It turns out that there are severe issues with the Majordomo license (which
is appended at the end) when trying to resolve security matters of example..
The problems are caused by this phrase:
You may not publicly distribute a modified or
incomplete version of Majordomo.
[see below, part 2d]
Now you can wonder what "Majordomo" means and what "modified" means. I'd say
define them as the upstream .tar.gz archive and any changes to it. This
implies that I (as the maintainer of the Debian majordomo package) am not
allowed to make changes to the scripts. With the current (BUGTRAQ and other
places) security problems with majordomo, this s*cks. Majordomo is in
non-free currently, by the way.
It was brought to my attention that SuSE (Hi, Joey :> ) released a public
statement on this issue, stating that they won't supply fixes to those
security matters because of the license. I guess other distributions will
In my humble opinion there are two ways to get rid of this matter:
. remove majordomo from the distribution. I don't think the userbase
would like this.
. don't alter the scripts that come with majordomo, but patch them in
postinst. I don't like to do it that way, but maybe it could work..?
Any suggestions and ideas to resolve this issue are appreciated.
PS Please keep me Cc'd as I am not on this list.
MAJORDOMO LICENSE AGREEMENT
18 May 96
Great Circle Associates (GCA) is the original developer of Majordomo,
a package for managing Internet mailing lists. Since its initial
release, many organizations and individuals have contributed
enhancements and fixes, but the original copyright has been retained
by Great Circle Associates.
Majordomo is distributed in source code form, with almost all
modules written in Perl (there is one small C program), and runs
on many UNIX platforms. Majordomo is not a supported product of
Great Circle Associates, but is made available for use on the following
GCA grants you a license as follows to the Majordomo package:
1. LICENSE. GCA grants you a non-exclusive, non-transferable
license for the Majordomo package ("Majordomo") and its associated
documentation, subject to all of the following terms and conditions.
In accepting a copy of Majordomo you agree to the following terms
This license permits you to use, copy, and modify Majordomo
solely for your organization's use.
2. LIMITATIONS ON LICENSE.
a. You may only use, copy, and modify Majordomo
as expressly provided for in this Agreement.
You must reproduce and include this Agreement, and
GCA's copyright notices on any copy and its
b. No part of Majordomo may be incorporated into any
program or other product that is sold, or for which any
revenue is received without written permission of
Great Circle Associates, with the following exceptions:
You may install Majordomo at your site and run
mailing lists for other using it, and charge for
You may install Majordomo at other sites, and
charge for your time to install, configure,
customize, and manage it.
You may charge for enhancements you've made to
the Majordomo software, subject to the distribution
restrictions listed below.
You may not charge for the Majordomo software
A commercial license will be required in all other cases.
c. If Majordomo is being provided or configured for a
customer, the provider must clearly state in
documentation and bid/proposal materials that the
Majordomo technologies are licensed and provided
by Great Circle Associates, and a copy of this
license must be included with the configured
d. Majordomo, if modified, must carry prominent notices
stating that changes have been made, and the dates of
any such changes.
You may publicly distribute an unmodified and
complete version of Majordomo, for instance as
part of a collection of free software packages,
but you must distribute the whole package, and
you must tell people where they can obtain the
You may not publicly distribute a modified or
incomplete version of Majordomo. You may make
such a version available to your own clients,
subject to the restrictions below, but not to the
general public (for instance, by placing it on an
anonymous FTP site).
You may not distribute (publicly or privately) a modified
version of Majordomo without clearly identifying it as such
(by changing the version string in majordomo_version.pl),
identifying the changes (through appropriate README
documentation and/or comments in the code),
identifying who will be responsible for supporting
the modified version, and informing people receiving
the modified version where they can find an
e. All rights not expressly granted herein are reserved to GCA.
3. NO GCA OBLIGATION: You are solely responsible for maintaining
your copy of Majordomo and the security of the operating environment in
which Majordomo may be used. You are solely responsible for all of your
costs and expenses incurred in connection with the distribution of Majordomo
or any Application Program hereunder, and GCA shall have no liability,
obligation or responsibility therefor. GCA shall have no obligation to
provide maintenance, support, upgrades, or new releases to you.
4. NO WARRANTY OF PERFORMANCE. Majordomo and its associated
documentation are licensed "as is" without warranty as to their
performance, merchantability, or fitness for any particular purpose.
The entire risk as to the results and performance of Majordomo is
assumed by you. Should Majordomo prove defective, you assume the
entire cost of all necessary servicing, repair, or correction.
5. LIMITATION OF LIABILITY. Neither GCA nor any other
person who has been involved in the creation, production or delivery
of Majordomo shall be liable to you or to any other person for any
direct, indirect, special, incidental, consequential, or punitive
damages, even if GCA has been advised of the possibility of such
6. TERM. The license granted hereunder is effective until
terminated. This license shall automatically terminate without notice
if you breach any of the provisions hereof. You may terminate it at
any time by destroying Majordomo and its associated documentation.
a. This Agreement shall be governed by the laws of
the State of California.
b. Address all correspondence regarding this license
to GCA's electronic mail address
<firstname.lastname@example.org>, or to
Great Circle Associates
1057 West Dana Street
Mountain View, CA 94041
[ Note: the form of this license was derived, by permission, from the license
for the Firewalls Toolkit distributed by Trusted Information Systems, Inc. ]