On Monday 21 January 2002 12:39, Kurt Seifried wrote:

It got bad enough that OpenBSD dropped his software from _ports_.

Plus most of his software stagnates quite quickly, and he doesn't officially accept contributions, so you end up missing basic functionality that is addressed by third party (unaudited typically) patches.

Doesn't DJB also use a very awkward license? Reading through his comments, on other software in the links posted, was enough actually to put me off DJB's software. Hard to imagine him fielding security concern found by another very sympathetically. There's a lot of hype about, it's better to review the track record on advisories of the major packages yourself, and see what the problems really are, and how frequent. Was there a spate of them after a rewrite, or before for example, how much scrutiny does the software get, and is it widely used? Rob

On Monday 21 January 2002 12:39, Kurt Seifried wrote:

...

It got bad enough that OpenBSD dropped his software from _ports_.

That is not too hard. And it was not done for security issues but because of philosophies concerning the position of programms in the filesystem. Mr. de Raadt has his own way to communicate that I personaly believe to be offending making me avoid any discussion with him. Mr. Bernstein, too, is shurely not the easiest communication partner. Everyone could tell that sooner or later DJB software would no longer be part of the OpenBSD ports. No problem.

This is also true for Linux vendors. Relying ons oftware that is not free is a bad idea, for example IBM's open sourc elicense included a revocaiton clause, until that was removed very few large players used postfix.

Now, to be a little on topic, any security problems so far with bind9? I use

I posted a link to the isc page, none so far.

DJBDNS but some customers prefer bind, so is it necessary or wise to install bind 9.1.0 instead of bind 8x?

I would. Bind 9 was a rewrite, there are likely sitll bugs lurking in 8.x.

TIA

mike

-Kurt