From: Paul Vixie (vixieisc.org)
Date: Fri Jul 18 2008 - 10:07:13 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > one question that I forgot: Was it OK to speculate about the DNS
> > problem, or is that considered irresponsible, too ?
>
> Only if you believe in a higher power that can hold you responsible for
> speculating about potentially breaking the Internet with an already
> patched vulnerability.

your primary responsibility is to your self and your own values. if you
think dan err'd in giving the world a month or so, from july 7 to august 6,
to apply patches including udp port randomization; if you think less time
would have been better; if you think any part of the DNS infrastructure
which can't be patched that quickly needs to be knocked on its ass to teach
its operators a lesson... then it's not irresponsible to engage in public
speculation which could yield an earlier-than-dan's disclosure. your call.
it's up to each of us to decide what we want to be responsible to and for.

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]