Re: Question about DFSG and a THC project

To: debian-legal@lists.debian.org
Subject: Re: Question about DFSG and a THC project
From: Nathanael Nerode <neroden@twcny.rr.com>
Date: Fri, 23 Apr 2004 17:19:31 -0400
Message-id: <[🔎] c6c18s$eso$2@sea.gmane.org>
References: <[🔎] 1082494337.2633.27.camel@will>

Jake Appelbaum wrote:

> Hello,
> 
> I am interested in packaging "hydra" from the THC group. I think that it
> would be an excellent addition to the Debian project.
> 
> My question arises from an added license that is in the hydra-3.1.tar.gz
> package that I downloaded from http://www.thc.org/releases.php
> 
> The package has two files of importance to this topic:
> LICENCE.HYDRA
> LICENSE.GNU
> 
> As it's not available on their website I will reproduce LICENCE.HYDRA
> here:
> 
>                         LICENCE FOR HYDRA (all version)
>                      by van Hauser <vh@thc.org>
> 
> 
> 1. This software comes with no warrenty or promised features. If it
> works for you - fine. It just comes "AS-IS", which means as a bunch of
> bits and bytes.
This is fine, and should not be in the license; it should be a separate
disclaimer.

> 2. Anyone may use this software and pass it on to other persons or
> companies as long as it is not charged for! (except for a small
> transfer/medium fee)
The requirement that the fee be "small" is probably not DFSG-free.

> 3. This tool may *NOT* be used for illegal purpose. Please check the law
> which affects your doing. I will have got no liability for any damage
> etc. done with this tool legally or illegaly.
The author is clearly not proficient in English, and should get help with
license drafting.  This shouldn't be in the license; it should be a
separate disclaimer.

> 4. If this tool is used while providing a commercial service (e.g. as
> part of a penetration test) the report has to state the tools name and
> version, and additionally the author (van Hauser) and the distribution
> homepage (http://www.thc.org).
This appears non-free.  (Anyway, what "report" is it talking about)?


> 5. In all other respects the GPL 2.0 applies
> 
> LICENCE.HYDRA (END)
> 
> 
> The LISCENSE.GNU is the standard GPL 2.0
> 
> 
> So my questions regarding this package should be pretty obvious by this
> point.
> 
> Is this even possible to package this and hope to get it into Debian?
> 
> Or would this just be considered non-free?
> 
> Should I email the upstream author and ask if he can remove those
> additional restrictions to facilitate his project becoming a Debian
> package?
Yes.  In particular, clauses 1 and 3 don't belong in a license at all;
clause 4 would be OK if it was a request rather than a requirement; and
clause 2 would just need to be removed.

-- 
There are none so blind as those who will not see.

Reply to:

References:
- Question about DFSG and a THC project
  - From: Jake Appelbaum <jacob@appelbaum.net>

Prev by Date: Re: DRAFT d-l summary of the OSL v2.0
Next by Date: Re: Question about DFSG and a THC project
Previous by thread: Re: Question about DFSG and a THC project
Next by thread: Collection of approved licences in the wiki
Index(es):
- Date
- Thread