From: Adam Rothschild [mailto:asr@latency.net]
Sent: Saturday, February 03, 2001 1:20 PM
Why not just notify everyone at once? That way, when vulnerabilities
are discovered, people can take whatever action they deem appropriate
to protect their infrastructure (write/release their own set of BIND
patches? upgrade to djbdns? decide DNS is too daunting to manage
in-house, and outsource to Nominum or UltraDNS instead?), rather than
remain vulnerable, pending an official announcement from the
appropriate sources.
Perhaps I'm missing something, isn't that what ISC does on the web-site
already?