lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200407031239.04908.fulldisc@ultratux.org>
From: fulldisc at ultratux.org (Maarten)
Subject: Web sites compromised by IIS attack

On Friday 02 July 2004 23:33, Barry Fitzgerald wrote:
> Denis Dimick wrote:
> >>Per the Free Software model it does.  The key point here is that Red Hat
> >>is redistributing the code and making  a profit off of it.  It's Red
> >>Hat's choice regarding whether to redistribute said code.  Since they're
> >>making the money off of it, they have to support it.
> >
> >Sorry Barry but your wrong. If I burn a CD of a bunch of appliactions I
> >get off the net and sell it, then by what your saying I should be
> >supporting it? So then my ISP should support all the applications I get
> >off the net since they take my money and give me net access?
>
> No, I'm not wrong.
>
> The discussion is about who's responsible for support of said software.
> There's no obligation through the GNU GPL that support is required if
> money changes hands, however the point of the discussion is who's
> responsible for support of said software in a situation where the
> software produced is broken and supported.
>
> Red Hat sells support.  The act of taking binaries and actively and
> intentionally redistributing them is a support service.

Well that is open to debate.  If I just download Redhat, they make no money 
off me.  Do they still have to fix my software then ? Are they responsible ?

I'll give you a couple of scenarios, you decide what you do in each case.

A guy walks in front of you. You see him throwing a sandwich in the bin. So 
you take it out and eat it, and subsequentially you get food-poisoning. Will 
you blame the guy ?  And if so, do you have any legal recourse to do so ?

Next, an unknown fellow hands you a sandwich saying he's not hungry anymore.
The same thing happens, you get sick off it.  Now do you blame / sue ?
(Let's assume he did not know the food had gone bad and acted in good faith)

Same scenario, but this time it is a friend who hands you the sandwich.
Do you sue him ?  Or do you perhaps sue the shop where he bought it ?
Can you even hold him responsible, seeing as he acted in good faith ?

Next scenario, someone sells you the sandwich, for 5 cents. You frown upon the 
exceptionally low price but you thank him and eat it nevertheless. Yada yada.

Last scenario, which you already know, you buy the sandwich at a normal price.
Do you sue in this case ?

Note: I don't have all the answers to the above... just some food (pun not 
intended) for thought...

Maarten


> What type of support you get is contractual based on what you service
> level you "buy".
>
> When Red Hat redistributes Free Software and takes money for support,
> they become contractually liable to provide that support.
>
> This isn't the same situation as your net access example for three
> reasons: First, net access is a transmission medium.  ISP's are in the
> business of providing access to a service for use of that service, not
> in redistribution of software.  Second, the ISP isn't selling you a
> support contract for software acquired through using their service.  Red
> Hat does sell support contracts for software they redistribute.  Third,
> Red Hat can modify the software it's redistributing, making them the
> provider of said software.  The same can't be said for an ISP.
>
> I suppose if you took my last sentence in the previous message in a
> bubble and without any context, yeah - it'd be wrong since the GNU GPL
> doesn't require that and has a no warranty clause.  However, I didn't
> think that you'd read the message that way.  Mea Culpa.
>
> >Have to agree with you here. To me some of the software that they have
> >"bundled" into their CD's has been odd to say the least.
> >
> >I fear that RH will probally try to become like M$ in the linux world.
>
> Very unlikely.
>
> As long as Red Hat complies with the GNU GPL (and they have and continue
> to do so) they're not going to end up that way.
>
> It's the SCOs and MSs of the world that deserve your anger.  Save your
> energy for them.  :)
>
>              -Barry
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

-- 
Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ