Faidon Liambotis schrieb: > [removing [EMAIL PROTECTED] from Cc] > > Florian Weimer wrote: >> severity 449148 wishlist >> tag 449148 -security >> thanks >> >> * Faidon Liambotis: >> >>> You pointed out earlier in the bug log that is is a "critical" (sic) >>> bug but there wasn't a fix prepared for etch. >> >> No, it's not. The prefix containing the old route server address is >> still assigned to Bill Manning, so there is no immediate cause for >> alarm. Even the fake servers returned the correct address for the L >> root, so the priming at the start would have removed the old L root >> address. > Even without the security tag, this is certainly not "wishlist" since > the old address for L is currently not responding to queries. > I'm leaving it to the maintainer, however, to avoid a bts war :)
I think it is up to the Security-Team, because they have to do the Fix,
the code review and the security upload
>> We can't fix broken Internet routing. The same thing could happen to
>> essentially all root servers. Changing addresses compiled/configured
>> into BIND does not prevent this.
> We can't, no, but we can make sure our users are using the current
> root-servers; a routing attack on those would be taken more seriously, I
> guess.
I don't see the big problem doing a Security Update for this issue. It
is a minimal change, so the review by the Security Team would be easy.
I don't think we can afford to ignore this issue and let our users ask
one wrong root-server if it happens to pop up again with spoofed
answers. I can imagine the bad press with "Debian taking Security Issues
lightly"
Christoph
--
============================================================================
Christoph Martin, Leiter der EDV der Verwaltung, Uni-Mainz, Germany
Internet-Mail: [EMAIL PROTECTED]
Telefon: +49-6131-3926337
Fax: +49-6131-3922856
signature.asc
Description: OpenPGP digital signature
