[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bind 8.2 and greater license?

On Thu, Sep 09, 1999 at 12:58:36 -0700, David R. Conrad wrote:
> > Changing the build process to allow BIND to be built both without the
> > RSA code for distribution in our "main" tree and with everything
> > included to be distributed in our "non-free" tree would be a good
> > compromise.  
> Would a "--no-rsa" option during configuration be workable?  

We don't allow non-free source to be part of Debian proper ("main"). If a
"--no-rsa" option is feasible for you, it indicates that it is most likely
feasible for us to produce a tarball with the non-free code removed so we
can have bind in "main". Of course, we would prefer it if in the end you
were to do this yourself (by having a free bind source, and the non-free RSA
code in a separate add-on), but AFAICT "--no-rsa" would be a workable

> As an aside, you are aware that by not using RSA, you'll be increasing
> the amount of CPU resources required to verify DNSSEC signatures by (I'm
> told) an order of magnitude?

I'm not very familiar with DNS, but looking at
http://www.faqs.org/rfcs/rfc2535.html the alternative algorithms specified
(DH, DSA) are well-known public key / digital signature ones; I doubt they
need so much more resources than RSA.

> > It would be particularly good if we can solve this before the code
> > freeze for Debian 2.2. Is it too late to hope for a change in BIND
> > 8.2.2?
> When is your code freeze date on 2.2?

That's difficult to tell, but certainly not earlier than November.

Tevens ben ik van mening dat Nederland overdekt dient te worden.

Reply to: