[In a message on Thu, 30 Jul 2009 09:08:05 +0200, "Stephane Bortzmeyer" wrote:]
> >How many people checked them? Probably not a lot since I did not saw >reports "BIND releases corrupted!". It tells a lot about Internet >security. And makes me seriously worry for the future when DNSSEC will >be deployed... More likely it says "Folks don't grab patches nearly as quickly as we'd hope." If signatures are provided I ususally use them. A bit more problematic is the verification that the signature is in fact the most current signature.. So.. what I suspect you get more of is "the signature is verified... but I have no idea who signed it!" CPAN's implementation of signature validation is probably an indication of the way things like this need to work, if the chain is going to be trusted from end to end. Steve _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
