[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Question about DFSG and a THC project

Jake Appelbaum wrote:

> Hello,
> I am interested in packaging "hydra" from the THC group. I think that it
> would be an excellent addition to the Debian project.
> My question arises from an added license that is in the hydra-3.1.tar.gz
> package that I downloaded from http://www.thc.org/releases.php
> The package has two files of importance to this topic:
> As it's not available on their website I will reproduce LICENCE.HYDRA
> here:
>                         LICENCE FOR HYDRA (all version)
>                      by van Hauser <vh@thc.org>
> 1. This software comes with no warrenty or promised features. If it
> works for you - fine. It just comes "AS-IS", which means as a bunch of
> bits and bytes.
This is fine, and should not be in the license; it should be a separate

> 2. Anyone may use this software and pass it on to other persons or
> companies as long as it is not charged for! (except for a small
> transfer/medium fee)
The requirement that the fee be "small" is probably not DFSG-free.

> 3. This tool may *NOT* be used for illegal purpose. Please check the law
> which affects your doing. I will have got no liability for any damage
> etc. done with this tool legally or illegaly.
The author is clearly not proficient in English, and should get help with
license drafting.  This shouldn't be in the license; it should be a
separate disclaimer.

> 4. If this tool is used while providing a commercial service (e.g. as
> part of a penetration test) the report has to state the tools name and
> version, and additionally the author (van Hauser) and the distribution
> homepage (http://www.thc.org).
This appears non-free.  (Anyway, what "report" is it talking about)?

> 5. In all other respects the GPL 2.0 applies
> The LISCENSE.GNU is the standard GPL 2.0
> So my questions regarding this package should be pretty obvious by this
> point.
> Is this even possible to package this and hope to get it into Debian?
> Or would this just be considered non-free?
> Should I email the upstream author and ask if he can remove those
> additional restrictions to facilitate his project becoming a Debian
> package?
Yes.  In particular, clauses 1 and 3 don't belong in a license at all;
clause 4 would be OK if it was a request rather than a requirement; and
clause 2 would just need to be removed.

There are none so blind as those who will not see.

Reply to: