lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <23995.1314795735@turing-police.cc.vt.edu>
Date: Wed, 31 Aug 2011 09:02:15 -0400
From: Valdis.Kletnieks@...edu
To: GloW - XD <doomxd@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: INSECT Pro - Free tool for pentest - New
	version release 2.7

On Wed, 31 Aug 2011 14:24:54 +1000, GloW - XD said:

> So basically once you sign over a GPL v2 , you sign over any right to misuse
> even the code wich you have written ?

That is indeed the basic point of the GPL - once you release something under
the GPL, everybody who receives a copy is free to use it for new and interesting
purposes, *including ones you don't approve of*.

Ever actually read the EULA on most commercial packages, where you end up
agreeing to onerous terms like "You agree to not badmouth our company in
public" and "you agree to not reverse engineer our code in order to make an
even better competing product and put us out of business" and so on?  That's
exactly what Stallman was trying to prevent with the GPL.

> i guess i thought this could be scrutinized outside of the GPL via means of
> a solicitor but, if the law is complacent about use and misse then, i guess
> thats that and your correct, i have actually yes, used myself the CC lisence
> and was thinking the gpl was just a simpler version but seems that is

Nope, it's not "just a simpler version".  The GPL has different goals than the
various CC licenses.  The CC tends to be very good at "I took this photo, it is
*mine*, and you're allowed to use it as long as you don't make money off it
that should be mine, or claim that you took it".  But that's because that was
the CC goal.

The GPL was expressly designed so that people could easily take GPL-licensed
software, fork it, and improve it - but then be unable to take the fork
closed-source the way you can with a BSD license.   It makes a *lot* more sense
if you don't think of the GPL as protecting *your* rights, but protecting the
*software's* right to be free and open. (No, software doesn't have its own
rights in the current legal system, but the logic is easier to follow if you
think of it as if it *did* have rights).

> probably safer to go wityh CC i guess there atleast you have some say over
> mis-use in cases where you specify wich docunments in particular, ie:
> sourcecode1.cpp,source2.cpp and v.cpp must not be modified... the rest could
> be.., for example.

Note that going that route has its own issues.  For instance, if the person
comes up with a really neat patch to foobar.cpp which speeds the program up by
400% by using a better algorithm, but it involves adding an extra parameter to
a function call located in source2.cpp, he may be stuck. Even more importantly,
if he finds a bug *in* source2.cpp, he may not be able to patch it because that
would be a modification. It also doesn't address using source2.cpp *without*
modification but for evil purposes.

(At least it's not as thoroughly broken as the Gnu Free Documentation License's
concept of "invariant sections" - consider something where the title page has
been declared an "invariant secton" - or even better, the 'List of Changes in
this version".  Hilarity ensues ;)

Also, there's actually a *range* of CC licenses, and it *is* possible to end up
in a situation where you want to do a remix mash-up of 4 things, but two of
them have incompatible licenses. For instance, if two both have "share-alike",
but one specifies "commercial use" and the other is "non-commerical", you will
have a really hard time distributing the result.

> Ohwell, that shoots any theory then of why it is even being mentioned in the
> list, other than to potentially harm all users of tightvnc src.

Bingo.  GPL violations potentially harm the users of the GPL'ed software who
don't receive their rights (which include a right to the source code so they can
fix/improve what you gave them).

Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ