"Juergen P. Meier" <[EMAIL PROTECTED]> writes:
> Ah, here i think you (and the ISC) overlooked something:
> Although i believe the probability of having a blackhat among
> the root-nameserver maintainers is close to zero, i am convinced
> that the probability of blackhats among all those people who would
> recieve such a closed-reciepent-list security-bulletin among the
> big vendors (IBM, Sun, HP and them linux distributors) is much
> closer to one.
s/much closer to//
I can't be the only person on BugTraq to have worked at one of the
above mentioned vendors. There *are* idiots working there; no hiring
process is, or can be, perfect.
Some of these *will* get access to the info. Some of those *will* be
blackhats, blackhat wannabes, or friends with the above. The
information *will* get out.
Just not to those of us who don't want our servers rooted.
The only way I could see to prevent that would be to limit the info to
one or two people per vendor, and that would kinda defeat the purpose,
I think, because I'm not sure that's enough people to get a head start
on patches.
Now, ISC may have taken this into account. I'm not *dead* set against
the idea yet, but I'm *extremely* skeptical. On the other hand, Paul
Vixie & co are some very smart, very experienced people, and I don't
subscribe to the conspiracy theories spouted by some people on the
list.
I'm willing to be convinced, but I haven't seen Paul & co address this
yet.
Shalon Wood
--
