Two BIND 9 Security Vulnerabilities Announced Today
ISC is releasing updated versions of BIND 9 to address two newly-discovered security vulnerabilities We have released new versions of BIND: 9.Read post
ISC published BIND under a very permissive open source license nearly two decades ago, and we have been maintaining it ever since. In December we announced we were changing the license for our Kea DHCP server to the modern and widely used Mozilla Public License (MPL 2.0). The MPL 2.0 license requires that if you make changes to licensed software (e.g. BIND) and distribute them outside your organization, that you publish those changes under that same license. It does not require that you publish or disclose anything other than the changes you made to our software. (Read about it at tl;dr Legal https://tldrlegal.com/license/mozilla-public-license-2.0-(mpl-2))
Recently, we announced we were considering changing the BIND license as well, in order to best preserve that software for the long term.
Over the years, numerous users and developers have tested BIND and contributed bug reports, fixes and improvements. Expert users have given their time to support less-experienced users on the public bind-users mailing list or have published free resources and tools for use with BIND. Of the 100 or so organizations that provide ISC’s financial support, a substantial number have been doing so for nearly a decade. BIND is a large and complex open source project. The BIND development team today consists of only 4 full-time software engineers, two test engineers and a manager, a fraction of what would be deployed for a comparable commercial product. We wouldn’t have been as successful as we have been in maintaining BIND as a competitive and full-featured system without all this community support.
We consulted with numerous stakeholders in making this decision, including our operating system partners, recent/frequent patch contributors, major financial supporters, fellow open source DNS developers, ISC support customers, and the bind-users mailing list.
We received a lot of thoughtful feedback. By far, most commenters welcomed this change or said they didn’t anticipate any impact. A few would prefer we retain the current ISC license. Several people recommended we go even farther than MPL 2.0 and consider the more restrictive GPL license. But some important stakeholders strongly requested we avoid the GPL license and refrain from inventing a new open source license. A few technical contributors pointed out opportunities for us to improve our commitment to, communication with, and acknowledgement of, technical contributors.
We appreciate all of this feedback. We considered it carefully. Although we are aware that the MPL 2.0 license may not require the contributions we are hoping for, it seems to be an acceptable middle ground between the current ISC license and the GPL license. We have decided to move BIND to the Mozilla Public License (MPL 2.0).
We will add the MPL 2.0 license terms as we update or change files, beginning with the 9.11.0 beta version. Older versions already published under the ISC license will remain under the ISC license. We will be highlighting the change in our release notes and in the release announcements. In addition, we will be updating our contributor guidelines so technical contributors are aware of how their contributions will be licensed. We are considering other changes to the way people contribute code changes. We do not plan to add a contributor agreement, based on the significant feedback we received against it.
If you or your employer use BIND and you want to see the project continue as a strong and healthy system, please consider contributing, if you do not today. We welcome donations of any amount at our donations page. Although you may see news items about large foundation grants to some open source projects, most long-term open source projects struggle to raise adequate financial support and the effort we have to put into raising money detracts from the effort we can put into the software.
What's New from ISC