Date: Fri, 19 Feb 2021 09:17:37 +0100 From: Hanno Böck <hanno@...eck.de> To: ISC Security Officer <security-officer@....org> Cc: oss-security@...ts.openwall.com Subject: Re: BIND Operational Notification: Enabling the new BIND option "stale-answer-client-timeout" can result in unexpected server termination On Thu, 18 Feb 2021 20:09:47 -0900 ISC Security Officer <security-officer@....org> wrote: > 2) If you already have packages based on 9.16.12, we expect to have > a patch ready well before the next maintenance release. A candidate > patch is under review now and can be delivered after review and > quality assurance testing. If you wish to receive updates on the > progress of this patch, please e-mail your request to > security-officer@....org I am confused by your actions here. You warn people about a messed up release (can happen, no problem), you say you have a preliminary patch, but you make it extra complicated to get that patch? Why not just post the patch? Also I read into your words that you don't plan to publish a quick followup release, which would be the right thing to do ("we expect to have a patch ready well before the next maintenance release" - I read that as you don't plan to make a new maintenance release as soon as the patch is ready, which would be the right thing to do). -- Hanno Böck https://hboeck.de/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.