Date: Fri, 2 Feb 2001 19:33:02 +0000
From: KuroiNeko <[email protected]>
To: [email protected]Subject: BIND, is it all that bad?
Hi all,
Do we really need to be worried that much about ISC's decision to create a
fee-based membership forum? I think that the major problem is with the
wording Paul Vixie's `pre-announcement.' The line below is somewhat
ambiguous to me:
> 2. Vendors who include BIND in their products
Is a person who installs and configures a server running BIND assumed to
be a vendor? After all, the server I've built is a product. To provide an
analogy, if you build a Linux-based server totally from the most recent
sources, can this be treated as your own distro? You just don't burn it,
and there's only a single instance of it, but it's still something you've
designed and implemented. And charged your customer for.
Lists of requirements and features also need some clarifications IMHO, and
I believe they'll be reviewed soon.
In general, ISC needs some funds and it offers a paid service. If you can
discover a bug and patch it, good. If you can't and you can pay and be
informed on recent ISC's achievements in BIND security in advance. And this
only takes exploits found and patched by ISC themselves. That's how I read
it, correct me if I'm wrong. Numerous BugTraq posters will still be able to
share BIND security information they have and I haven't found anything in
Paul Vixie's message that tells ISC will not allow them to. Unless they are
members of the forum, but that's another story.
So, good guys want to make some money and honestly warn us about it, so
there's no reason to yell at them :) I could call this `much ado about
nothing,' but there's one point not (yet) brought to public attention. I
don't want no allusions to the latest events with a well-known company from
Redmond, but it seems like having only one product that provides such a
crucial service is far from perfect.
Yes, SMTP and DNS. sendmail and bind. The most used, the most blessed, the
most cursed. Worse admin's nightmares, crunching gazillions of bytes every
hour all around the world. Yes, Apache too. They all have their weak and
strong points, but that's not what I'm talking about.
I stand on positions of elitism, I like it when someone or something is
number one. I'm just slightly nervous when something is the only one. The
reasons are numerous and I'm sure that honourable BugTraq subscribers all
know them well.
Again, control over three major 'Net services, SMTP, DNS and HTTP is being
concentrated. The teams are doing excellent work, but what's waiting for
them and for all of us at the end of the road?
--
лд╓╞г╜╓оам╓РйА╓И╓л
