DeepSight alert services (Symantec) notified me that OpenBSD has also fixed the DNS cache poisoning and predictable IP ID weakness. I also see PRNG related changes to 4.3. If my memory serves me right, my impression was this was not an issue that bothered OBSD much, and as such the developers had decided they won't (?) fix it. I would appreciate to get an insight as to why this change in decision took place (yeah, I am also okay if I get an answer like "some dev had some time at hand". :))
My intention is not to question as to why this was fixed, but as to why a change in decision from "not fix -> fix". Thanks. -Amarendra
