Tim, On Mar 9, 2022, at 9:09 AM, Tim Howe <[email protected]> wrote: > Some of our biggest vendors who have supposedly supported > v6 for over a decade have rudimentary, show-stopping bugs.
Not disagreeing (and not picking on you), but despite hearing this with some frequency, I haven’t seen much data to corroborate these sorts of statements. > A subset of these vendors will listen to you and fix the > problems. Give them your support and loyalty. I want to name names so > bad… Perhaps the right approach would be similar for network operators to move to a timed full disclosure model (like Google’s Project Zero for security issues)? In the software security world, this model seems to have had a positive impact in getting fixes out. If a vendor who claims v6 support doesn’t actually support v6 (or, if a vendor fixes a known lack of v6 support), it would seem to me that this is information that folks on NANOG (and elsewhere) would find useful. Regards, -drc
signature.asc
Description: Message signed with OpenPGP
