Christoph Martin wrote:
> >> No, it's not. The prefix containing the old route server address is
> >> still assigned to Bill Manning, so there is no immediate cause for
> >> alarm. Even the fake servers returned the correct address for the L
> >> root, so the priming at the start would have removed the old L root
> >> address.
> > Even without the security tag, this is certainly not "wishlist" since
> > the old address for L is currently not responding to queries.
> > I'm leaving it to the maintainer, however, to avoid a bts war :)
>
> I think it is up to the Security-Team, because they have to do the Fix,
> the code review and the security upload
>
> >> We can't fix broken Internet routing. The same thing could happen to
> >> essentially all root servers. Changing addresses compiled/configured
> >> into BIND does not prevent this.
> > We can't, no, but we can make sure our users are using the current
> > root-servers; a routing attack on those would be taken more seriously, I
> > guess.
>
> I don't see the big problem doing a Security Update for this issue. It
> is a minimal change, so the review by the Security Team would be easy.
>
> I don't think we can afford to ignore this issue and let our users ask
> one wrong root-server if it happens to pop up again with spoofed
> answers. I can imagine the bad press with "Debian taking Security Issues
> lightly"
Are you sure there is an issue to discuss at all?
Hasn't the old address been operated by an operator of another
root server?
Hasn't the L root server's address been officially turned down
already?
Please explain the security problem in this.
I believe, it would make sense to ask the SRMs whether an update of
the nameserver packages in Debian stable is justified, and if they
believe it is, talk to the respective maintainers to update their
packages.
Regards,
Joey
--
Those who don't understand Unix are condemned to reinvent it, poorly.
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
