On 2010-11-09 09:11:43 AM, Jared K. Smith wrote: > In the case of this particular application, it seems the authors have > gone out of their way to say "This is a tool for automating SQL > injection attacks so that you can exploit someone else's system", and > as such, does open Fedora up to some legal risk. I'm not a lawyer, > but I know Spot (as the official Fedora legal representative) well > enough to know that if it makes him nervous, that I should probably be > a bit nervous as well. I disagree a bit here - while the author is very explicit about what the tool actually does, I think he makes it pretty clear as well that it's targetted at penetration testers. Just another data point - I sometimes participate in computer security competitions where tools like this could be useful in a legal way. I'm pretty surprised to see that we've decided to disallow a package like this when the actual legal risks to us/Red Hat haven't been discussed or even determined. Do you think this might have been a little bit of a kneejerk reaction to some vague and yet-to-be determined legal fears? Just to be clear, I'm not against the statement that was added to the legal guidelines, I just don't see why this package in particular didn't pass the test for having useful legal purposes (or how its inclusion causes any actual heightened legal risk). I'm afraid that this decision will set a bad precedent when looking at other packages in the future. Thanks, Ricky
Attachment:
pgpBEzblsyXPP.pgp
Description: PGP signature
_______________________________________________ advisory-board mailing list advisory-board@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/advisory-board
