Survey on the impact of software regulation on DNS systems

[Marcus Kool]

I participated in the survey and think it is good to also have a public discussion.

Users of Open Source projects are responsible themselves for what they use.  You want to use a free image editor? fine, go ahead!

I use FOSS and also produce a FOSS package.
What I find reasonable for a FOSS package is:
- clear instructions on how to build the software
- use or provide a stable software repository
- respond to serious software issues; response may be fix, workaround, or statement of "will not fix" but must respond within 5 business days.
- clearly communicate what functionality the software offers and what level(s) of support a user is given.
Privacy etc. is already regulated so does not need attention here.

Of course we can add a long list of wishes and nice to haves but IMHO this list should not be regulated since it has a high potential to kill open source projects.

There might be persons who consider Linux/bind/project-XYZ "critical" and therefore think these projects must be regulated or else bad things happen...
If a government wants to impose rules for special/critical software that cost time or money for these open source projects, then the government must be as restrictive as possible with regulation, must 
pay for all costs to comply to these rules to the open source projects, and must have patience for implementation of compliance.  Note that the government does not have to regulate open source 
projects; it may also allocate a budget to develop an alternative for the open source software without impacting existing open source software.

Marcus



On 28/01/2025 17:26, Victoria Risk wrote:
> Hello BIND users-
> Did you know that there is significant momentum building to regulate software, including open source, in at least Europe and the US (and possibly elsewhere as well), in order to improve 
> cybersecurity? Do you think this regulation will improve cybersecurity for your operations? What are the opportunities and pitfalls you can envision?
> Some of you use open source DNS implementations every day. Please take a few minutes to share any positive or negative impacts of regulation you anticipate on the infrastructure you support. Your 
> comments will be summarized, and may be quoted directly (anonymously) in a report that the ICANN SSAC will provide to regulators and policy makers who are developing regulations for open source.
>
> Thank you for taking the time to support this effort.
>
> Vicky
> ---- ICANN's Security and Stability Advisory Committee [1] is attempting to document the operational reliance on Free and Open Source Software (FOSS) in the Internet’s domain name infrastructure to 
> inform policy discussions regarding the security of software and critical infrastructure. Our work aims aim to clear up misinformed assumptions by regulators and policy makers that may threaten the 
> FOSS development and supply model, impacting operators of the Internet’s domain and routing systems. Our report will be published on the ICANN website [2], with a target publication date in June. 
> The survey will be closed for new submissions at the end of February. [1] https://www.icann.org/en/ssac[2] https://www.icann.org/en/ssac/publications# What is SSAC? The Security and Stability 
> Advisory Committee advises the ICANN community and ICANN Board on security and integrity matters related to Internet naming and address systems. We perform ongoing threat assessment and risk 
> analysis to assess principal threats to stability and security of these systems. SSAC publications are available from https://www.icann.org/en/ssac/publications# Anonymous? We use the European 
> Commission's EUsurvey tool, configured not to log IP addresses or other information with the potential to identify you. Your (anonymous) comments may be reprinted as entered in the report, if there 
> is personally identifying information / personal data included in your comments, we will edit that from your remarks. -- Vicky Risk
> Product Manager, ISC.org <http://isc.org/>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20250129/ad1e0fb8/attachment-0001.htm>