PRE-ANNOUNCEMENT: BIND-Members Forum

[Jim Reid]

>>>>> "Bill" == Bill Larson <wllarso at swcp.com> writes:

Paul Vixie as chairman of ISC really needs to respond to your comments
and those of others. But some things that have been said are so far
removed from reality, they need to be immediately shot down before
they spread needless confusion, fear and misconceptions. My remarks
are in a personal capacity and I speak only for myself.

    Bill> To continue, you are proposing a multi-tiered support
    Bill> structure.  If you pay money then you will be the first to
    Bill> be notified of a problem.  If you don't pay, then you will
    Bill> be at the mercy of someone else informing you of a problem.

How does this really differ from the current situation? The vendors
who have largely (but not exclusively) funded BIND get advance warning
of security problems as part of CERT's standard procedures. This gives
them time to prepare patches, alert their support staff, etc. When
CERT releases the advisory everyone is told. Including the
overwhelming majority of us who have never paid a penny for BIND.

    Bill> There is NOTHING that is being said about when/where/how the
    Bill> rest of us will be informed about problems.

I would expect that the current model would apply: ie a CERT advisory
and info on the ISC web site.

    Bill> I believe that this announcement produced a tremendous
    Bill> amount of FUD

I'd agree with that. And the reaction to Paul's announcement has
caused that FUD to explode.

Think of the BIND Members Forum as an alternative way of widening the
pool of supporters provding money from the community to fund the
on-going development of BIND. There's nothing more sinister than that
going on.