[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Majordomo problems



On Fri, Jan 07, 2000 at 11:43:35AM +0100, Remco van de Meent wrote:
> Hey all,
> 
> It turns out that there are severe issues with the Majordomo license (which
> is appended at the end) when trying to resolve security matters of example..
> The problems are caused by this phrase:
> 
>          You may not publicly distribute a modified or 
>          incomplete version of Majordomo.
>          [see below, part 2d]
> 
> Now you can wonder what "Majordomo" means and what "modified" means. I'd say
> define them as the upstream .tar.gz archive and any changes to it.  This
> implies that I (as the maintainer of the Debian majordomo package) am not
> allowed to make changes to the scripts. With the current (BUGTRAQ and other
> places) security problems with majordomo, this s*cks. Majordomo is in
> non-free currently, by the way.
> 

No license can take away your right to distribute changes in the form of a
patch. See http://cr.yp.to/softwarelaw.html , which reads:

"Note that, since it's not copyright infringement for you to apply a patch,
it's also not copyright infringement for someone to give you a patch. For
example, Galoob's Game Genie, which patches the software in Nintendo
cartridges, does not infringe Nintendo's copyrights. `Having paid Nintendo a
fair return, the consumer may experiment with the product and create new
variations of play, for personal enjoyment, without creating a derivative
work.'' Galoob v. Nintendo, 780 F. Supp 1283 (N.D. Cal. 1991), affirmed, 22
U.S.P.Q.2d 1587 (9th Cir. 1992). See also Foresight v. Pfortmiller, 719 F.
Supp 1006 (D. Kan. 1989)."

Of course, the license sucks and the software belongs in non-free. If we
need to distribute a modified version, we can only do so by distributing the
original and a patch - which makes distributing pre-built .deb files
impossible. If Majordomo has serious bugs that the license doesn't permit us
to fix, and the upstream authors don't show signs of extreme dilligence in
getting us fixed versions when a bug is found, I'll concur with you and and
SuSE that we remove Majordomo from Debian. 

-- 
Brian Ristuccia
brianr@osiris.978.org
bristucc@nortelnetworks.com
bristucc@cs.uml.edu


Reply to: