PRE-ANNOUNCEMENT: BIND-Members Forum
David R. Conrad
david.conrad at nominum.com
Wed Jan 31 21:59:45 UTC 2001
Martin,
Paul is the right person to comment on this, but as he hasn't yet, I'll
jump in to try to head off the misunderstandings.
At 03:20 PM 1/31/2001 -0600, Martin McCormick wrote:
> I am also very concerned. Does this mean no more open
>source for bind?
_NO_!!!. (is that clear enough?)
BIND is, and always will be, Open Source. ISC is incorporated as a public
benefit California corporation chartered to provide openly available
reference implementations of core Internet protocols. If ISC attempted to
move BIND out of Open Source, it could face scrutiny by the California
state attorney general due to violating its charter and/or the public
trust. As opposed to Delaware, the CA AG actually cares about the whole
public benefit thing. I would be highly surprised if ISC's board would be
willing to risk the (potentially millions of dollars of) liability and
legal fees that would be associated with even attempting to take BIND out
of Open Source.
Besides, Paul and the rest of the board are strongly in favor of ISC's
charter. Moving BIND out of Open Source would simply be the wrong thing to do.
Please tell us we have misunderstood and that this was
>all a mistake.
Yes. You misunderstood. Both Paul and myself had serious concerns with
how the recent advisories were handled. In particular, many organizations
that should have been contacted prior to the advisories being released
weren't. ISC has no way of notifying organizations that are using BIND in
commercial products or services that they should upgrade without also
notifying everyone.
> > 2. Use of PGP (or possibly S/MIME) will be mandatory
> For what?
So sensitive information (such as the existence of a security bug) can be
transmitted to members securely.
> > 4. Members will sign strong nondisclosure agreements
> About what, for crying out loud?!
So ISC can be assured that the sensitive information is not released to the
public.
> Please, explain this and let's hope we are being
>alarmist.
Yes, you are being alarmist.
Even if someone tried to take (any open source package) non-Open Source,
the end result would almost assuredly be a code fork. The Open Source
version would continue to be available and the non-Open Source version
would have to contribute against the Open Source version. Not a recipe for
success.
Rgds,
-drc
(former Executive Director of ISC, not involved in ISC internal affairs any
longer)
P.S. For those that are curious, Nominum is an independent (for-profit)
company that did the development of BIND version 9 under contract to
ISC. We support and will continue to contribute to BIND version 9
development, but have our own services and products (not based on BIND)
that we're developing.
More information about the bind-users
mailing list