On Sat, Feb 03, 2001 at 10:24:58AM -0800, Paul Vixie wrote:
Wrt the bind-members forum being discussed to death elsewhere, nobody can pay for early warnings. CERT will still be the source of early earnings. What people can pay for (bind-members participation) is the legal fees associated with NDA-level access to early fixes, if and only if they provide part of the internet's basic infrastructure (e.g., OS vendors and TLD server operators).
I'm a bit confused. Under this arrangement, what incentive is there for security-conscious common people to run BIND as a name server, rather than its various alternatives, most of which don't require preferential treatment in order to get timely security advisories/fixes? Will the ISC implement similar policies with its INN and DHCP software in the foreseeable future, or is this something unique to BIND? -adam