Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 19 Feb 2021 09:17:37 +0100
From: Hanno Böck <>
To: ISC Security Officer <>
Subject: Re: BIND Operational Notification: Enabling the new
 BIND option "stale-answer-client-timeout" can result in unexpected server

On Thu, 18 Feb 2021 20:09:47 -0900
ISC Security Officer <> wrote:

> 2)  If you already have packages based on 9.16.12, we expect to have
> a patch ready well before the next maintenance release.  A candidate
> patch is under review now and can be delivered after review and
> quality assurance testing.  If you wish to receive updates on the
> progress of this patch, please e-mail your request to

I am confused by your actions here.

You warn people about a messed up release (can happen, no problem), you
say you have a preliminary patch, but you make it extra complicated to
get that patch? Why not just post the patch?

Also I read into your words that you don't plan to publish a quick
followup release, which would be the right thing to do ("we expect to
have a patch ready well before the next maintenance release" - I read
that as you don't plan to make a new maintenance release as soon as
the patch is ready, which would be the right thing to do).

Hanno Böck

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.