Sujet : Re: ISC will likely be shutting down FTP access to ftp.isc.org soon (https will remain)
De : deletethis (at) *nospam* invalid.lan (noel)
Groupes : news.admin.hierarchies news.software.nntpDate : 28. Sep 2024, 14:40:02
Autres entêtes
Organisation : Ausics - https://newsgroups.ausics.net
Message-ID : <66f80732$1@news.ausics.net>
References : 1 2 3
User-Agent : Pan/0.141 (Tarzan's Death; 168b179 git.gnome.org/pan2)
On Sat, 28 Sep 2024 11:23:38 +0200, Ray Banana wrote:
Thus spake noel <deletethis@invalid.lan>
[...]
However, as ISC also offers support contracts for BIND and Kea, and
those customers have their own due diligence policies, we are often
subject to scrutiny and audits about how our network runs, and even
for a venerable URL like ftp.isc.org, we get questions from auditors
like "did you know you have a public FTP server on your network!
Why!?"
{...]
>
Lot of hogwash, so ISC don't have a spine... I wont go into how comical
the excuses are, others have more than adequately stated how silly they
are.
I've been working for several large companies that are legally required
to carry out annual audits of their IT infrastucture, both internal and
outsourced, and had to deal with external auditors from PWC, KPMG and
E&Y, to name just a few, and I know that it's absolutely impossible to
argue with external auditors and your customers' management if you care
about your mental health. They will drag you down to their level and
beat you with experience, so ISC is not to blame, IMHO.
I've had to deal with auditors before, theyre shown the mirrors are
completely separate hardware, unrelated to X's hardware, paying clients
want ftp access to their hardware too, or are auditors going to suggest
we dont do shared hosting, yes some auditors need to go get a clue, some
do have one tho, I guess everyones MMV.
as for PWC, they have no credibility here,
https://www.ft.com/content/a1cc64ee-2618-4884-bce2-f484f2812eb6
AFAIK ISC dont host customers data, and if any support contracts entails
them holding client data, one would imagaine its not on the same hardware
farm as its open source code bases, if it is, thats ISC's failings, but I
do not know how ISC run their commercial business nor their internal
structures, but I cant see how ISC would posses in confidence
commercially sensitive data that would cause failure on an audit, but
this entire discussion is moot, since they are not saying "lets have a
dialogue", they are saying "this is going to happen and tough shit if you
disagree"
ISC will likely be shutting down FTP access to ftp.isc.org soon (https will remain)
Re: ISC will likely be shutting down FTP access to ftp.isc.org soon (https will remain)