Re: Bug#414534: ITP: sucrack -- multithreaded su bruteforcer
Tim Brown wrote:
>> Nope since he that did not go to d-d. Maybe you can outline professional
>> uses in the description like done in the previous answers?
>
> As to previous answers, verbatim:
>
> I'm packaging a bunch of security tools that I use in my job pen testing.
(..)
> companies using my packages, so I figured they'd be useful to the community.
Which other tools do you intent to package?
>> IANAL but there may be countries where distributing such a tool, with it's
>> main/only purpose to break access restrictions, may not be legal (there was
>> some discussion about this in Germany but I did not follow it closely).
>
> The upstream developer is German, I will discuss with him any due diligence he
> may have performed and report back (he's AFK for next week or so).
The bill hasn't been decided yet. The current state of affairs can be found here:
(German language only)
http://dip.bundestag.de/extrakt/16/019/16019307.htm
Several useful tools packages will no longer be distributable; but this only
affects German mirror operators and CD vendors, not Debian at large.
It's not yet clear, whether it will be illegal to test a security update with
a reproducer exploit.
Funnily, the BSI - the German government agency for IT security - provides
a pen-testing CD with free software security tools for download:
http://www.bsi.de/produkte/boss/index.htm
They also have taste and run Debian on a part of their systems:
http://www.bsi.de/produkte/erposs/index.htm
Anyone with good connections to German government bodies running Debian (and
there are quite many) should use their contacts to lobby against this bill.
Cheers,
Moritz
Reply to: