|
List Info
Thread: License issues with metasploit-framework
|
|
| License issues with metasploit-framework |
|
2006-07-18 11:38:37 |
Hi, there is an open ITP on metasploit-framework (#323420),
and the
owner Luciano asked me to contact this list about some of
the license
issues involved with the package.
At the moment the framework is at version 2, and is released
under a
dual license of GPL v2 and Perl Artistic.
There are a lot of contributed files in the package. Most
have the
following header
; This file is part of the Metasploit Exploit
Framework
; and is subject to the same licenses and copyrights
as
; the rest of this package.
and some have no license header. There are a few that say
the following
# This file is part of the Metasploit Framework and may be
redistributed
# according to the licenses defined in the Authors field
below. In the
# case of an unknown or missing license, this file defaults
to the same
# license as the core Framework (dual GPLv2 and Artistic).
The latest
# version of the Framework can always be obtained from
metasploit.com.
There is one with
* The contents of this file constitute Original Code as
defined in and
* are subject to the Apple Public Source License Version
1.1 (the
* "License"). You may not use this file except
in compliance with the
* License. Please obtain a copy of the License at
* http://www.apple.co
m/publicsource and read it before using this file.
*
* This Original Code and all software distributed under the
License are
* distributed on an "AS IS" basis, WITHOUT
WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH
WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF
MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.
Please see the
* License for the specific language governing rights and
limitations
* under the License.
which the archives seem do suggest is not DFSG-free.
There is a zlib implementation with the following license
===
This software is provided 'as-is', without any express or
implied
warranty. In no event will the authors be held liable for
any damages
arising from the use of this software.
Permission is granted to anyone to use this software for
any purpose,
including commercial applications, and to alter it and
redistribute it
freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented;
you must
not
claim that you wrote the original software. If you use
this
software
in a product, an acknowledgment in the product
documentation would
be
appreciated but is not required.
2. Altered source versions must be plainly marked as such,
and must
not be
misrepresented as being the original software.
3. This notice may not be removed or altered from any
source
distribution.
===
And my favourite
# Yo yo, this be da socketNinja.
# Alpha-2.0 release
# Distribute and get a visit from tireIronNinja
which I don't think is free.
There are also binary files distributed in the tarball,
these are not
meant to be compiled, as they are for executing on the
target computer.
I'm not sure how this sits, as they are obviously not the
preferred form
of modification, and some don't include the source they
were compiled
from.
Now, we could contact upstream and get them to include
proper headers
etc., but I wanted to know how much of this was unsuitable
for
distribution, as if it leaves a severely crippled package
then it's not
really worth it.
Also upstream are working on version 3 which is in alpha
now. The decided
to change the license to The Metasploit Framework License
v1.0.
http://www.metasploit.com/projec
ts/Framework/msf3/download.html?Release=alpha-r3
===
The Metasploit Framework License v1.0
Copyright (C) 2006 Metasploit LLC
Definitions
a. "License" means this particular version
of this document (or,
where specifically indicated, a successor iteration of the
License
officially issued/announced by the Developer).
b. "Software" means any software that is
distributed under the terms
of this License.
c. "Extension" means any enhancement to the
Software that does not
require modification of the Software itself.
"Extensions" include any
module or plug-in that is intended (by design and coding)
to, or can, be
dynamically loaded by the Software.
d. "Developer" means the then-current
copyright holder(s) of the
Software, including, but not limited to, the Metasploit
personnel and
any third-party contributors (or their
successor[s]/transferee[s])).
e. "Documentation" means any end user,
technical/programmer, network
administrator, or other manual(s), tutorial(s), or code
sample(s)
provided or offered by Developer with the Software,
excluding those
items created by a third party.
f. "Use" means to download, install, access,
copy, execute, sell, or
otherwise benefit from the Software (directly or indirectly,
with or
without notice or knowledge of the Software's incorporation
or
utilization in any larger application or product).
g. "You" means the individual or
organization that is using the
Software under the conditions of the License.
h. "Interface" means to execute, parse, or
otherwise benefit from
the use of the Software.
i. "Interaction Software" means any external
software program or
library that interfaces with, but is not a component or
subset of, the
Software.
License Grants
1. Provided that You both agree to and do comply with
any and all
conditions and requirements in this License, You are granted
the
non-exclusive rights specified in this License. Use of any
of the
Software in any form and to any extent signifies acceptance
of this
License. If You do not agree to all of these terms, then do
not use the
Software and immediately remove all copies of the Software,
the
Documentation, and any other items provided under the
License.
2. Provided that -each- of the following necessary,
express
conditions are met, You may copy and distribute the
Software:
a. The Software that You received is distributed
unmodified,
including but not restricted to You maintaining (and not
supplementing,
removing, or modifying) the same copyright, trademark
notices and
disclaimers in the exact wording as released by the
Developer.
b. The Software is distributed without any charge,
beyond (at
Your option) the reasonable costs of data transfer or
storage media. You
may -not- (i) sell, lease, rent, or otherwise charge for the
Software,
(ii) include any component or subset of the Software in any
commercial
application or product, or (iii) sell, lease, rent, or
otherwise charge
for any appliance (i.e., hardware, peripheral, personal
digital device,
or other electronic product) that includes any component or
subset of
the Software.
3. You -may- use the Software to provide some service(s)
and charge
for the service(s), provided that the recipient of the
service is
clearly informed in writing (including via electronic notice
or
on-screen display, without paper notice) of both (a) the
existence,
name/trademark, and use of the Software in relation to the
service and
(b) where the recipient of the service may obtain a copy of
the Software
(e.g., refer them to www.metasploit.com).
4. You may make modifications (i.e., additions) to the
Software and
distribute Your modifications, but solely in a form that is
-separate-
from the Software, such as patches. The following
restrictions apply to
modifications:
a. Modifications must not alter, supplement, or
remove any
copyright, trademark, or other proprietary right(s) or legal
notices or
licensing terms displayed by or provided with the Software.
b. When any modification to the Software is released
by You
under this License, You hereby grant and agree to grant a
non-exclusive
royalty-free right, to both (i) the Developer and (ii) any
of
Developer's later licensees, successors, or partners, to
distribute Your
modification(s) in future versions of the Software provided
that such
versions remain available under the terms of this License
(or any other
later-adopted license(s) of the Developer).
5. You may develop Extensions to the Software and
distribute these
Extensions under any license You see fit, as long as -each-
of the
following conditions are met:
a. The Extension, when installed with the Software,
must -not-
modify any of the behavior (change the display, modify the
available
commands, etc) of the Software until the user explicitly
requests (e.g.,
by invoking or exercising a command or feature are a screen
display or
other express notification of the new code's existence and
function)
that the Extension should be activated.
b. The Extension may programmatically execute (e.g.,
call a
method) code provided by this Software, but may not include
or create
copies of the Software (modified or otherwise) in the
Extension itself.
c. The Extension may -not- modify the user interface
or output
of the Software such that the Software copyright(s),
licensing terms, or
title of the Software is/are no longer visible to the user
or are
changed or supplemented.
6. You may develop external software components that
interface with
the Software and distribute these components, provided that
-each- of
the following conditions are met:
a. The external software component is distributed
without any
charge beyond the reasonable costs of data transfer or
storage media.
You may not sell the external software component or sell an
appliance
that includes the software component.
b. The external software component clearly indicates
to the
user, via the user interface and/or program output, both (a)
the role of
the Software in the component and (b) where the user may
obtain a copy
of the Software.
c. The external software component does not modify,
supplement,
or obscure the user interface or output of the Software such
that the
title of the Software, the copyrights and trademark notices
in the
Software, or the licensing terms of the Software are
removed, hidden, or
made less likely to be discovered and read.
Online Updates
The Software includes the ability to download updates
(i.e.,
additional code) from the Developer's server(s). These
updates may
contain bug fixes, new functionality, updated Documentation,
and/or
Extensions. When retrieving these updates, the Software may
transmit the
Software version and operating system information from Your
computer to
the update server. The server may record (store) this
information, in
conjunction with the IP (global Internet Protocol) address
of the user,
in order to attempt to maintain accurate end user / version
statistics.
By using the online update feature, You hereby agree to
allow this
information to be transmitted, recorded, and stored in any
nation by or
for the Developer.
Proper Use
As an express condition of this License, You agree that
You will use
the Software -solely- in compliance with all then-applicable
local,
state, national, and international laws, rules and
regulations as may be
amended or supplemented from time to time, including any
then-current
laws and/or regulations regarding the transmission and/or
encryption of
technical data exported from or imported into Your country
of residence.
Violation of any of the foregoing may result in immediate,
automatic
termination of this License without notice, and may subject
You to
state, national and/or international penalties and other
legal
consequences.
Copyright and Trademark
Product names, words or phrases mentioned in this
License or the
Software may be trademark(s) or servicemark(s) of the
Developer
registered in certain nations and/or of third parties. You
may not alter
or supplement the copyright or trademark notices as
contained in the
Software.
License Termination
This License is effective until terminated. This License
will
terminate immediately without notice from the Developer if
You breach or
fail to comply with any provision of this License. Upon such
termination
You must destroy the Software, all accompanying written
materials, and
all copies thereof.
Limitations of Liability
In no event will the Developer, any contributor, owner,
or licensee,
or any third party affiliated with Developer be liable to
You or any
third party for any consequential, incidental, indirect or
special
damages whatsoever (including, without limitation, loss of
expected
savings, loss of confidential information, presence of
viruses, damages
for loss of profits, business interruption, loss of business
information
and the like or otherwise) or any related expense whether
foreseeable or
not, arising out of the use of or inability to use or any
failure of the
Software or accompanying materials, regardless of the basis
of the claim
and even if the Developer or a Developer's representative
has been
advised of the possibility of such damage, and even in the
event of the
failure of an exclusive remedy. You hereby acknowledge, by
using the
Software, the reasonability of this liability limitation
provision, that
Developer would not offer the Software without the inclusion
and
enforceability of this provision, and that You (and not the
Software)
are solely responsible for Your network, data, and
application security
testing, planning , audits, updates, and training, which
require regular
analysis, supplementing, and expertise.
No Warranty
The Software and this License document are provided AS
IS with NO
WARRANTY OF ANY KIND, INCLUDING THE WARRANTY OF DESIGN,
MERCHANTABILITY,
TITLE, OR FITNESS FOR A PARTICULAR PURPOSE.
Indemnification
You agree to indemnify, hold harmless, and defend the
Developer and
Developer's owners, contributors, agents, and business
partners from and
against any and all claims or actions including reasonable
legal
expenses that arise or result from Your use of or inability
to use the
Software. Developer agrees to notify You and reasonably
cooperate with
Your defense of any third party claim triggering such
indemnification.
Miscellaneous
If any part of this License is found void and
unenforceable, it will
not affect the validity of the balance of the License, which
shall
remain valid and enforceable to the maximum extent according
to its
terms.
Choice of Law; Venue
The License will be construed, interpreted and governed
by the laws
of Texas, USA, without regard to its conflict of law rules.
Any
litigation related to this License must be filed and heard
in the courts
for Travis County, Texas.
To download version 3.0 of the Metasploit Framework, you
must
acknowledge your acceptance of this license by clicking the
'Accept this
License' button below.
===
The webpage requires a click through of this license to get
the source.
How does this license look? If it is DFSG-free, then the
best option is
probably to package this version.
Apologies for dumping everything here, but I want to be
clear about the
legal issues before proceeding.
Thanks,
James
--
James Westby
jw+debian jameswestby.net
http://jameswestby.net/
--
To UNSUBSCRIBE, email to debian-legal-REQUESTlists.debian.org
with a subject of "unsubscribe". Trouble?
Contact listmasterlists.debian.org
|
|
| License issues with metasploit-framework |
|
2006-07-18 11:38:37 |
Hi, there is an open ITP on metasploit-framework (#323420),
and the
owner Luciano asked me to contact this list about some of
the license
issues involved with the package.
At the moment the framework is at version 2, and is released
under a
dual license of GPL v2 and Perl Artistic.
There are a lot of contributed files in the package. Most
have the
following header
; This file is part of the Metasploit Exploit
Framework
; and is subject to the same licenses and copyrights
as
; the rest of this package.
and some have no license header. There are a few that say
the following
# This file is part of the Metasploit Framework and may be
redistributed
# according to the licenses defined in the Authors field
below. In the
# case of an unknown or missing license, this file defaults
to the same
# license as the core Framework (dual GPLv2 and Artistic).
The latest
# version of the Framework can always be obtained from
metasploit.com.
There is one with
* The contents of this file constitute Original Code as
defined in and
* are subject to the Apple Public Source License Version
1.1 (the
* "License"). You may not use this file except
in compliance with the
* License. Please obtain a copy of the License at
* http://www.apple.co
m/publicsource and read it before using this file.
*
* This Original Code and all software distributed under the
License are
* distributed on an "AS IS" basis, WITHOUT
WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH
WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF
MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.
Please see the
* License for the specific language governing rights and
limitations
* under the License.
which the archives seem do suggest is not DFSG-free.
There is a zlib implementation with the following license
===
This software is provided 'as-is', without any express or
implied
warranty. In no event will the authors be held liable for
any damages
arising from the use of this software.
Permission is granted to anyone to use this software for
any purpose,
including commercial applications, and to alter it and
redistribute it
freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented;
you must
not
claim that you wrote the original software. If you use
this
software
in a product, an acknowledgment in the product
documentation would
be
appreciated but is not required.
2. Altered source versions must be plainly marked as such,
and must
not be
misrepresented as being the original software.
3. This notice may not be removed or altered from any
source
distribution.
===
And my favourite
# Yo yo, this be da socketNinja.
# Alpha-2.0 release
# Distribute and get a visit from tireIronNinja
which I don't think is free.
There are also binary files distributed in the tarball,
these are not
meant to be compiled, as they are for executing on the
target computer.
I'm not sure how this sits, as they are obviously not the
preferred form
of modification, and some don't include the source they
were compiled
from.
Now, we could contact upstream and get them to include
proper headers
etc., but I wanted to know how much of this was unsuitable
for
distribution, as if it leaves a severely crippled package
then it's not
really worth it.
Also upstream are working on version 3 which is in alpha
now. The decided
to change the license to The Metasploit Framework License
v1.0.
http://www.metasploit.com/projec
ts/Framework/msf3/download.html?Release=alpha-r3
===
The Metasploit Framework License v1.0
Copyright (C) 2006 Metasploit LLC
Definitions
a. "License" means this particular version
of this document (or,
where specifically indicated, a successor iteration of the
License
officially issued/announced by the Developer).
b. "Software" means any software that is
distributed under the terms
of this License.
c. "Extension" means any enhancement to the
Software that does not
require modification of the Software itself.
"Extensions" include any
module or plug-in that is intended (by design and coding)
to, or can, be
dynamically loaded by the Software.
d. "Developer" means the then-current
copyright holder(s) of the
Software, including, but not limited to, the Metasploit
personnel and
any third-party contributors (or their
successor[s]/transferee[s])).
e. "Documentation" means any end user,
technical/programmer, network
administrator, or other manual(s), tutorial(s), or code
sample(s)
provided or offered by Developer with the Software,
excluding those
items created by a third party.
f. "Use" means to download, install, access,
copy, execute, sell, or
otherwise benefit from the Software (directly or indirectly,
with or
without notice or knowledge of the Software's incorporation
or
utilization in any larger application or product).
g. "You" means the individual or
organization that is using the
Software under the conditions of the License.
h. "Interface" means to execute, parse, or
otherwise benefit from
the use of the Software.
i. "Interaction Software" means any external
software program or
library that interfaces with, but is not a component or
subset of, the
Software.
License Grants
1. Provided that You both agree to and do comply with
any and all
conditions and requirements in this License, You are granted
the
non-exclusive rights specified in this License. Use of any
of the
Software in any form and to any extent signifies acceptance
of this
License. If You do not agree to all of these terms, then do
not use the
Software and immediately remove all copies of the Software,
the
Documentation, and any other items provided under the
License.
2. Provided that -each- of the following necessary,
express
conditions are met, You may copy and distribute the
Software:
a. The Software that You received is distributed
unmodified,
including but not restricted to You maintaining (and not
supplementing,
removing, or modifying) the same copyright, trademark
notices and
disclaimers in the exact wording as released by the
Developer.
b. The Software is distributed without any charge,
beyond (at
Your option) the reasonable costs of data transfer or
storage media. You
may -not- (i) sell, lease, rent, or otherwise charge for the
Software,
(ii) include any component or subset of the Software in any
commercial
application or product, or (iii) sell, lease, rent, or
otherwise charge
for any appliance (i.e., hardware, peripheral, personal
digital device,
or other electronic product) that includes any component or
subset of
the Software.
3. You -may- use the Software to provide some service(s)
and charge
for the service(s), provided that the recipient of the
service is
clearly informed in writing (including via electronic notice
or
on-screen display, without paper notice) of both (a) the
existence,
name/trademark, and use of the Software in relation to the
service and
(b) where the recipient of the service may obtain a copy of
the Software
(e.g., refer them to www.metasploit.com).
4. You may make modifications (i.e., additions) to the
Software and
distribute Your modifications, but solely in a form that is
-separate-
from the Software, such as patches. The following
restrictions apply to
modifications:
a. Modifications must not alter, supplement, or
remove any
copyright, trademark, or other proprietary right(s) or legal
notices or
licensing terms displayed by or provided with the Software.
b. When any modification to the Software is released
by You
under this License, You hereby grant and agree to grant a
non-exclusive
royalty-free right, to both (i) the Developer and (ii) any
of
Developer's later licensees, successors, or partners, to
distribute Your
modification(s) in future versions of the Software provided
that such
versions remain available under the terms of this License
(or any other
later-adopted license(s) of the Developer).
5. You may develop Extensions to the Software and
distribute these
Extensions under any license You see fit, as long as -each-
of the
following conditions are met:
a. The Extension, when installed with the Software,
must -not-
modify any of the behavior (change the display, modify the
available
commands, etc) of the Software until the user explicitly
requests (e.g.,
by invoking or exercising a command or feature are a screen
display or
other express notification of the new code's existence and
function)
that the Extension should be activated.
b. The Extension may programmatically execute (e.g.,
call a
method) code provided by this Software, but may not include
or create
copies of the Software (modified or otherwise) in the
Extension itself.
c. The Extension may -not- modify the user interface
or output
of the Software such that the Software copyright(s),
licensing terms, or
title of the Software is/are no longer visible to the user
or are
changed or supplemented.
6. You may develop external software components that
interface with
the Software and distribute these components, provided that
-each- of
the following conditions are met:
a. The external software component is distributed
without any
charge beyond the reasonable costs of data transfer or
storage media.
You may not sell the external software component or sell an
appliance
that includes the software component.
b. The external software component clearly indicates
to the
user, via the user interface and/or program output, both (a)
the role of
the Software in the component and (b) where the user may
obtain a copy
of the Software.
c. The external software component does not modify,
supplement,
or obscure the user interface or output of the Software such
that the
title of the Software, the copyrights and trademark notices
in the
Software, or the licensing terms of the Software are
removed, hidden, or
made less likely to be discovered and read.
Online Updates
The Software includes the ability to download updates
(i.e.,
additional code) from the Developer's server(s). These
updates may
contain bug fixes, new functionality, updated Documentation,
and/or
Extensions. When retrieving these updates, the Software may
transmit the
Software version and operating system information from Your
computer to
the update server. The server may record (store) this
information, in
conjunction with the IP (global Internet Protocol) address
of the user,
in order to attempt to maintain accurate end user / version
statistics.
By using the online update feature, You hereby agree to
allow this
information to be transmitted, recorded, and stored in any
nation by or
for the Developer.
Proper Use
As an express condition of this License, You agree that
You will use
the Software -solely- in compliance with all then-applicable
local,
state, national, and international laws, rules and
regulations as may be
amended or supplemented from time to time, including any
then-current
laws and/or regulations regarding the transmission and/or
encryption of
technical data exported from or imported into Your country
of residence.
Violation of any of the foregoing may result in immediate,
automatic
termination of this License without notice, and may subject
You to
state, national and/or international penalties and other
legal
consequences.
Copyright and Trademark
Product names, words or phrases mentioned in this
License or the
Software may be trademark(s) or servicemark(s) of the
Developer
registered in certain nations and/or of third parties. You
may not alter
or supplement the copyright or trademark notices as
contained in the
Software.
License Termination
This License is effective until terminated. This License
will
terminate immediately without notice from the Developer if
You breach or
fail to comply with any provision of this License. Upon such
termination
You must destroy the Software, all accompanying written
materials, and
all copies thereof.
Limitations of Liability
In no event will the Developer, any contributor, owner,
or licensee,
or any third party affiliated with Developer be liable to
You or any
third party for any consequential, incidental, indirect or
special
damages whatsoever (including, without limitation, loss of
expected
savings, loss of confidential information, presence of
viruses, damages
for loss of profits, business interruption, loss of business
information
and the like or otherwise) or any related expense whether
foreseeable or
not, arising out of the use of or inability to use or any
failure of the
Software or accompanying materials, regardless of the basis
of the claim
and even if the Developer or a Developer's representative
has been
advised of the possibility of such damage, and even in the
event of the
failure of an exclusive remedy. You hereby acknowledge, by
using the
Software, the reasonability of this liability limitation
provision, that
Developer would not offer the Software without the inclusion
and
enforceability of this provision, and that You (and not the
Software)
are solely responsible for Your network, data, and
application security
testing, planning , audits, updates, and training, which
require regular
analysis, supplementing, and expertise.
No Warranty
The Software and this License document are provided AS
IS with NO
WARRANTY OF ANY KIND, INCLUDING THE WARRANTY OF DESIGN,
MERCHANTABILITY,
TITLE, OR FITNESS FOR A PARTICULAR PURPOSE.
Indemnification
You agree to indemnify, hold harmless, and defend the
Developer and
Developer's owners, contributors, agents, and business
partners from and
against any and all claims or actions including reasonable
legal
expenses that arise or result from Your use of or inability
to use the
Software. Developer agrees to notify You and reasonably
cooperate with
Your defense of any third party claim triggering such
indemnification.
Miscellaneous
If any part of this License is found void and
unenforceable, it will
not affect the validity of the balance of the License, which
shall
remain valid and enforceable to the maximum extent according
to its
terms.
Choice of Law; Venue
The License will be construed, interpreted and governed
by the laws
of Texas, USA, without regard to its conflict of law rules.
Any
litigation related to this License must be filed and heard
in the courts
for Travis County, Texas.
To download version 3.0 of the Metasploit Framework, you
must
acknowledge your acceptance of this license by clicking the
'Accept this
License' button below.
===
The webpage requires a click through of this license to get
the source.
How does this license look? If it is DFSG-free, then the
best option is
probably to package this version.
Apologies for dumping everything here, but I want to be
clear about the
legal issues before proceeding.
Thanks,
James
--
James Westby
jw+debianjameswestby.net
http://jameswestby.net/
--
To UNSUBSCRIBE, email to debian-legal-REQUESTlists.debian.org
with a subject of "unsubscribe". Trouble?
Contact listmasterlists.debian.org
|
|
| License issues with metasploit-framework |
|
2006-07-18 11:38:37 |
Hi, there is an open ITP on metasploit-framework (#323420),
and the
owner Luciano asked me to contact this list about some of
the license
issues involved with the package.
At the moment the framework is at version 2, and is released
under a
dual license of GPL v2 and Perl Artistic.
There are a lot of contributed files in the package. Most
have the
following header
; This file is part of the Metasploit Exploit
Framework
; and is subject to the same licenses and copyrights
as
; the rest of this package.
and some have no license header. There are a few that say
the following
# This file is part of the Metasploit Framework and may be
redistributed
# according to the licenses defined in the Authors field
below. In the
# case of an unknown or missing license, this file defaults
to the same
# license as the core Framework (dual GPLv2 and Artistic).
The latest
# version of the Framework can always be obtained from
metasploit.com.
There is one with
* The contents of this file constitute Original Code as
defined in and
* are subject to the Apple Public Source License Version
1.1 (the
* "License"). You may not use this file except
in compliance with the
* License. Please obtain a copy of the License at
* http://www.apple.co
m/publicsource and read it before using this file.
*
* This Original Code and all software distributed under the
License are
* distributed on an "AS IS" basis, WITHOUT
WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH
WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF
MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.
Please see the
* License for the specific language governing rights and
limitations
* under the License.
which the archives seem do suggest is not DFSG-free.
There is a zlib implementation with the following license
===
This software is provided 'as-is', without any express or
implied
warranty. In no event will the authors be held liable for
any damages
arising from the use of this software.
Permission is granted to anyone to use this software for
any purpose,
including commercial applications, and to alter it and
redistribute it
freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented;
you must
not
claim that you wrote the original software. If you use
this
software
in a product, an acknowledgment in the product
documentation would
be
appreciated but is not required.
2. Altered source versions must be plainly marked as such,
and must
not be
misrepresented as being the original software.
3. This notice may not be removed or altered from any
source
distribution.
===
And my favourite
# Yo yo, this be da socketNinja.
# Alpha-2.0 release
# Distribute and get a visit from tireIronNinja
which I don't think is free.
There are also binary files distributed in the tarball,
these are not
meant to be compiled, as they are for executing on the
target computer.
I'm not sure how this sits, as they are obviously not the
preferred form
of modification, and some don't include the source they
were compiled
from.
Now, we could contact upstream and get them to include
proper headers
etc., but I wanted to know how much of this was unsuitable
for
distribution, as if it leaves a severely crippled package
then it's not
really worth it.
Also upstream are working on version 3 which is in alpha
now. The decided
to change the license to The Metasploit Framework License
v1.0.
http://www.metasploit.com/projec
ts/Framework/msf3/download.html?Release=alpha-r3
===
The Metasploit Framework License v1.0
Copyright (C) 2006 Metasploit LLC
Definitions
a. "License" means this particular version
of this document (or,
where specifically indicated, a successor iteration of the
License
officially issued/announced by the Developer).
b. "Software" means any software that is
distributed under the terms
of this License.
c. "Extension" means any enhancement to the
Software that does not
require modification of the Software itself.
"Extensions" include any
module or plug-in that is intended (by design and coding)
to, or can, be
dynamically loaded by the Software.
d. "Developer" means the then-current
copyright holder(s) of the
Software, including, but not limited to, the Metasploit
personnel and
any third-party contributors (or their
successor[s]/transferee[s])).
e. "Documentation" means any end user,
technical/programmer, network
administrator, or other manual(s), tutorial(s), or code
sample(s)
provided or offered by Developer with the Software,
excluding those
items created by a third party.
f. "Use" means to download, install, access,
copy, execute, sell, or
otherwise benefit from the Software (directly or indirectly,
with or
without notice or knowledge of the Software's incorporation
or
utilization in any larger application or product).
g. "You" means the individual or
organization that is using the
Software under the conditions of the License.
h. "Interface" means to execute, parse, or
otherwise benefit from
the use of the Software.
i. "Interaction Software" means any external
software program or
library that interfaces with, but is not a component or
subset of, the
Software.
License Grants
1. Provided that You both agree to and do comply with
any and all
conditions and requirements in this License, You are granted
the
non-exclusive rights specified in this License. Use of any
of the
Software in any form and to any extent signifies acceptance
of this
License. If You do not agree to all of these terms, then do
not use the
Software and immediately remove all copies of the Software,
the
Documentation, and any other items provided under the
License.
2. Provided that -each- of the following necessary,
express
conditions are met, You may copy and distribute the
Software:
a. The Software that You received is distributed
unmodified,
including but not restricted to You maintaining (and not
supplementing,
removing, or modifying) the same copyright, trademark
notices and
disclaimers in the exact wording as released by the
Developer.
b. The Software is distributed without any charge,
beyond (at
Your option) the reasonable costs of data transfer or
storage media. You
may -not- (i) sell, lease, rent, or otherwise charge for the
Software,
(ii) include any component or subset of the Software in any
commercial
application or product, or (iii) sell, lease, rent, or
otherwise charge
for any appliance (i.e., hardware, peripheral, personal
digital device,
or other electronic product) that includes any component or
subset of
the Software.
3. You -may- use the Software to provide some service(s)
and charge
for the service(s), provided that the recipient of the
service is
clearly informed in writing (including via electronic notice
or
on-screen display, without paper notice) of both (a) the
existence,
name/trademark, and use of the Software in relation to the
service and
(b) where the recipient of the service may obtain a copy of
the Software
(e.g., refer them to www.metasploit.com).
4. You may make modifications (i.e., additions) to the
Software and
distribute Your modifications, but solely in a form that is
-separate-
from the Software, such as patches. The following
restrictions apply to
modifications:
a. Modifications must not alter, supplement, or
remove any
copyright, trademark, or other proprietary right(s) or legal
notices or
licensing terms displayed by or provided with the Software.
b. When any modification to the Software is released
by You
under this License, You hereby grant and agree to grant a
non-exclusive
royalty-free right, to both (i) the Developer and (ii) any
of
Developer's later licensees, successors, or partners, to
distribute Your
modification(s) in future versions of the Software provided
that such
versions remain available under the terms of this License
(or any other
later-adopted license(s) of the Developer).
5. You may develop Extensions to the Software and
distribute these
Extensions under any license You see fit, as long as -each-
of the
following conditions are met:
a. The Extension, when installed with the Software,
must -not-
modify any of the behavior (change the display, modify the
available
commands, etc) of the Software until the user explicitly
requests (e.g.,
by invoking or exercising a command or feature are a screen
display or
other express notification of the new code's existence and
function)
that the Extension should be activated.
b. The Extension may programmatically execute (e.g.,
call a
method) code provided by this Software, but may not include
or create
copies of the Software (modified or otherwise) in the
Extension itself.
c. The Extension may -not- modify the user interface
or output
of the Software such that the Software copyright(s),
licensing terms, or
title of the Software is/are no longer visible to the user
or are
changed or supplemented.
6. You may develop external software components that
interface with
the Software and distribute these components, provided that
-each- of
the following conditions are met:
a. The external software component is distributed
without any
charge beyond the reasonable costs of data transfer or
storage media.
You may not sell the external software component or sell an
appliance
that includes the software component.
b. The external software component clearly indicates
to the
user, via the user interface and/or program output, both (a)
the role of
the Software in the component and (b) where the user may
obtain a copy
of the Software.
c. The external software component does not modify,
supplement,
or obscure the user interface or output of the Software such
that the
title of the Software, the copyrights and trademark notices
in the
Software, or the licensing terms of the Software are
removed, hidden, or
made less likely to be discovered and read.
Online Updates
The Software includes the ability to download updates
(i.e.,
additional code) from the Developer's server(s). These
updates may
contain bug fixes, new functionality, updated Documentation,
and/or
Extensions. When retrieving these updates, the Software may
transmit the
Software version and operating system information from Your
computer to
the update server. The server may record (store) this
information, in
conjunction with the IP (global Internet Protocol) address
of the user,
in order to attempt to maintain accurate end user / version
statistics.
By using the online update feature, You hereby agree to
allow this
information to be transmitted, recorded, and stored in any
nation by or
for the Developer.
Proper Use
As an express condition of this License, You agree that
You will use
the Software -solely- in compliance with all then-applicable
local,
state, national, and international laws, rules and
regulations as may be
amended or supplemented from time to time, including any
then-current
laws and/or regulations regarding the transmission and/or
encryption of
technical data exported from or imported into Your country
of residence.
Violation of any of the foregoing may result in immediate,
automatic
termination of this License without notice, and may subject
You to
state, national and/or international penalties and other
legal
consequences.
Copyright and Trademark
Product names, words or phrases mentioned in this
License or the
Software may be trademark(s) or servicemark(s) of the
Developer
registered in certain nations and/or of third parties. You
may not alter
or supplement the copyright or trademark notices as
contained in the
Software.
License Termination
This License is effective until terminated. This License
will
terminate immediately without notice from the Developer if
You breach or
fail to comply with any provision of this License. Upon such
termination
You must destroy the Software, all accompanying written
materials, and
all copies thereof.
Limitations of Liability
In no event will the Developer, any contributor, owner,
or licensee,
or any third party affiliated with Developer be liable to
You or any
third party for any consequential, incidental, indirect or
special
damages whatsoever (including, without limitation, loss of
expected
savings, loss of confidential information, presence of
viruses, damages
for loss of profits, business interruption, loss of business
information
and the like or otherwise) or any related expense whether
foreseeable or
not, arising out of the use of or inability to use or any
failure of the
Software or accompanying materials, regardless of the basis
of the claim
and even if the Developer or a Developer's representative
has been
advised of the possibility of such damage, and even in the
event of the
failure of an exclusive remedy. You hereby acknowledge, by
using the
Software, the reasonability of this liability limitation
provision, that
Developer would not offer the Software without the inclusion
and
enforceability of this provision, and that You (and not the
Software)
are solely responsible for Your network, data, and
application security
testing, planning , audits, updates, and training, which
require regular
analysis, supplementing, and expertise.
No Warranty
The Software and this License document are provided AS
IS with NO
WARRANTY OF ANY KIND, INCLUDING THE WARRANTY OF DESIGN,
MERCHANTABILITY,
TITLE, OR FITNESS FOR A PARTICULAR PURPOSE.
Indemnification
You agree to indemnify, hold harmless, and defend the
Developer and
Developer's owners, contributors, agents, and business
partners from and
against any and all claims or actions including reasonable
legal
expenses that arise or result from Your use of or inability
to use the
Software. Developer agrees to notify You and reasonably
cooperate with
Your defense of any third party claim triggering such
indemnification.
Miscellaneous
If any part of this License is found void and
unenforceable, it will
not affect the validity of the balance of the License, which
shall
remain valid and enforceable to the maximum extent according
to its
terms.
Choice of Law; Venue
The License will be construed, interpreted and governed
by the laws
of Texas, USA, without regard to its conflict of law rules.
Any
litigation related to this License must be filed and heard
in the courts
for Travis County, Texas.
To download version 3.0 of the Metasploit Framework, you
must
acknowledge your acceptance of this license by clicking the
'Accept this
License' button below.
===
The webpage requires a click through of this license to get
the source.
How does this license look? If it is DFSG-free, then the
best option is
probably to package this version.
Apologies for dumping everything here, but I want to be
clear about the
legal issues before proceeding.
Thanks,
James
--
James Westby
jw+debianjameswestby.net
http://jameswestby.net/
--
To UNSUBSCRIBE, email to debian-legal-REQUESTlists.debian.org
with a subject of "unsubscribe". Trouble?
Contact listmasterlists.debian.org
|
|
| License issues with metasploit-framework |
|
2006-07-18 19:30:10 |
* James Westby:
> ; This file is part of the Metasploit Exploit
Framework
> ; and is subject to the same licenses and
copyrights as
> ; the rest of this package.
This should be fine; a lot of Perl modules use similar
language.
> There is a zlib implementation with the following
license
This is the original zlib license.
> b. The Software is distributed without any
charge, beyond (at
> Your option) the reasonable costs of data transfer or
storage media. You
> may -not- (i) sell, lease, rent, or otherwise charge
for the Software,
> (ii) include any component or subset of the Software in
any commercial
> application or product, or (iii) sell, lease, rent, or
otherwise charge
> for any appliance (i.e., hardware, peripheral, personal
digital device,
> or other electronic product) that includes any
component or subset of
> the Software.
This doesn't look DFSG-free to me. Most of the other,
rather
innovative clauses, have problems as well. If the
click-through part
must be enforced by redistributors, it's not even suitable
for the
non-free section.
I can understand why upstream is doing this, but I don't
think the
result is still free software.
--
To UNSUBSCRIBE, email to debian-legal-REQUESTlists.debian.org
with a subject of "unsubscribe". Trouble?
Contact listmasterlists.debian.org
|
|
| License issues with metasploit-framework |
|
2006-07-18 23:26:14 |
On Tue, 18 Jul 2006 12:38:37 +0100 James Westby wrote:
>
> Hi, there is an open ITP on metasploit-framework
(#323420), and the
> owner Luciano asked me to contact this list about some
of the license
> issues involved with the package.
Hi, this is indeed the right list to contact.
>
> At the moment the framework is at version 2, and is
released under a
> dual license of GPL v2 and Perl Artistic.
For all the parts that are actually under this dual
licensing, that's
fine.
>
> There are a lot of contributed files in the package.
Most have the
> following header
>
> ; This file is part of the Metasploit Exploit
Framework
> ; and is subject to the same licenses and
copyrights as
> ; the rest of this package.
Seems more or less OK, even though having a clear copyright
& permission
notice that explicitly refers to the dual GPLv2/Artistic
would be much
better and safer.
>
> and some have no license header.
These ones are concerning, especially if there is no other
indication
that they really fall under the same licenses as the rest of
the
framework!
I think that a clarification from upstream is needed.
> There are a few that say the
> following
>
> # This file is part of the Metasploit Framework and may
be
> # redistributed according to the licenses defined in
the Authors field
> # below. In the case of an unknown or missing license,
this file
> # defaults to the same license as the core Framework
(dual GPLv2 and
> # Artistic). The latest version of the Framework can
always be
> # obtained from metasploit.com.
What does the "Authors field below" say?
Is there one?
If there is, then you (we) have to check whether it defines
a licensing
scheme which is DFSG-free and compatible with the rest of
the framework.
If there isn't, then it's more or less OK, with the
above-mentioned
warning (being explicit would be far better).
>
> There is one with
>
> * The contents of this file constitute Original Code
as defined in
> * and are subject to the Apple Public Source License
Version 1.1 (the
> * "License"). You may not use this file
except in compliance with
> * the License. Please obtain a copy of the License at
> * http://www.apple.co
m/publicsource and read it before using this
> * file.
> * This Original Code and all software distributed
under the License
> * are distributed on an "AS IS" basis,
WITHOUT WARRANTY OF ANY KIND,
> * EITHER EXPRESS OR IMPLIED, AND APPLE HEREBY
DISCLAIMS ALL SUCH
> * WARRANTIES, INCLUDING WITHOUT LIMITATION, ANY
WARRANTIES OF
> * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR
> * NON-INFRINGEMENT. Please see the License for the
specific language
> * governing rights and limitations under the License.
>
> which the archives seem do suggest is not DFSG-free.
What was analysed on debian-legal was (at least) Apple's
APSL v2.0:
definitely non-free (and GPLv2-incompatible).
This is APSL v1.1: I don't know if this version has ever
been reviewed
on debian-legal.
If someone finds the time to look at it, it would be useful
to assess
its DFSG-freeness and {GPLv2/Artistic}-compatibility.
If it's not {GPLv2/Artistic}-compatible, then upstream
should be
persuaded to relicense or replace the file. Or possibly
Debian can
substitute the file with a {GPLv2/Artistic}-compatible
drop-in
replacement (if at all possible).
>
> There is a zlib implementation with the following
license
>
> ===
[...]
> ===
This is actually the so-called zlib license: DFSG-free and
GPLv2-compatible, AFAICS.
>
> And my favourite
>
> # Yo yo, this be da socketNinja.
> # Alpha-2.0 release
> # Distribute and get a visit from tireIronNinja
>
> which I don't think is free.
It lacks (at least) permission to modify and distributed
modified
versions (see DFSG#3).
It doesn't even clearly grant permission to distribute (see
DFSG#1):
"Distribute" seems like an order, not a
permission!
I don't understand the visit part... :-/
Upstream should be contacted and asked to relicense this
file.
Or, as usual, this file could be dropped or replaced.
>
> There are also binary files distributed in the tarball,
these are not
> meant to be compiled, as they are for executing on the
target
> computer. I'm not sure how this sits, as they are
obviously not the
> preferred form of modification, and some don't include
the source they
> were compiled from.
If the actual source for those binaries is not available, we
are going
very far from DFSG compliance (see DFSG#2).
Upstream should be got in touch with and asked for source
under
a DFSG-free and {GPLv2/Artistic}-compatible license.
Alternatively those binaries should be dropped or replaced.
>
> Now, we could contact upstream and get them to include
proper headers
> etc., but I wanted to know how much of this was
unsuitable for
> distribution, as if it leaves a severely crippled
package then it's
> not really worth it.
It's up to you to decide whether it's worth fixing this
melting pot of
copyrights and licenses.
Whatever you decide, thanks for contributing Debian.
>
> Also upstream are working on version 3 which is in
alpha now. The
> decided to change the license to The Metasploit
Framework License
> v1.0.
> http://www.metasploit.com/projec
ts/Framework/msf3/download.html?Release=alpha-r3
Oh my goodness!
Another project that decides they need their own awkward and
incompatible license!
Writing a good license is a really hard task: it requires
good lawyers
and a long revision process. Worse, it can fail even with
such things!
Moreover, even when you create a good license, license
proliferation is
bad, since it creates barriers that obstruct free software
sharing and
reuse.
It would really be appreciated if you tried to persuade
upstream to
adopt a well-established and clearly DFSG-free license,
instead of
writing their own.
GNU GPLv2 is a good choice.
Even GPLv2/Artistic dual license is good.
Another good choice is the Expat license
(http://www.jcla
rk.com/xml/copying.txt), if copyleft is not regarded as
an important goal.
>
> ===
> The Metasploit Framework License v1.0
> Copyright (C) 2006 Metasploit LLC
[...]
> ===
>
> The webpage requires a click through of this license to
get the
> source.
>
> How does this license look? If it is DFSG-free, then
the best option
> is probably to package this version.
I didn't find the time to thoroughly analyse the license,
but I spotted
at least a choice of venue, which is non-free:
| Any
| litigation related to this License must be filed and heard
in the
| courts for Travis County, Texas.
If I manage to review the license completely, I will send my
analysis to
debian-legal only, because I don't think the BTS is the
right place for
license analysis and discussion.
When a conclusion is reached a link to the list archives can
be sent as
a followup for the bug report...
>
> Apologies for dumping everything here, but I want to be
clear about
> the legal issues before proceeding.
Pasting the full text of licenses and unclear copyright
& permission
notices is the recommended method to get advice from
debian-legal, hence
I think you did nothing wrong.
>
> Thanks,
You're welcome!
--
:-( This Universe is buggy! Where's the Creator's
BTS? 
............................................................
..........
Francesco Poli GnuPG Key ID =
DD6DFCF4
Key fingerprint = C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B
DD6D FCF4
|
|
| License issues with metasploit-framework |
|
2006-07-19 22:54:32 |
On Tue, 18 Jul 2006 12:38:37 +0100 James Westby wrote:
My analysis of The Metasploit Framework License v1.0
follows.
Executive summary
=================
This license is definitely non-DFSG-free and should be
avoided.
A work released under this license should not be distributed
by Debian
(not even in non-free, because of the choice of venue and
the
click-through mechanism).
Please persuade upstream to drop this license entirely and
to adopt a
well-known and clearly DFSG-free license, instead.
Details
=======
[...]
> ===
> The Metasploit Framework License v1.0
> Copyright (C) 2006 Metasploit LLC
[...]
> c. "Extension" means any enhancement to
the Software that does not
> require modification of the Software itself.
"Extensions" include any
> module or plug-in that is intended (by design and
coding) to, or can,
> be dynamically loaded by the Software.
This definition seems to be rather broad: for instance, any
module or
plug-in that *can* be dynamically loaded by the Software is
regarded as
an "Extension", even if it was created
independently and happens to be
loadable (say, because it adheres to a published standard
interface, or
something).
[...]
> h. "Interface" means to execute, parse,
or otherwise benefit from
> the use of the Software.
>
> i. "Interaction Software" means any
external software program or
> library that interfaces with, but is not a component or
subset of, the
> Software.
These two definitions seem to be really broad: even a shell
script could
execute the Framework as soon as the Framework includes a
small
command-line tool.
Such a shell script would then be "Interaction
Software"...
>
>
> License Grants
>
> 1. Provided that You both agree to and do comply
with any and all
> conditions and requirements in this License, You are
granted the
> non-exclusive rights specified in this License. Use of
any of the
> Software in any form and to any extent signifies
acceptance of this
> License. If You do not agree to all of these terms,
then do not use
> the Software and immediately remove all copies of the
Software, the
> Documentation, and any other items provided under the
License.
Not a good start: acceptance of the license is claimed to be
necessary
even for mere use of the Software...
>
> 2. Provided that -each- of the following necessary,
express
> conditions are met, You may copy and distribute the
Software:
[...]
> b. The Software is distributed without any
charge, beyond (at
> Your option) the reasonable costs of data transfer or
storage media.
> You may -not- (i) sell, lease, rent, or otherwise
charge for the
> Software, (ii) include any component or subset of the
Software in any
> commercial application or product, or (iii) sell,
lease, rent, or
> otherwise charge for any appliance (i.e., hardware,
peripheral,
> personal digital device, or other electronic product)
that includes
> any component or subset of the Software.
This clause is definitely non-free, as it fails DFSG#1.
>
> 3. You -may- use the Software to provide some
service(s) and
> charge
> for the service(s), provided that the recipient of the
service is
> clearly informed in writing (including via electronic
notice or
> on-screen display, without paper notice) of both (a)
the existence,
> name/trademark, and use of the Software in relation to
the service and
> (b) where the recipient of the service may obtain a
copy of the
> Software (e.g., refer them to www.metasploit.com).
This clause puts significant restrictions on mere use of the
Software:
non-free (it could fail DFSG#6, in some scenarios).
>
> 4. You may make modifications (i.e., additions) to
the Software
> and
> distribute Your modifications, but solely in a form
that is -separate-
> from the Software, such as patches. The following
restrictions apply
> to modifications:
[...]
This clause fails DFSG#4, because it does *not*
"explicitly permit
distribution of software built from modified source
code".
Again non-free.
> 5. You may develop Extensions to the Software and
distribute these
> Extensions under any license You see fit, as long as
-each- of the
> following conditions are met:
>
> a. The Extension, when installed with the
Software, must -not-
> modify any of the behavior (change the display, modify
the available
> commands, etc) of the Software until the user
explicitly requests
> (e.g., by invoking or exercising a command or feature
are a screen
> display or other express notification of the new
code's existence and
> function) that the Extension should be activated.
These restrictions on what can be done in an
"Extension" are broader
than the ones that hold for patches. This is awkward and
possibly
non-free: in some scenarios an "Extension" could
be regarded as
basically independent software and hence this clause could
fail DFSG#9.
[...]
>
> 6. You may develop external software components
that interface
> with
> the Software and distribute these components, provided
that -each- of
> the following conditions are met:
>
> a. The external software component is
distributed without any
> charge beyond the reasonable costs of data transfer or
storage media.
> You may not sell the external software component or
sell an appliance
> that includes the software component.
Again fails DFSG#1.
[...]
> Online Updates
>
> The Software includes the ability to download
updates (i.e.,
> additional code) from the Developer's server(s). These
updates may
> contain bug fixes, new functionality, updated
Documentation, and/or
> Extensions. When retrieving these updates, the Software
may transmit
> the Software version and operating system information
from Your
> computer to the update server. The server may record
(store) this
> information, in conjunction with the IP (global
Internet Protocol)
> address of the user, in order to attempt to maintain
accurate end user
> / version statistics. By using the online update
feature, You hereby
> agree to allow this information to be transmitted,
recorded, and
> stored in any nation by or for the Developer.
This clause does not belong in the license, as it's not a
condition for
the Software, but rather a condition for using a service.
BTW, for privacy's sake, everybody should *avoid* this
Online
Updates service!
> Proper Use
>
> As an express condition of this License, You agree
that You will
> use
> the Software -solely- in compliance with all
then-applicable local,
> state, national, and international laws, rules and
regulations as may
> be amended or supplemented from time to time, including
any
> then-current laws and/or regulations regarding the
transmission and/or
> encryption of technical data exported from or imported
into Your
> country of residence. Violation of any of the foregoing
may result in
> immediate, automatic termination of this License
without notice, and
> may subject You to state, national and/or international
penalties and
> other legal consequences.
This clause enforces local, state, national, and
international laws,
rules and regulations as a condition for getting the license
permissions.
This is non-free, because it adds arbitrary penalties (such
as license
termination) to the ones already specified by laws.
[...]
> Choice of Law; Venue
[...]
> Any litigation related to this License must be filed
and heard in the
> courts for Travis County, Texas.
This is a choice of venue, which is non-free (it requires
users to
travel even across oceans in order to defend theirselves
from possibly
frivolous lawsuits).
>
> To download version 3.0 of the Metasploit
Framework, you must
> acknowledge your acceptance of this license by clicking
the 'Accept
> this License' button below.
This is a click-wrap license. If it is intended that every
redistributor
must enforce a similar click-through mechanism, then Debian
cannot
distribute the Software, not even in non-free.
--
:-( This Universe is buggy! Where's the Creator's
BTS?
............................................................
..........
Francesco Poli GnuPG Key ID =
DD6DFCF4
Key fingerprint = C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B
DD6D FCF4
|
|
| License issues with metasploit-framework |
|
2006-07-25 18:09:46 |
On (19/07/06 01:26), Francesco Poli wrote:
> On Tue, 18 Jul 2006 12:38:37 +0100 James Westby wrote:
> What does the "Authors field below" say?
> Is there one?
>
> If there is, then you (we) have to check whether it
defines a licensing
> scheme which is DFSG-free and compatible with the rest
of the framework.
>
> If there isn't, then it's more or less OK, with the
above-mentioned
> warning (being explicit would be far better).
>
Sorry, I neglected to say that these files don't have an
explicit
license. It appears as those these files are created from a
template
that includes this statement.
> It lacks (at least) permission to modify and
distributed modified
> versions (see DFSG#3).
> It doesn't even clearly grant permission to distribute
(see DFSG#1):
> "Distribute" seems like an order, not a
permission!
> I don't understand the visit part... :-/
>
> Upstream should be contacted and asked to relicense
this file.
> Or, as usual, this file could be dropped or replaced.
There is a README file along with this one, that says
simply.
These are not the codes you are looking for....
Which suggests that upstream do not hold the copyright and
realise they
are distributing it even though it appears to be prohibited.
> >
> > There are also binary files distributed in the
tarball, these are not
> > meant to be compiled, as they are for executing on
the target
> > computer. I'm not sure how this sits, as they are
obviously not the
> > preferred form of modification, and some don't
include the source they
> > were compiled from.
>
> If the actual source for those binaries is not
available, we are going
> very far from DFSG compliance (see DFSG#2).
> Upstream should be got in touch with and asked for
source under
> a DFSG-free and {GPLv2/Artistic}-compatible license.
>
> Alternatively those binaries should be dropped or
replaced.
>
I'm sure the sources exist somewhere, and could be included
upstream.
though it is possible that they are the preferred form for
modification,
and a hex editor was used to create them. I think most of
them are
shellcode type things.
> >
> > Now, we could contact upstream and get them to
include proper headers
> > etc., but I wanted to know how much of this was
unsuitable for
> > distribution, as if it leaves a severely crippled
package then it's
> > not really worth it.
>
> It's up to you to decide whether it's worth fixing
this melting pot of
> copyrights and licenses.
I will now talk to Luciano (owner of the ITP) and see what
he thinks is
the best way forward. I am sure we will contact upstream and
see if they
are willing to make the changes to either/both versions.
> It would really be appreciated if you tried to persuade
upstream to
> adopt a well-established and clearly DFSG-free license,
instead of
> writing their own.
That would be great, but they went to the trouble of writing
the thing,
so maybe they want to use it.
Thanks to all those who replied to this thread and gave
their opinions.
It is all clearer now, and hopefully we can get this sorted
out. I think
this is the only piece of (supposedly) free software from
the top 50 of
the recent security tools survey not included in Debian.
Thanks again,
James
--
James Westby
jw+debianjameswestby.net
http://jameswestby.net/
--
To UNSUBSCRIBE, email to debian-legal-REQUESTlists.debian.org
with a subject of "unsubscribe". Trouble?
Contact listmasterlists.debian.org
|
|
[1-7]
|
|