[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: FWD: [David_Conrad@isc.org: Re: Bind 8.2 and greater license?]


> I am the maintainer of the BIND packages for Debian.  We *did* raise the
> issue of the RSA license.  I'm surprised that you apparently didn't hear
> about it.

Paul mentioned there might be an issue, but I was not aware this was in
the context of Debian.
> If we mis-interpreted the email from Paul on the topic, and/or made some sort
> of mistake by talking to him about it instead of someone else... and the ISC
> *is* interested in supporting the ability to build a version of BIND that does
> not contain any of the code covered under the separate RSA source license,
> then that's great news.

Prior to the final release of 8.2, we had distributed BIND without the
RSA code due to export issues which were later resolved, so this isn't
particularly a big deal to us.  The only problem is that right now,
we're under the gun to get 8.2.2 final out ASAP due to a couple of
security issues, so adding another modification at this late date is a
bit ... painful.

> Changing the build process to allow BIND to be built both without the RSA code
> for distribution in our "main" tree and with everything included to be
> distributed in our "non-free" tree would be a good compromise.  

Would a "--no-rsa" option during configuration be workable?  

As an aside, you are aware that by not using RSA, you'll be increasing
the amount of CPU resources required to verify DNSSEC signatures by (I'm
told) an order of magnitude?  It might be nice if there was an effort
outside the US to develop an RSA plug in to the DST library so at least
people outside the US could muck about with DNSSEC and not need a

> It would be
> particularly good if we can solve this before the code freeze for Debian 2.2.
> Is it too late to hope for a change in BIND 8.2.2?

When is your code freeze date on 2.2?

Executive Director, ISC

Reply to: