Subject: Re: Fwd: Re: Microsoft: Closed source is more secure
From: Seth Gordon <sethg@ropine.com>
Date: 3 May 2001 18:00:14 -0000

Speaking as someone who uses djbdns and subscribes to the dns@cr.yp.to
mailing list...

   > What is the problem with djbdns (apart from the fact that it is
   > not Free Software)?

   (a) personality of the author as seen in Internet postings (usenet/web pages)

Fortunately, once I figured out how to get the software working, I
didn't have to depend on the author's personality to keep it working.

   (b) poor documentation, if qmail is any indicator

I will admit that the following dialogue on the list seems all too common:

"How do I get djbdns to do X?"
"You fool!  Just read http://cr.yp.to/djbdns/random-page.html#random-section!"
"The documentation sucks!"
"If you can't read the documentation, you're too stupid to run a DNS server!"

However, I did manage to go from virtual ignorance of DNS to a server
that works well enough for my needs without pestering the list too
much, and I got sick enough of the above dialogue to volunteer to
write better documentation.  (If anyone on this list tried installing
or using djbdns and gave up because of the documentation, email me;
you'll make perfect test subjects, bwah-hah-hah.)

And lousy documentation seems to be a curse of the whole software
industry, not just djbdns.

   (c) odd way of writing source code, if qmail is any indicator

I've never tried reading the source, but the djbdns.org page lists a
number of patches that others have contributed to enhance the program,
so it can't be *too* incomprehensible.

   (d) odd build process, if qmail is any indicator

I installed djbdns as an OpenBSD port and had no trouble with it.

   (e) odd license and infrequent updates to official source (if qmail ....),
    which exacerbate the effects of b,c, and d.   

If there was a DNS server that had djbdns's reputation for security
and reliability *and* was distributed under a mainstream open-source
license, I would probably use it.  However, I'd rather use a program
barely outside of the Open Source Definition than use a program with
BIND's security record.


   Lynn

   -------------------------------------------------------

-- 
"Rav would never cross a bridge when an idolator was on it; he said, 'Maybe he
will be judged and I will be taken with him.'  Shmuel would only cross a
bridge when an idolator was on it; he said, 'Satan cannot rule two nations [at
once].'  Rabbi Yannai would examine [the bridge] and cross."  --Shabbat 32a
== Seth Gordon == sethg@ropine.com == http://ropine.com/ == std. disclaimer ==