[Bug 480724] Review Request: djbdns - A Domain Name System by D. J. Bernstein

bugzilla at redhat.com bugzilla at redhat.com
Fri Mar 6 22:22:17 UTC 2009


Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=480724


Rick Moen <rick at linuxmafia.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |rick at linuxmafia.com




--- Comment #27 from Rick Moen <rick at linuxmafia.com>  2009-03-06 17:22:15 EDT ---
My thanks to Prasad for working on this.

1. Did I miss a trick during software build, or does Prasad's tarball
Makefile so far build/install only dnscache, and not the six other
binaries?  (I've not looked closely; I just did ./configure; make; make
install.)

2. From a very quick glance, I think Prasad has not yet applied quite a
number of patches often recommended to fix djbdns and bring it up to
current standards -- some of those fixing significant security issues.  I have
a list at
http://linuxmafia.com/faq/Network_Other/dns-servers.html#djbdns-patches ,
and link to Jonathan de Boyne Pollard's and tinydns.org's separate pages.

3.  It would be good if you could work with Mark Johnson (zinq-djbdns)
and Gerrit Pape (Debian djbdns/dbndns).  Although Dan is finally talking
about an 1.06 version solely to fix the recent AXFR security problem, it
seems highly likely that he'll ignore most other fixes, notably those he
is known to dislike (e.g., FHS, GNU make-tools, system headers, manpages,
IPv6, default dependency on ucspi-tcp and daemontools).  So, a robust
upstream elsewhere is crucial.

4.  I applaud the measures Prasad is taking and says he'll take to make
sure Dan's role remains properly credited and that people can find the
non-copylefted upstream source if they want it.  I second Mark Johnson
in strongly suggesting care to credit other prior contributors,
irrespective of obligation.

5.  While wishing to avoid licence discussion here, I'll point out that
"public domain" dedications have known legal problems albeit Dan's is
probably good enough in context.  My analysis:
http://linuxmafia.com/faq/Licensing_and_Law/public-domain.html Perhaps
Red Hat Legal should be consulted, though.  (Whether his
purporting to do that actually has the intended legal effect is subject
to some doubt.  Tom, yes, Dan does "understand" the portion of the law
that he wants to acknowledge, but he's selective in what he
acknowledges, and argues rather illogically with genuine experts like 
Larry Rosen when they say things he finds convenient.)

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.




More information about the Fedora-package-review mailing list