[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#308364: ITP: waste -- Software product and protocol that enables secure distributed communication for small trusted groups of users.



Le Vendredi 13 Mai 2005 12:18, vous avez écrit :
> I took a quick look at the code and found it may require DFSG actions.
>
> http://cvs.sourceforge.net/viewcvs.py/waste/waste/license.cpp?rev=1.1&view=
>auto that arrays are either the GPL license itself, backdoor code (who
> knows, I didn't try to decode it) or some hashes of something.
>
> To me it seems it violates the GPL, the source code is not in a
> changeable form.
>
> It is also a good place to hide backdoors when crackers get access the
> the source code repository...

Yep, when I see that:
WASTE - license.cpp
Copyright (C) 2003 Nullsoft, Inc.
Copyright (C) 2004 WASTE Development Team

Then that:
//ADDED Md5Chap - THIS PART IS GPL LICENSE!!! TOUCH AND DIE!

Followed by a full binary only array, I feel it like you: it might be a good 
place for a backdoor, given that TOUCH AND DIE seems very strange refering to 
GPL licence...

I'm shouting an email to the public mailing list, CCed  the bug adress.

Romain
-- 
If you are the big tree,
We are the small axe,
Ready to cut you down,
Sharpen to cut you down....

Attachment: pgpc0gH7JlhgQ.pgp
Description: PGP signature


Reply to: