PRE-ANNOUNCEMENT: BIND-Members Forum

David R. Conrad david.conrad at nominum.com
Wed Jan 31 21:59:45 UTC 2001 

Martin,

Paul is the right person to comment on this, but as he hasn't yet, I'll 
jump in to try to head off the misunderstandings.

At 03:20 PM 1/31/2001 -0600, Martin McCormick wrote:
>         I am also very concerned.  Does this mean no more open
>source for bind?

_NO_!!!.  (is that clear enough?)

BIND is, and always will be, Open Source.  ISC is incorporated as a public 
benefit California corporation chartered to provide openly available 
reference implementations of core Internet protocols.  If ISC attempted to 
move BIND out of Open Source, it could face scrutiny by the California 
state attorney general due to violating its charter and/or the public 
trust.  As opposed to Delaware, the CA AG actually cares about the whole 
public benefit thing.  I would be highly surprised if ISC's board would be 
willing to risk the (potentially millions of dollars of) liability and 
legal fees that would be associated with even attempting to take BIND out 
of Open Source.

Besides, Paul and the rest of the board are strongly in favor of ISC's 
charter.  Moving BIND out of Open Source would simply be the wrong thing to do.

         Please tell us we have misunderstood and that this was
>all a mistake.

Yes.  You misunderstood.  Both Paul and myself had serious concerns with 
how the recent advisories were handled.  In particular, many organizations 
that should have been contacted prior to the advisories being released 
weren't.  ISC has no way of notifying organizations that are using BIND in 
commercial products or services that they should upgrade without also 
notifying everyone.

> >       2. Use of PGP (or possibly S/MIME) will be mandatory
>         For what?

So sensitive information (such as the existence of a security bug) can be 
transmitted to members securely.

> >       4. Members will sign strong nondisclosure agreements
>         About what, for crying out loud?!

So ISC can be assured that the sensitive information is not released to the 
public.

>         Please, explain this and let's hope we are being
>alarmist.

Yes, you are being alarmist.

Even if someone tried to take (any open source package) non-Open Source, 
the end result would almost assuredly be a code fork.  The Open Source 
version would continue to be available and the non-Open Source version 
would have to contribute against the Open Source version.  Not a recipe for 
success.

Rgds,
-drc
(former Executive Director of ISC, not involved in ISC internal affairs any 
longer)

P.S. For those that are curious, Nominum is an independent (for-profit) 
company that did the development of BIND version 9 under contract to 
ISC.  We support and will continue to contribute to BIND version 9 
development, but have our own services and products (not based on BIND) 
that we're developing.

More information about the bind-users mailing list