Date: Wed, 9 Jul 2008 13:30:08 -0700 From: Chris Palmer <chris@noncombatant.org> To: Wesley Shields <wxs@FreeBSD.org>, freebsd-security@freebsd.org Subject: Re: BIND update? Message-ID: <20080709203008.GF55473@noncombatant.org> In-Reply-To: <20080709185405.GJ92109@atarininja.org> References: <17cd1fbe0807090819o2aa28250h13c58dbe262abb7c@mail.gmail.com> <3a558cb8f79e923db0c6945830834ba2.squirrel@galain.elvandar.org> <17cd1fbe0807090909i566e1789s6b7b61bf82dd333e@mail.gmail.com> <4874ECDA.60202@elvandar.org> <4874F149.1040101@FreeBSD.org> <17cd1fbe0807091027n6af312cbwab3d3277f2b5e081@mail.gmail.com> <20080709181515.GG92109@atarininja.org> <20080709183325.GE55473@noncombatant.org> <20080709185405.GJ92109@atarininja.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Wesley Shields writes: > > Malware authors create exploits based on information they gleaned by > > reverse > > (legitimate businesses). I'm also not sure how this applies since the > project is open source - the fix is published at the time of the patch, My implicit (sorry about that) point was that if closed source software has no obscurity, there's no way open source software can have any. So we should not pretend that there is any, nor that it can help. The best course is to provide users full information about the risks they face and to respond with timely and correct fixes to those issues that introduce unnecessary risk. In this case, the BIND bug is already patched and publicly available anyway.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080709203008.GF55473>