At 3:15 PM -0700 5/8/02, Jeremy C. Reed wrote:
>On Wed, 8 May 2002, Paul Hoffman wrote:
>
>>  - The dhcpd in 1.5.1 reports that it is 3.0b2pl24. The message below
>>  says that it is fixed in NetBSD but apparently not in ISC's dhcpd.
>>  Does this mean that we have forked from the ISC source tree? If so,
>>  could we come up with a slightly more sensible version numbering
>>  scheme?
>
>Probably the changes are very little when compared to official 3.0 Beta 2
>Patchlevel 24.

So you are saying we forked and stopped?

>  > - When we found the vulnerability 18 months ago, did we report it to
>>  ISC? If not, why not? If so, could they really be so lame as to muff
>>  this?
>
>Just because a syslog formatting was improved doesn't mean that a security
>issue was fixed. Probably the vulnerability wasn't even known.

Sorry, I can't parse that. Do you mean that we did a sweep, found 
some suspicious-looking stuff, fixed it, but didn't report the 
suspicious-looking stuff to ISC? If so, that doesn't seem like a good 
thing for everyone else on the Internet...