Usage of a nonfree program to improof Debian security?

To: debian-legal@lists.debian.org
Subject: Usage of a nonfree program to improof Debian security?
From: Andreas Schuldei <andreas@schuldei.org>
Date: Sat, 7 Oct 2000 20:10:08 +0200
Message-id: <[🔎] 20001007201008.B13062@sigrid.schuldei.com>

I would like to improof security of debian packages by adding a lexical
scanner (searching for all kinds of insecure commands and programming
practices) into tools like lintian or the buildaemons.

A guy (John Viega <viega@list.org>) allready has some of the features I would
like to see in this scanner and he sure is good at what he is dooing. The
problem is the license. Please find it attached to this mail.

I contacted him about that and the problem are the lawyers of his company, of
cause. We do not collide with the license if we use the program in the
described way. But we would not be able to have it in main, rather in nonfree.

Is it ok to use it in the debian-development process then? If we integrate it
into the builddaemons (which are not packaged and distributed anyway,
eventhough for different reasons) we would not even come close to distribute
it.

How does Debian handel such issues? Policy isn't so positv about this, I
guess. Are there any earlier, similar cases?

I am not on this list. please cc me.

Reply to:

Follow-Ups:
- Re: Usage of a nonfree program to improof Debian security?
  - From: Richard Braakman <dark@xs4all.nl>

Prev by Date: Re: Irony of RSA Encryption
Next by Date: attached license of security scanner
Previous by thread: Re: Irony of RSA Encryption
Next by thread: Re: Usage of a nonfree program to improof Debian security?
Index(es):
- Date
- Thread