lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040403225951.GA3424@nessus.org>
Date: Sun, 4 Apr 2004 00:59:51 +0200
From: Renaud Deraison <deraison@...sus.org>
To: Chris Wysopal <cwysopal@...take.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France


On Sat, Apr 03, 2004 at 08:42:52PM -0000, Chris Wysopal wrote:
> In-Reply-To: <20040402143855.27920.qmail@....securityfocus.com>
> Googling and translating the law gives this:
> 
> http://www.iris.sgdg.org/actions/lsi/evol/art35.html
> 
> After article 323-3 of the penal code, it is inserted article 323-3-1 thus
> written:
> 
> "Art. 323-3-1. - The fact of offering, of yielding or of placing at the
> disposal a data-processing program conceived to commit the offences
> envisaged by articles 323-1 to 323-3 is punished sorrows planned for the
> infringement itself or the infringement most severely repressed "

This is inaccurate - the link you gave comes from the initial version
of this article, which has been modified since then.

This article now reads (roughly translated) :

"Art. 323-3-1. - The fact of offering, of yielding or of placing at the
disposal a data-processing program conceived to commit the offences
envisaged by articles 323-1 to 323-3 is punished sorrows planned for the
infringement itself or the infringement most severely repressed "

This article is not applicable when the offering, the yelding or
the placing at disposal is justified by the needs of scentific or
technical research or by the needs of the security or protection
of communication networks or information systems"

[http://www.telecom.gouv.fr/internet/projet_len.html]

Of course, the "needs" in question are a purely subjective notion, 
which means that if a french citizen publishes an exploit, 
he must expects to argue in front of a judge why doing so was 
needed.




				-- Renaud


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ