Hi John. I just read your LWN backpage letter, http://lwn.net/1999/0916/backpage.phtml.
I'm the Debian BIND package maintainer. I am aware of no intention on the part of Debian to undermine the goal of a public key infrastructure centered on DNS. We simply cannot ship the RSA code in our distribution, temporarily or permanently. The real problem is that the way the ISC BIND 8.2.1 release integrated the RSA code made it non-trivial for me to build a version that omitted the RSA code. Thus, the net effect was that this version of BIND failed the DFSG, and had to move from 'main' to 'non-free'. We commit to our users through our Social Contract that everything in 'main' meets the terms of the DFSG. We maintain the non-free tree on our FTP servers (but typically it does not get included on CDROM copies of the distribution) precisely to handle the case of software we'd like to include but which has licensing issues. I frankly saw moving BIND from main to non-free as not being a big deal, since I assumed it would all get resolved when the RSA patent expires. Others were more upset about the situation, but when made aware of the issues, mostly agreed to adopt a wait-and-see attitude. A reference to the move from main to non-free in our weekly Debian newsletter got picked up by LWN, who contacted both Debian and the ISC for more information before running their story. I'm really pleased with the response from the ISC since the LWN story. Their willingness to support a 'norsa' option in 8.2.2 resolves the DFSG issue cleanly, and will allow me to put BIND 8.2.2 (sans RSA code) in the Debian main tree long before the RSA patent expires. Whether Debian developers will be motivated to assist with the development of alternative crypto code for BIND remains to be seen. Your points in that regard are well taken. Bdale
