North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Reasons why BIND isn't being upgraded
On Sat, Feb 03, 2001 at 02:11:25PM -0500, Adam Rothschild wrote: > On Sat, Feb 03, 2001 at 10:24:58AM -0800, Paul Vixie wrote: > > Wrt the bind-members forum being discussed to death elsewhere, > > nobody can pay for early warnings. CERT will still be the source of > > early earnings. What people can pay for (bind-members > > participation) is the legal fees associated with NDA-level access to > > early fixes, if and only if they provide part of the internet's > > basic infrastructure (e.g., OS vendors and TLD server operators). > > I'm a bit confused. Under this arrangement, what incentive is there > for security-conscious common people to run BIND as a name server, > rather than its various alternatives, most of which don't require > preferential treatment in order to get timely security > advisories/fixes? > > Will the ISC implement similar policies with its INN and DHCP software > in the foreseeable future, or is this something unique to BIND? FWIW, here's djb's analysis of the current situation, which he posted recently on the [email protected] mailing list: | The Vixie cluster of companies---Vixie Enterprises, Nominum, Vayusphere, | PAIX, M.I.B.H. (swalloed by Metromedia), etc.---is already doing its | best to make money off BIND. They give us configuration problems and | then sell support services; they give us reliability problems and then | sell backup services; they give us security problems and then sell early | access to security information. | | The natural next step is for them to start selling a BIND Pro with early | access to features and bug fixes that'll be added someday to the free | BIND. BIND isn't under the GPL, so there's no legal obstacle to this. | | ---Dan --Adam
|