[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#414534: ITP: sucrack -- multithreaded su bruteforcer

Tim Brown wrote:
>> Nope since he that did not go to d-d. Maybe you can outline professional
>> uses in the description like done in the previous answers?
> As to previous answers, verbatim:
> I'm packaging a bunch of security tools that I use in my job pen testing.  
> companies using my packages, so I figured they'd be useful to the community.  

Which other tools do you intent to package?

>> IANAL but there may be countries where distributing such a tool, with it's
>> main/only purpose to break access restrictions, may not be legal (there was
>> some discussion about this in Germany but I did not follow it closely).
> The upstream developer is German, I will discuss with him any due diligence he 
> may have performed and report back (he's AFK for next week or so).  

The bill hasn't been decided yet. The current state of affairs can be found here:
(German language only)

Several useful tools packages will no longer be distributable; but this only
affects German mirror operators and CD vendors, not Debian at large.
It's not yet clear, whether it will be illegal to test a security update with
a reproducer exploit.

Funnily, the BSI - the German government agency for IT security - provides
a pen-testing CD with free software security tools for download:
They also have taste and run Debian on a part of their systems:

Anyone with good connections to German government bodies running Debian (and
there are quite many) should use their contacts to lobby against this bill.


Reply to: