despite having 137 days to fix the reported issue, initially delayed patches past the disclosure deadline, planning to fix the bug somewhere in September.

Google engineers changed their mind yesterday after Husain published details about the bug on her blog, including proof-of-concept exploit code.



2.1.5 Use of Data by User. [...] (b) under no circumstances [...] (ii) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator or any ICANN-accredited registrar

you know that thread about google chrome sending too many DNS lookups?
it seems that might be almost against a domain registry agreement if they were somehow using a specific domain name to do it

(i wonder if the .google registrar terms omit this block or not.)

these lookups were of course not sent by a domain name or anything that would fall under this 'don't send spam email using our domain registry' section, they're just coming from a browser.

i just find it funny (?) google established its own whole tld and is also doing things other tlds, possibly even its own, ban in their registry agreements

Show thread
Sign in to participate in the conversation

For people who care about, support, or build Free, Libre, and Open Source Software (FLOSS).