> > I still like the idea of collecting a reward if I find an exploit, rather
> > than paying to find out about them.
>
> You. Will. Not. Have. To. Pay. To. Find. Out. About. An. Exploit.
>
> Can we make it any more clear for you, or are you being obtuse on purpose?
I know I don't have to pay - all the script kiddie sites have the 'sploits
for free.
> > For all the talk on this list about people being concerned about system
> > security, it baffles me why, when it comes to things like BIND, people
> > justify continuing to use it ...
>
> BIND works. With the right security precautions -- the very same security
> precautions djbdns uses -- it is not a significant security risk. If djbdns
> can use chroot jails and drop privileges, why can't BIND?
If there is no problem, why all the security alerts? And cache poisoning,
resulting from a structural flaw in BIND, cannot be prevented by the above
techniques.
--Pete
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
