On Wed, Nov 20, 2002 at 10:21:55AM -0700, Vincent Danen wrote: > No one said bind doesn't work. What I said was it doesn't work > securely. Anyways, have you read bugtraq and the other security lists > lately? There are plenty people pissed at ISC about this. The people > who aren't, don't know any better or simply don't care. Also, why > isn't switching to djbdns not an option? What's stopping you?
What's stopping me is I don't like the way djb does things. Sorry but I don't need to be running another person who's a pain in the ass's software. Theo is enough for me. Sure BIND has had it's share of security issues. But I think arguing that someone should use software simply because it hasn't is specious. The amount of security problems is related to the number of users using a piece of software too. Viruses that take advantage of flaws in mutt don't exist because mutt doesn't have a big enough user basis to make it worthwhile to write. Not because mutt doesn't (and hasn't) had security flaws. Don't confuse the lack of security issues with security. They are very different things. People were saying that Linux was more secure than Windows because there weren't nearly as many vulnerabilities for Linux as for Windows. But this years vulnerability list for the two tells a different story. What those numbers mean is open for interpretation. On another note. The issues that have come to light recently were errors in the dnssec portion of the implementation. It's not terribly surprising that errors have been made in this new part of the protocol. Considering that djb hasn't bothered to implement this (and crypto enhanced protocols are not trivial to implement) people using this product can't really criticize ISC for having security issues in it's implementation of it. Now I understand the disappointment that people have with the way ISC handled this. Perhaps someone should ask Vixie about it. Maybe he has an explanation. Maybe he agrees and is going to do something about it. But all this ranting and raving about how ISC sucks isn't going to do any of us any good. -- Ben Reser <[EMAIL PROTECTED]> http://ben.reser.org "If you're not making any mistakes, you're flat out not trying hard enough." - Jim Nichols
