How many of you use BIND in a commercial environment? How many of you actually contribute money back to the authors of BIND?
Commercial environment AND over 60% of my servers are Caldera Linux (<unabashed plug> VAR inside! </unabashed plug>). 100% of all binaries on those boxen are compiled in place and then the compilers are uninstalled.
Its all fine and good saying "When there's a security problem in BIND, I want to know and I want to know now!" but guys, if you want this wonderful level of support, either cough up some money to your software providers, or write it yourself. I might not agree with how Paul is going about it, but I understand his problems.
So do I, <yea, Paul!>. Managing an OpenSource project, with volunteer programmers, that can take off to smell different roses, anytime, is a royal PITA! It's much worse when you can't pay for it. The OpenSource model makes ALL of its money from service and support, while giving the code away for free. This is almost the exact opposite of the traditional model. If you want support, you should pay for it. If, that is, you want BIND to continue to exist. BTW, I've seen some folks denigrate BIND as not being properly OpenSource, but not all the world is GPL and GPL isn't the sole arbiter of OpenSource. BIND is one of the pioneering OpenSource projects and Paul, for leading that effort, is to be very much commended for it. If you want support, you should pay for it. In fact, even if you don't need support, you should pay for it anyway!