原來 ISC 自己已經不用 ISC license 了

查資料的時候翻到「ISC Software Licenses」這頁,發現從 2015 年開始 ISC 就打算換掉原先的 ISC license,陸陸續續都轉移到 MPL 2.0...

在維基百科的頁面上可以看到一些說明,包括 KeaBINDISC DHCP 都已經換完了:

In 2015, ISC announced they would release their Kea DHCP Software under the Mozilla Public License 2.0, stating, "There is no longer a good reason for ISC to have its own license, separate from everything else". They also preferred a copyleft license, stating, "If a company uses our software but improves it, we really want those improvements to go back into the master source". Throughout the following years, they re-licensed all ISC-hosted software, including BIND in 2016 and ISC DHCP Server in 2017.

不過 INN 還是維持著 ISC license,應該是因為不算是 ISC 的正式產品?

ISC 將 BIND 之後的開發主導權轉移給社群

ISCBIND 的主導權轉移到社群上,並且改名為 bundy:「ISC releases BIND 10 1.2, renames it, and turns it over to community」。

開發也將轉移到 GitHub 上,不過看起來 bundy 的名字已經被用掉了,不知道會用哪個 organization name...

Google 將發現安全問題的獎勵延伸到 Open Source 專案上...

Slashdot 上看到 Google 將發現安全問題的獎勵從自家產品延伸到 Open Source 專案上:「Google Offers Cash For Security Fixes To Linux and Other FOSS Projects」。

官方的公告在「Going beyond vulnerability rewards」,規則則是在「Patch Rewards – Application Security – Google」。

初期限制在這些專案上:(直接複製過來)

  • Core infrastructure network services: OpenSSH, BIND, ISC DHCP
  • Core infrastructure image parsers: libjpeg, libjpeg-turbo, libpng, giflib
  • Open-source foundations of Google Chrome: Chromium, Blink
  • Other high-impact libraries: OpenSSL, zlib
  • Security-critical, commonly used components of the Linux kernel (including KVM)

獎勵金額從 USD$500 到 USD$3133.7,這邊的 31337 應該是出自「Leet」吧...

這算是一種回饋社群的方式...