2010/11/15 MÃirÃn Duffy <duffy@xxxxxxxxxxxxxxxxx>: > On Sun, 2010-11-14 at 18:05 -0800, David Wagner wrote: >> The minutes also suggest confusion about penetration >> testing tools in general. > > What confusion did you see? > >> I saw in the minutes the objection that >> SQLninja is advertised as 'get root on remote systems'. ÂAre the board >> members aware that many penetration testing tools can be used to get >> root on remote systems, and it is precisely for this reason that they >> are useful for (legal, lawful, authorized) penetration testing? > > It may not have been clear from the minutes, but it's pretty safe to say > the board members are & were aware of this. > >> Â Are the >> board members aware that legal penetration testing can, and sometimes >> does, include getting root on remote systems? > > Do you use SQLninja for penetration testing? Had you heard of it before? > What penetration testing tools do you use? Is the language they use to > explain & advertise their tools similar to that used for SQLninja? How > do you find out about penetration testing tools? How many of the ones > you use are GPL? So the problem is that it can be used to hack into a system and isn't passive like Nessus (is this really passive?), nmap, telnet (the client), airsnort, and wireshark, just to name a few? > >> 2) Some board members appear to have raised legal concerns. ÂHowever >> those were not made explicit in the minutes and it looks like there has >> not been an analysis or ruling from Fedora Legal. ÂBefore the board >> ruled, the add package request (bug #63402) was blocked on FE-LEGAL, >> but it looks like the board voted to deny the request before hearing >> from FE-LEGAL. ÂMoreover, I cannot find any place where the legal >> concerns are articulated, let alone reference to particular statute or >> justification for a concern. > > I took the meeting minutes. Generally sensitive discussion is excluded > from meeting minutes. So are you saying this was a legal issue? > > ~m --Eric _______________________________________________ advisory-board mailing list advisory-board@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/advisory-board
