Evan Hunt wrote:
reading carefully to the end of the line and notice that the 2006
Perhaps some people who did
validate the files were similarly incautious.
Or decided, taking account of the circumstances, not to treat
expired as a synonym for not trustworthy.
/Niall
In message 20090730070805.ga1...@nic.fr, Stephane Bortzmeyer writes:
On Wed, Jul 29, 2009 at 04:25:18PM +,
Evan Hunt e...@isc.org wrote
a message of 16 lines which said:
Due to a combination of circumstances, including extreme rush and
the usual signer of our releases being away
How many people checked them? Probably not a lot since I did not saw
reports BIND releases corrupted!. It tells a lot about Internet
security. And makes me seriously worry for the future when DNSSEC will
be deployed...
We received several private reports of the error.
I checked them myself
[In a message on Thu, 30 Jul 2009 09:08:05 +0200,
Stephane Bortzmeyer wrote:]
How many people checked them? Probably not a lot since I did not saw
reports BIND releases corrupted!. It tells a lot about Internet
security. And makes me seriously worry for the future when DNSSEC will
be
Due to a combination of circumstances, including extreme rush and the
usual signer of our releases being away at IETF, we accidentally signed
yesterday's BIND 9 patch releases (9.4.3-P3, 9.5.1-P3, and 9.6.1-P1) with
the expired 2006 ISC signing key rather than the current one, and didn't
notice
5 matches
Mail list logo