> As we've discovered after many such events, the overlap between the > people who read those lists and the people running outdated vulnerable > software isn't very large.
to steal from a reply to a private message: there are a jillion folk at the edges of the net running with low end gear, low margins, and 312 pressures. *knowingly* abusing them into an update a week is just not reasonable ops behavior. and, at the other extreme, big core isps have a pre-deployment test window of six or more months. the only win here is that public embarrassment does help to get the big vendors to give us a fix with which to start the lab test cycle. bug reports to tac seem not to. randy
