> As far as I can tell, ISC did not say they would stop distributing patches
> through the same methods used now. If you don't want to pay, you will
> get the exact same patches, through the exact same methods you get them
> now.I think the issue some of us have is ISC won't *let* you pay. It's not an
issue of wanting to. They're playing favorites, which just doesn't seem
right.
Sure they do! Try reading the website once or twice. Then you can take your
foot out of your mouth.
I did. Seems pretty clear that, unless you're a TLD server operator
or large and respected OS vendor, they don't want to provide you with
early advisories, paid or otherwise.
-adam
In the FAQ that was distributed, it was clear that anyone is welcome to pay to help support the ISC mission. However, I agree with ISC that a certain amount of priority must be given to the root and TLD servers (notice, they snuck government servers in as well at the end). This isn't to say that our security needs aren't as significant as theirs, but they are a critical part of the Internet infrastructure, and widespread dissemination of security-related info that could compromise those servers before they've had a chance to apply patches would have a global impact affecting millions, not to mention the ability of our own DNS servers to function.
Regardless, there's no point in getting bent out of shape over this - I've always understood this practice to have been going on for a very many years now, and it hasn't been rare to see the root servers running a patch release not available to the general public. Just now, however, we're seeing this practice openly stated and formalized.
Jimmy