your note about DNS and Debian on LWN
Hi John.
I just read your LWN backpage letter, http://lwn.net/1999/0916/backpage.phtml.
I'm the Debian BIND package maintainer. I am aware of no intention on the
part of Debian to undermine the goal of a public key infrastructure centered
on DNS. We simply cannot ship the RSA code in our distribution, temporarily
or permanently.
The real problem is that the way the ISC BIND 8.2.1 release integrated the RSA
code made it non-trivial for me to build a version that omitted the RSA code.
Thus, the net effect was that this version of BIND failed the DFSG, and had to
move from 'main' to 'non-free'. We commit to our users through our Social
Contract that everything in 'main' meets the terms of the DFSG. We maintain
the non-free tree on our FTP servers (but typically it does not get included
on CDROM copies of the distribution) precisely to handle the case of software
we'd like to include but which has licensing issues.
I frankly saw moving BIND from main to non-free as not being a big deal, since
I assumed it would all get resolved when the RSA patent expires. Others were
more upset about the situation, but when made aware of the issues, mostly
agreed to adopt a wait-and-see attitude. A reference to the move from main
to non-free in our weekly Debian newsletter got picked up by LWN, who
contacted both Debian and the ISC for more information before running their
story.
I'm really pleased with the response from the ISC since the LWN story. Their
willingness to support a 'norsa' option in 8.2.2 resolves the DFSG issue
cleanly, and will allow me to put BIND 8.2.2 (sans RSA code) in the Debian
main tree long before the RSA patent expires.
Whether Debian developers will be motivated to assist with the development of
alternative crypto code for BIND remains to be seen. Your points in that
regard are well taken.
Bdale
Reply to: