On 2001-Jan-31 18:02:48 -0700, Theo de Raadt <[EMAIL PROTECTED]> wrote:
>What does the community think of this change in direction?

Given the importance of BIND to the Internet, I can see the benefits
in having a closed group to handle security-related issues.  As long
as the membership is intended to provide a forum where security
problems can be diagnosed and corrected without premature disclosure,
it would seem to be a good idea.  If the intent is to provide a closed
group with access to an `enhanced' BIND (and I don't believe it is),
then I would be opposed to it.

Overall, I have no problems with the creation of a "bind-members" group
as long as:
- The 'free' Unices (*BSD, various Linux distributions) are not
  (effectively) prevented from participating by requiring more than
  a nominal membership fee or other impediments.
- BIND source code remains freely available (at least for RELEASE and
  maybe BETA versions).
- Membership benefits do not include access to enhancements that are
  not publicly available
- Security fixes and announcements are made publicly available in a
  timely manner.
- The NDA requirements only cover details of bugs prior to their
  public announcement.  Once a fix has been publicly announced,
  members are free to discuss the details of the problem.


Reply via email to