lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 6 Oct 2011 02:34:06 -0700
From: "Zach C." <fxchip@...il.com>
To: Juan Sacco <juansacco@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: New open source Security Framework

Telling people to move their criticisms off of the (unmoderated) public
forum and into the private forum that you control (and can freely censor as
you see fit) is ridiculous.

Now, if you really did as root said and just grabbed peoples' code from
various public outlets and put it into your GPL product... *you really can't
do that*. First off, the copyright of the code does not belong to you. You
have to get permission or a separate license, *in writing*, *from the
original author of the code*. If they don't give it to you, you have to do
without or have someone cleanroom it for you (if you rewrite it yourself,
your clone is arguably contaminated by your previous exposure). And they
have to specifically authorize you to redistribute with the GPL license. If
*they've* distributed with GPL, you should be fine; if they've distributed
with nearly *any other license at all*, you have to get permission to
redistribute since most other licenses impose "additional restrictions"
which are specifically forbidden by the GPL. And if you're AT ALL unclear on
what the redistribution license for their code is, the safe choice is simply
to not redistribute. Just because someone puts their code out in public
doesn't mean you're allowed to put their code out in public as well.

As to your claim that "Exploit Pack is working without any foundation,
company, governement and money-giving guy," -- number one, you probably mean
'Venture Capitalist" when you say "money-giving guy." Number two, you seem
to be either the PR for or the head of the company that makes INSECT Pro,
correct? If INSECT Pro is your product and Exploit Pack is your *open source
* product, especially given the proximity of both tools in their field
(information security or whatever you want to call it), I would call this
claim quite a stretch, at best. You are providing some measure of similar
support for both products; how are you working to eliminate the conflict of
interest of pulling something from Exploit Pack into INSECT? Maybe I'm not
well-versed enough in your products, but I still do not believe it is
possible for you (personally!) to claim Exploit Pack as a personal pet
project when it's that close to the one you sell for money.

On Wed, Oct 5, 2011 at 9:06 PM, Juan Sacco <juansacco@...il.com> wrote:

> root_@...ertel.com : I know you don't have any experience with open source
> projects, but this is not the right way.
> Next time you should try doing it well.
>
> Go to GitHub and write the change your own. The community will moderate it
> and then you will see your proposal applied.
> To be clear. The license on the script you mention is the license for all
> the software not only for the script. Oki Dokie?
>
> 1. This is not a chatting room
> 2. This is not Exploit Pack Dev list
>
> Having that in mind:
>
> If you feel like you have to really make another nonsense question after
> you read all the thread.
> Then and just then. Send a email to Exploit Pack Dev list.
>
> Please check: http://exploitpack.com/faq
> And: http://www.gnu.org/licenses/gpl-3.0.html if you continue having
> question about GPL v3
>
> I already make a change on the git repository for you root
> root_@...ertel.com.ar and your friend xD 0x41  secn3t@...il.com, hope next
> time you expend two cent for this project.
>
> https://github.com/exploitpack/trunk/blob/master/<https://github.com/exploitpack/trunk/blob/master/Exploit%20Pack/exploits/code/EasyFTPServer1.7.11.py>
>
> #You should have received a copy of the GNU General Public License along
> with this program.
> #If not, see http://www.gnu.org/licenses/
>
> # Script Author: [Coder Name]
> # Thanks for let us use this script on Exploit Pack
>
> JSacco
>
>
> On Thu, Oct 6, 2011 at 12:34 AM, root <root_@...ertel.com.ar> wrote:
>
>> Juan,
>>
>> You don't have the faintest idea of how licencing works. You cannot slap
>> a GPL v3 license to any software you see, much less erase the author's
>> names. If you find a code in the internet without any license, you
>> pretty much can't touch it, and must re-implement it completely.
>>
>> Software business steal code all the time, but they don't release the
>> software for everybody to see!
>>
>> Next time instead of a few laughs at a list, you may get sued and lose
>> real money, you fool.
>>
>> Please learn how licensing works and just then republish all your code.
>>
>>
>> On 10/05/2011 06:25 PM, Juan Sacco wrote:
>> > If you want the right to demand certain things from the program, then go
>> BUY
>> > a program and do not harass people who are writing software for free, or
>> go
>> > and help the developers by writing the functionality yourself.
>> >
>> > Juan Sacco
>> >
>> > On Wed, Oct 5, 2011 at 6:32 AM, root <root_@...ertel.com.ar> wrote:
>> >
>> >> - * @author Stefan Zeiger (szeiger@...ocode.com)
>> >> - print "   Written by Blake  "
>> >> - <Information Author="Blake" Date="August 23 2011"
>> Vulnerability="N/A">
>> >>
>> >> +#Exploit Pack - Security Framework for Exploit Developers
>> >> +#Copyright 2011 Juan Sacco http://exploitpack.com
>> >> +#
>> >> +#This program is free software: you can redistribute it and/or modify
>> >> it under the terms of the
>> >> +#GNU General Public License as published by the Free Software
>> >> Foundation, either version 3
>> >> +#or any later version.
>> >> +#
>> >> +#This program is distributed in the hope that it will be useful, but
>> >> WITHOUT ANY WARRANTY;
>> >> +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
>> >> PARTICULAR
>> >> +#PURPOSE. See the GNU General Public License for more details.
>> >> +#
>> >> +#You should have received a copy of the GNU General Public License
>> >> along with this program.
>> >> +#If not, see http://www.gnu.org/licenses/
>> >>
>> >>
>> >>
>> >> Yeeeeeeees why not?
>> >>
>> >
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ