Wrt the bind-members forum being discussed to death elsewhere, nobody can pay
for early warnings. CERT will still be the source of early earnings. What
people can pay for (bind-members participation) is the legal fees associated
with NDA-level access to early fixes, if and only if they provide part of the
internet's basic infrastructure (e.g., OS vendors and TLD server operators).
I'm confused. I get the TLD server operators part. But you're saying
that you'd only give OS vendors access to this information. How long does
it take, say, Sun, to issue a patch update? Wouldn't it be much more
efficient, and useful, to issue the information directly to the people
using the software? How many people actually use the default vendor
You're now playing favorites with your software, which many people have
been using, and relying on, and helped you improve, for years. "Sorry,
you're not important enough to get any security notifications fast. Good
luck getting it when you get it".
You stated "part of the internet's basic infrastructure". Explain how
ISP's are not part of "the internet's basic infrastructure"?
I mean, if you're going to charge for it, and have NDA's, why not allow
anyone to pay for it? Depending on the price, if you're giving the info
to "selected people", I know i'd pay for it (well, depending on the
price). How do I know there's not going to be some script kiddie at Sun
or somewhere that gets a hold of the information before I do, and doesn't
care about an NDA?
Why not just go the sendmail.com route, if you're going to start charging,
and make it much clearer. "If you want support, etc, then pay us.
Otherwise, it's just Open Source, use at your own risk". IE, *let* people
make their own decision whether or not they feel it's worth the money.
Think what's bothering me is that you're playing favorites, which, after
so many people have been relying on bind for so long, just doesn't seem
fair. But, I know, life isn't fair.
All of a sudden this djbdns is starting to sound like an idea...