Two BIND 9 Security Vulnerabilities Announced Today
ISC is releasing updated versions of BIND 9 to address two newly-discovered security vulnerabilities We have released new versions of BIND: 9.Read post
In the past, ISC has released all of its open source software under a simple license that we created. It’s called “The ISC License”; see https://en.wikipedia.org/wiki/ISC_license.
The software world has changed in the years since we wrote the ISC license. Hundreds of lawyers have been involved in the writing and editing of open source licenses. There are many and varied licenses in use around the internet. The Open Source Initative maintains a list of them here: http://opensource.org/licenses/category where, as you can see, the ISC License is identified as “uncategorized.”
ISC is getting ready to release V1.0 of our new Kea DHCP software, and we have decided to release it under a more modern and more widely used license, namely the Mozilla Public License 2.0. The Mozilla Public License 2.0 has exactly one important difference from the ISC License: if you modify our code, and distribute the modified code to others, you have to distribute the changes you made to our code under the same license terms under which you received it. That distribution will include us, which gives us the opportunity to incorporate your changes into our source.
Before you read any further here, perhaps you should go look at the Quick Summary of MPL2.0 published by tl;drLegal: https://tldrlegal.com/license/mozilla-public-license-2.0-(mpl-2) or the FAQ published by the Mozilla Foundation: https://www.mozilla.org/en-US/MPL/2.0/FAQ/ or the license itself at https://www.mozilla.org/en-US/MPL/2.0/.
There is no single reason why ISC is making this change. Our goal of providing high-quality free Internet software will never change. We want to make sure that our source code is available to everyone and that they can use it pretty much however they want. As commercial use of open-source software continues to increase, we see increased demand for a well-known license that lawyers are familiar with and already understand. There is no longer a good reason for ISC to have its own license, separate from everything else, even though we had and were using our license years before most of these other licenses existed. Almost certainly the ISC License was one of the first few published open source licenses, and it’s hardly changed in all those years.
If a company uses our software but improves it, we really want those improvements to go back into the master source. It will make the software better for everyone. The MPL2.0 license requires that if you make changes to licensed software (e.g. Kea) and distribute them outside your organization, that you publish those changes under that same license. It does not require that you publish or disclose anything other than the changes you made to our software. This requirement is enough to ensure that our public source will be improved by your work, but not so much that you might be tempted to call the license a “virus.”
It was almost 30 years ago that we wrote the first version of what would evolve into the ISC license. The application that Kea will replace - ISC DHCP - is more than 20 years old. We hope that Kea, licensed under the more-modern MPL2.0, will serve as well for the next 20 years.
What's New from ISC