[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[fwd] Security information for dollars? (from: deraadt@CVS.OPENBSD.ORG)

----- Forwarded message from Theo de Raadt <deraadt@CVS.OPENBSD.ORG> -----

From: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
Date:         Wed, 31 Jan 2001 18:02:48 -0700
Subject:      Security information for dollars?
Reply-To: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>

What does the community think of this change in direction?

(Myself, I think it is a terrible idea to charge money for security
information access, and that closing BIND up like this is also going
to be harmful)


To: bind-announce@isc.org
Subject: PRE-ANNOUNCEMENT: BIND-Members Forum
Date: Wed, 31 Jan 2001 09:36:02 -0800
From: Paul A Vixie <Paul_Vixie@isc.org>
X-Approved-By: Ruth.Anne.Ladue@nominum.com
X-original-sender: Paul_Vixie@ISC.Org
X-List-ID: <bind-announce.isc.org>
X-DCC-MAPS-Metrics: isrv3.isc.org 668; IP=0/633557 env_From=0/3494
	From=0/3451 Subject=0/3451 Message-ID=0/3453 Received=0/3453
	Body=0/3451 Fuz1=0/3451

ISC has historically depended upon the "bind-workers" mailing list, and
CERT advisories, to notify vendors of potential or actual security flaws
in its BIND package.  Recent events have very clearly shown that there is
a need for a fee-based membership forum consisting only of:

	1. ISC itself
	2. Vendors who include BIND in their products
	3. Root and TLD name server operators
	4. Other qualified parties (at ISC's discretion)

Requirements of bind-members will be:

	1. Not-for-profit members can have their fees waived
	2. Use of PGP (or possibly S/MIME) will be mandatory
	3. Members will receive information security training
	4. Members will sign strong nondisclosure agreements

Features and benefits of "bind-members" status will include:

	1. Private access to the CVS pool where bind4, bind8 and bind9 live
	2. Reception of early warnings of security or other important flaws
	3. Periodic in-person meetings, probably at IETF's conference sites
	4. Participation on the bind-members mailing list

If you are a BIND vendor, root or TLD server operator, or other interested
party, I urge you to seek management approval for entry into this forum, and
then either contact, or have a responsible party contact, isc-info@isc.org.

Paul Vixie

----- End forwarded message -----

Thomas Roessler			    <roessler@does-not-exist.org>