On Sat, 3 Feb 2001, Jeffrey Meltzer wrote:
I mean, if you're going to charge for it, and have NDA's, why not allow anyone to pay for it? Depending on the price, if you're giving the info to "selected people", I know i'd pay for it (well, depending on the price). How do I know there's not going to be some script kiddie at Sun or somewhere that gets a hold of the information before I do, and doesn't care about an NDA?
Obviously, they don't want people signing up who are only interested in the information for cracking purposes...but I find it very hard to believe vendors can be notified without vulnerability info being leaked. How many people at how many vendors are going to get early warning of the next big hole? Do you really think they're going to be able to put in the time to get the update ready ASAP without the fact that a new hole exists being leaked? I don't. Does anyone know yet what they plan to charge or if they even plan to charge uniformly? By "not-for-profit" members, do they mean actual legal (for tax purposes) non-profit organizations, or just anyone who doesn't directly profit from use/distribution of BIND? When GateD went this route, I was able to get an A&R (Academic and Research) license for free...but that license prevented me from actually using the restricted gated code at work. Will ISC be as free with the free memberships as the GateD Consortium was?
All of a sudden this djbdns is starting to sound like an idea...
Except he's got his own set of restrictions that make it a PITA to rely on his code. -- ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________