FW: Re: debian & portsentry
Hi, below is a mail from an upstream regarding portsentry. This package
currently has a non-free license. http://www.psionic.com/abacus/portsentry/ is
its home page.
The license currently has two faults:
a) you must ask his permission to modify the code
b) portsentry may not be sold along w/ other software as a "security bundle"
We would like to come to a middle ground allowing this software to be in Debian.
Please cc the author in your replies (and myself).
Guido Guenther is a new maintainer trying to package portsentry.
--------
Date: Mon, 20 Sep 1999 13:38:36 -0500 (CDT)
From: "Craig H. Rowland" <crowland@psionic.com>
To: Guido Guenther <Guido.Guenther@uni-konstanz.de>
Subject: Re: debian & portsentry
>
> Are you in any way interested to see portsentry included in the next
> official debian release. I(but not just me) would really like to include
> portsentry into the upcoming release(potato), but this would require some
> rather small changes in the copyright to meet the debian policy. I've
> discussed the policy problem with Sean Perry who send me the following
> answer:
I would love for this to happen. The main problem is the license. My
software is not GNU/BSD. This is for a variety of reasons:
1) I need to ensure code integrity because of the nature of the tool. If a
person makes a change to the code that seriously hurts security it
reflects poorly on me. I've had some patch submissions that did exactly
that (one even introduced a remote root exploit!!). I need to ensure that
I maintain control over all versions where possible.
2) I work for Cisco Systems Inc. and specifically do development work on
intrusion detection and vulnerability assessment tools
(NetRanger/NetSonar). I need to make sure nobody bundles all my tools
together and sells them separately. This is a conflict of interest and
could get me fired. My employment contract specifically excludes my tools
to protect myself and my end users, but I don't want to stir up any
problems where none exist.
I would be happy to discuss these issues directly with anyone from the
Debian team. Perhaps a compromise can be reached somehow. You can see from
the license that I want to encourage the free OS's to use the tools
because of the value they have given to me. I'm very flexible in many
respects to this and I need to think about the entire issue some more to
decide what to do. Perhaps the person from Debian who is responsible for
this decision can write me so we can chat?
> Hope I´m not bothering you too much and you don´t consider my frequent
> requests as spam...but I think the "portsentry/logcheck" team are
> a security improvement debian shouldn´t miss...
> Guido Guenther
I agree and I'd love for this to happen. Perhaps we can reach an
alternative agreement that both parties can accept.
Thanks,
-- Craig
--------------End of forwarded message-------------------------
Reply to: