lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 6 Oct 2011 16:00:35 -0400
From: Jeffrey Walton <noloader@...il.com>
To: secn3t@...il.com
Cc: full-disclosure@...ts.grok.org.uk, Valdis.Kletnieks@...edu
Subject: Re: New open source Security Framework

On Thu, Oct 6, 2011 at 3:36 PM, xD 0x41 <secn3t@...il.com> wrote:
> Hi Valdis,
> it is more complex than i thought...
> I do support open src, and am going to try and help the exploit pack, so, i
> hope that the maker is reading all of this and making some adjustments
> perhaps... alot of them actually.
> I did not think it was as complex as it has shown to be, but it indeed is.
GPL V3 is encumbered. Software released under it should not be
considered 'free' because of the entanglements. Its why Apple is stuck
at GCC 4.2 (and the reason they bought LLVM). Its the reason OpenBSD
and other projects don't want use GPL V3. Its simply not free software
under GPL V3.

> I am still abit worried though, of the actual NON free prouct, and then,
> what if you add to that, and he adds it to his paid-fopr app, or worse,
> doesnt even put it into the exploit-pack but, rather puts it into ONLY the
> paid product.
> Being .py script based code, it really has potential but the author has to
> get the GPL/lisencing in order and, make Insect pro and this product cleared
> up,asin to where your exploit code goes, will it stay there, or will it be
> added to his paid app... he could even be doing this, to get cheap exploits,
> to indeed put into the paid app... it is another possiblility, but, i do see
> he is putting in the hours, asin trying to make some changes to this app so
> it does work... so, for now, it is in public.
Perhaps an Apache or BSD style license would be a more appropriate choice.

http://www.gnu.org/licenses/
http://www.gnu.org/licenses/license-list.html

Jeff

> On 7 October 2011 01:09, <Valdis.Kletnieks@...edu> wrote:
>>
>> On Wed, 05 Oct 2011 19:04:24 -0300, Juan Sacco said:
>>
>> > Exploit Pack is licensed GPL let me copy & paste the 4 freedoms. I hope
>> > to
>> > do it well this time.
>>
>> Please note that one of the biggest complaints about the GPL is that it is
>> pretty much impossible to legally combine GPL code with code that has a
>> non-GPL-compatible license (which includes most proprietary code).  So you
>> need
>> to be careful about the origins and licensing on each and every line of
>> code
>> that you include from other sources.
>>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ