Subject: Re: Microsoft: Closed source is more secure
From: Norbert Bollow <nb@thinkcoach.com>
Date: Thu, 3 May 2001 09:23:32 +0200

Werner Koch <wk@gnupg.org> wrote:
> > > Responsible admins don't use wu-ftp or other programs with a large
> > > record of security pitfalls.  Well, Bind is a problem because there
> > > is no other conforming and usable alternative available.

I replied:
> > What is the problem with djbdns (apart from the fact that it is
> > not Free Software)?

Lynn Winebarger <owinebar@free-expression.org> responded:
> (a) personality of the author as seen in Internet postings (usenet/web pages)
> (b) poor documentation, if qmail is any indicator
> (c) odd way of writing source code, if qmail is any indicator
> (d) odd build process, if qmail is any indicator
> (e) odd license and infrequent updates to official source (if qmail ....),
>     which exacerbate the effects of b,c, and d.

All of these are valid points even though they don't say
anything against djbdns being a secure, very usable and
RFC-conforming alternative to BIND.

DJB's standards in the area of security are so much higher than
those of almost everyone else that I think that it is certainly
understandable that he does some things in unusual ways.  I am
not a fan of DJB, but I feel that we in the Free Software
movement should seek ways to raise our standards in the area of
security instead of criticising DJB for using "odd" ways.
I will continue to use djbdns until a Free Software alternative
is available which is at least of similar quality.

Greetings, Norbert.

-- 
Norbert Bollow, Weidlistr.18, CH-8624 Gruet (near Zurich, Switzerland)
Tel +41 1 972 20 59       Fax +41 1 972 20 69        nb@thinkcoach.com
> Currently recruiting:  Perl programmers  and  JSP (JavaServer Pages)
> programmers for the "Traffic Building Bulletin Board System" project
> at FreeDevelopers.Net    ------------------>    See http://tbbbs.org