Hi all,

 Do we really need to be worried that much about ISC's decision to create a
fee-based membership  forum? I  think that  the major  problem is  with the
wording  Paul  Vixie's  `pre-announcement.'  The  line  below  is  somewhat
ambiguous to me:

> 2. Vendors who include BIND in their products

 Is a person  who installs and configures a server  running BIND assumed to
be a vendor? After  all, the server I've built is a  product. To provide an
analogy, if  you build a  Linux-based server  totally from the  most recent
sources, can this  be treated as your  own distro? You just  don't burn it,
and there's only  a single instance of it, but  it's still something you've
designed and implemented. And charged your customer for.
 Lists of requirements and features also need some clarifications IMHO, and
I believe they'll be reviewed soon.
 In general, ISC needs some funds and  it offers a paid service. If you can
discover a  bug and patch  it, good. If  you can't and  you can pay  and be
informed on recent ISC's achievements in BIND security in advance. And this
only takes exploits found and patched  by ISC themselves. That's how I read
it, correct me if I'm wrong. Numerous BugTraq posters will still be able to
share BIND security  information they have and I haven't  found anything in
Paul Vixie's message that tells ISC will not allow them to. Unless they are
members of the forum, but that's another story.
 So, good guys  want to make some  money and honestly warn us  about it, so
there's no  reason to yell  at them  :) I could  call this `much  ado about
nothing,' but  there's one point not  (yet) brought to public  attention. I
don't want no allusions to the latest events with a well-known company from
Redmond, but  it seems like  having only one  product that provides  such a
crucial service is far from perfect.
 Yes, SMTP and DNS. sendmail and bind. The most used, the most blessed, the
most cursed. Worse admin's nightmares,  crunching gazillions of bytes every
hour all around  the world. Yes, Apache  too. They all have  their weak and
strong points, but that's not what I'm talking about.
 I stand on  positions of elitism, I  like it when someone  or something is
number one. I'm  just slightly nervous when something is  the only one. The
reasons are numerous  and I'm sure that honourable  BugTraq subscribers all
know them well.
 Again, control over three major 'Net services, SMTP, DNS and HTTP is being
concentrated. The  teams are doing  excellent work, but what's  waiting for
them and for all of us at the end of the road?



Reply via email to