On Sun, Feb 11, 2001 at 08:28:48PM -0500, Nick wrote:
> >                  NetBSD Security Advisory 2001-001
> >                  =================================
> 
> Maybe I am not reading the right mailing lists, but doesn't it seem
> like the NetBSD user community should hear about this sort of thing
> sooner?

http://www.netbsd.org/Changes/#bind_8.2.3 is dated January 27th, which
is quite timely IMO :)  The formal advisory is uncommonly late this
time.

> sort of uneasy to know these vulnerabilities were common knowledge
> for so long without an advisory.
[...] 
> Is it a bad idea to rely on the NetBSD Security Advisories to keep
> up-to-date on vulnerabilites in NetBSD?

No.  We had an informal and formal advisory this time.  Unfortunately
I wasn't aware that the formal would be late, or I would have
propagated the informal one further.

The web site, especially the news portion (as linked off the front
page) is good to follow though.

Take care

--
Reed <aiko@antigone.net>