Thanks for the excellent board recap, Am 08.11.2010 22:25, schrieb Mairin Duffy: > === The Statement to be added to our legal guidelines === > "Where, objectively speaking, the package has essentially no useful > foreseeable purposes other than those that are highly likely to be > illegal or unlawful in one or more major jurisdictions in which Fedora > is distributed or used, such that distributors of Fedora will face > heightened legal risk if Fedora were to include the package, then the > Fedora Project Board has discretion to deny inclusion of the package for > that reason alone." > === Votes === > '''Should we add this text to the Legal guidelines?''' > * Add the language:++++++ > * Don't add language: > '''Should we approve or deny the SQLninja request in particular?''' > * Yes, SQLninja is okay to add: > * No, SQLninja shouldn't be added: +++++++ > > === Board Decision === > * We will add Spot's proposed langauge to the Fedora legal guidelines. > (unanimous) > * We won't allow the SQLninja package to be added to Fedora. (unanimous) I have a question regarding the consequences of this above decision for the Fedora Security Lab. Fedora as Security Test Platform has a big usecase - from what i see here in Germany and i work with the ISECOM to develop a good learning platform for teaching security, based on our Fedora Security Lab. With FSL we ship already a lot of "tools" which can do very bad things and can be used to spoof, attack, decrypt or brute force - and where to draw the line? even nc can do a lot harm. just some of them are listed here: https://fedorahosted.org/security-spin/wiki/availableApps Such tools and security tests are not only to find vulnerabilities, it is also to find out if the established security controls work good enough to resist attacks from such tools - how to test that without such tools? So if we want to do a proper Security Test, we have to use the same methods like a real Attacker would do, but with the clear intention to prevent crime. I do no know the legal situation in the states, and that the german situation is not important for the Fedora Project - so it is just a notice that we have a so called "Hackerparagraph" here in Germany http://tinyurl.com/2urm92p but also a lot of legal court decision where the use with written permission and contracts is declared as legal use - German Federal Office for Information Security also offers such tools on a CD and got a court decission where the use and offering of such tools is clear permitted if it is intended to prevent crime. Thanks for your clarification in this matter. cu Joerg -- Joerg (kital) Simon jsimon@xxxxxxxxxxxxxxxxx http://fedoraproject.org/wiki/JoergSimon http://kitall.blogspot.com Key Fingerprint: 3691 0989 2DCA 58A2 8D1F 2CAC C823 558E 5B5B 5688
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ advisory-board mailing list advisory-board@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/advisory-board
