> From: Peter Jeremy <peter.jeremyalcatel.com.au>
>
> >What does the community think of this change in direction?
>
> Given the importance of BIND to the Internet, I can see the benefits
> in having a closed group to handle security-related issues. As long
> as the membership is intended to provide a forum where security
> problems can be diagnosed and corrected without premature disclosure,
> it would seem to be a good idea.

That's the plan.

> If the intent is to provide a closed group with access to an `enhanced'
> BIND (and I don't believe it is), then I would be opposed to it.

That's NOT the plan.

> Overall, I have no problems with the creation of a "bind-members" group
> as long as:
> - The 'free' Unices (*BSD, various Linux distributions) are not
> (effectively) prevented from participating by requiring more than
> a nominal membership fee or other impediments.

That's the plan.

> - BIND source code remains freely available (at least for RELEASE and
> maybe BETA versions).

That's the plan.

> - Membership benefits do not include access to enhancements that are
> not publicly available

That's the plan.

> - Security fixes and announcements are made publicly available in a
> timely manner.

That's the plan. (Same as now: via CERT).

> - The NDA requirements only cover details of bugs prior to their
> public announcement. Once a fix has been publicly announced,
> members are free to discuss the details of the problem.

That's the plan.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]