PRE-ANNOUNCEMENT: BIND-Members Forum

lpb at Starbase.NeoSoft.COM lpb at Starbase.NeoSoft.COM
Wed Jan 31 20:31:57 UTC 2001 

Is this the beginning of taking BIND out of the Open Source domain??

I would feel a lot more comfortable if the membership included CERT, 
without any possibility of removing them. I don't feel assured that the 
public at large would be made aware of security risks as they come up - and 
we're the reason BIND exists in the first place.

Paul, you're opening yourself up to the kind of complaints DJB makes about 
the "BIND Corporation" when you make broad statements like "Recent events 
have very clearly shown that there is a need for a fee...". WHAT events? 
WHAT problems will this solve? Please give us more detail.

Luigi Bai
Currently, a BIND user

At 09:36 AM 1/31/01 -0800, Paul A Vixie wrote:
--- Begin Original Message ---
>ISC has historically depended upon the "bind-workers" mailing list, and
>CERT advisories, to notify vendors of potential or actual security flaws
>in its BIND package.  Recent events have very clearly shown that there is
>a need for a fee-based membership forum consisting only of:
>
>         1. ISC itself
>         2. Vendors who include BIND in their products
>         3. Root and TLD name server operators
>         4. Other qualified parties (at ISC's discretion)
>
>Requirements of bind-members will be:
>
>         1. Not-for-profit members can have their fees waived
>         2. Use of PGP (or possibly S/MIME) will be mandatory
>         3. Members will receive information security training
>         4. Members will sign strong nondisclosure agreements
>
>Features and benefits of "bind-members" status will include:
>
>         1. Private access to the CVS pool where bind4, bind8 and bind9 live
>         2. Reception of early warnings of security or other important flaws
>         3. Periodic in-person meetings, probably at IETF's conference sites
>         4. Participation on the bind-members mailing list
>
>If you are a BIND vendor, root or TLD server operator, or other interested
>party, I urge you to seek management approval for entry into this forum, and
>then either contact, or have a responsible party contact, isc-info at isc.org.
>
>Paul Vixie
>Chairman
>ISC
--- End Original Message ---

More information about the bind-users mailing list