[34329] in North American Network Operators' Group
Re: Reasons why BIND isn't being upgraded
daemon@ATHENA.MIT.EDU (Adam Rothschild)
Sat Feb 3 14:12:35 2001
Date: Sat, 3 Feb 2001 14:11:25 -0500
From: Adam Rothschild <asr@latency.net>
To: Paul Vixie <vixie@mfnx.net>
Cc: nanog@merit.edu
Message-ID: <20010203141125.C20872@og.latency.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <g33ddv4oat.fsf@redpaul.mfnx.net>; from vixie@mfnx.net on Sat, Feb 03, 2001 at 10:24:58AM -0800
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, Feb 03, 2001 at 10:24:58AM -0800, Paul Vixie wrote:
> Wrt the bind-members forum being discussed to death elsewhere,
> nobody can pay for early warnings. CERT will still be the source of
> early earnings. What people can pay for (bind-members
> participation) is the legal fees associated with NDA-level access to
> early fixes, if and only if they provide part of the internet's
> basic infrastructure (e.g., OS vendors and TLD server operators).
I'm a bit confused. Under this arrangement, what incentive is there
for security-conscious common people to run BIND as a name server,
rather than its various alternatives, most of which don't require
preferential treatment in order to get timely security
advisories/fixes?
Will the ISC implement similar policies with its INN and DHCP software
in the foreseeable future, or is this something unique to BIND?
-adam
