Re: Question about DFSG and a THC project
Jake Appelbaum wrote:
> Hello,
>
> I am interested in packaging "hydra" from the THC group. I think that it
> would be an excellent addition to the Debian project.
>
> My question arises from an added license that is in the hydra-3.1.tar.gz
> package that I downloaded from http://www.thc.org/releases.php
>
> The package has two files of importance to this topic:
> LICENCE.HYDRA
> LICENSE.GNU
>
> As it's not available on their website I will reproduce LICENCE.HYDRA
> here:
>
> LICENCE FOR HYDRA (all version)
> by van Hauser <vh@thc.org>
>
>
> 1. This software comes with no warrenty or promised features. If it
> works for you - fine. It just comes "AS-IS", which means as a bunch of
> bits and bytes.
This is fine, and should not be in the license; it should be a separate
disclaimer.
> 2. Anyone may use this software and pass it on to other persons or
> companies as long as it is not charged for! (except for a small
> transfer/medium fee)
The requirement that the fee be "small" is probably not DFSG-free.
> 3. This tool may *NOT* be used for illegal purpose. Please check the law
> which affects your doing. I will have got no liability for any damage
> etc. done with this tool legally or illegaly.
The author is clearly not proficient in English, and should get help with
license drafting. This shouldn't be in the license; it should be a
separate disclaimer.
> 4. If this tool is used while providing a commercial service (e.g. as
> part of a penetration test) the report has to state the tools name and
> version, and additionally the author (van Hauser) and the distribution
> homepage (http://www.thc.org).
This appears non-free. (Anyway, what "report" is it talking about)?
> 5. In all other respects the GPL 2.0 applies
>
> LICENCE.HYDRA (END)
>
>
> The LISCENSE.GNU is the standard GPL 2.0
>
>
> So my questions regarding this package should be pretty obvious by this
> point.
>
> Is this even possible to package this and hope to get it into Debian?
>
> Or would this just be considered non-free?
>
> Should I email the upstream author and ask if he can remove those
> additional restrictions to facilitate his project becoming a Debian
> package?
Yes. In particular, clauses 1 and 3 don't belong in a license at all;
clause 4 would be OK if it was a request rather than a requirement; and
clause 2 would just need to be removed.
--
There are none so blind as those who will not see.
Reply to: