Usage of a nonfree program to improof Debian security?
I would like to improof security of debian packages by adding a lexical
scanner (searching for all kinds of insecure commands and programming
practices) into tools like lintian or the buildaemons.
A guy (John Viega <firstname.lastname@example.org>) allready has some of the features I would
like to see in this scanner and he sure is good at what he is dooing. The
problem is the license. Please find it attached to this mail.
I contacted him about that and the problem are the lawyers of his company, of
cause. We do not collide with the license if we use the program in the
described way. But we would not be able to have it in main, rather in nonfree.
Is it ok to use it in the debian-development process then? If we integrate it
into the builddaemons (which are not packaged and distributed anyway,
eventhough for different reasons) we would not even come close to distribute
How does Debian handel such issues? Policy isn't so positv about this, I
guess. Are there any earlier, similar cases?
I am not on this list. please cc me.