lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <40E5D4AF.20605@sdf.lonestar.org>
From: bkfsec at sdf.lonestar.org (Barry Fitzgerald)
Subject: Web sites compromised by IIS attack

Denis Dimick wrote:

>>Per the Free Software model it does.  The key point here is that Red Hat 
>>is redistributing the code and making  a profit off of it.  It's Red 
>>Hat's choice regarding whether to redistribute said code.  Since they're 
>>making the money off of it, they have to support it.
>>
>>    
>>
>
>Sorry Barry but your wrong. If I burn a CD of a bunch of appliactions I 
>get off the net and sell it, then by what your saying I should be 
>supporting it? So then my ISP should support all the applications I get 
>off the net since they take my money and give me net access?
>
>  
>
No, I'm not wrong. 

The discussion is about who's responsible for support of said software.  
There's no obligation through the GNU GPL that support is required if 
money changes hands, however the point of the discussion is who's 
responsible for support of said software in a situation where the 
software produced is broken and supported.

Red Hat sells support.  The act of taking binaries and actively and 
intentionally redistributing them is a support service.

What type of support you get is contractual based on what you service 
level you "buy". 

When Red Hat redistributes Free Software and takes money for support, 
they become contractually liable to provide that support. 

This isn't the same situation as your net access example for three 
reasons: First, net access is a transmission medium.  ISP's are in the 
business of providing access to a service for use of that service, not 
in redistribution of software.  Second, the ISP isn't selling you a 
support contract for software acquired through using their service.  Red 
Hat does sell support contracts for software they redistribute.  Third, 
Red Hat can modify the software it's redistributing, making them the 
provider of said software.  The same can't be said for an ISP.

I suppose if you took my last sentence in the previous message in a 
bubble and without any context, yeah - it'd be wrong since the GNU GPL 
doesn't require that and has a no warranty clause.  However, I didn't 
think that you'd read the message that way.  Mea Culpa.


>
>Have to agree with you here. To me some of the software that they have 
>"bundled" into their CD's has been odd to say the least. 
>
>I fear that RH will probally try to become like M$ in the linux world. 
>
>
>  
>

Very unlikely.

As long as Red Hat complies with the GNU GPL (and they have and continue 
to do so) they're not going to end up that way.

It's the SCOs and MSs of the world that deserve your anger.  Save your 
energy for them.  :)

             -Barry



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ