I'm not one to condone shitty attitudes.
However, I think in this case it's unfair to claim that one can have

no expectations of OpenBSD with regards to security patches.  If I

could have no such expectations, I would not use OpenBSD in the first

place.  I have these expectations based on a very impressive security

history for which the OpenBSD developers deserve much in the way of

praise.
Additionally, loyal OpenBSD users may be interested in the details of

the vulnerability disclosure.  There very well maybe loyal OpenBSD

users who wish to very politely inform ISC that there are large

numbers of BIND users who would appreciate the same level of

cooperation between ISC and OpenBSD as ISC affords others.
On Wed, Jul 9, 2008 at 11:17 AM, Andreas Maus

 wrote:

quoted text
> On Wed, Jul 09, 2008 at 12:22:17PM -0400, bofh wrote:

>> Love your gimme gimme attitude.  If you spent half a second thinking about this:

> Hehehe ;)

>

> Furthermore you can see in the US-CERT that this VULN was:

>

> Date First Published    07/08/2008 02:46:15 PM

>

> As you know some developers may live outside .us in a different

> timezone (and developers in .us/.ca have to work at this time).

> So in e.g. Europe this was yesterdays evening.

>

> You can accelerate proceedings by a) donating to OpenBSD

> and b) - if you need this patch REALLY FAST - hire a paid

> conslutant to develope the patch and send it to the list.

>

> And OpenBSD doesn't have a SLA ...

>

> So long,

>

> Andreas.

>

> --

> Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of

> an 8-bit operating system written for a 4-bit processor by a 2-bit

> company who cannot stand 1 bit of competition.