OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
FreeBSD Security Archives: Re: dump(8) Insecurity/Misconfigurat

Re: dump(8) Insecurity/Misconfiguration


Nate Williams (natemt.sri.com)
Mon, 27 Sep 1999 13:03:08 -0600


[ Rod, you *really* need to get out more ]

> > "Companies are permitted to use this program as long as it is not used for
> > revenue-generating purposes. For example, an Internet service provider is
> > allowed to install this program on their systems and permit clients to use
> > SSH to connect; however, actively distributing SSH to clients for the
> > purpose of providing added value requires separate licensing. Similarly,
> > a consultant may freely install this software on a client's machine for
> > his own use, but if he/she sells the client a system that uses SSH as a
> > component, a separate license is required."
> >
> > I'm no lawyer, but it seems like using SSH for helping with dumps
> > would fall well within this license since backing up files does not
> > really generate much revenue for us.
>
> I'm not a lawyer either, but I'll play the advocate here and show
> you why you are at risk. First, you used the word ``much'' in the
> above sentence. _Any_ is _some_ and is _not_ none, henceforth you
> voilate ``not used for ...''. Second, since backups are a critical
> piece of keeping your business operating

No, they are not. Many (most?) businesses are reliably operating
*today* without a working backup strategy. Yes, it's stupid, but it
doesn't effect their ability to do business. It's just that might not
work *as* reliably if a disk goes down, but stuff gets done even without
backups, since backups are rarely needed.

> A lot of people will say I have overstated the intent of the licence,
> I'll simply say that I am applying Blacks Legal dictionary to extract
> what _I_ see as the letter of the agreement.

Good thing you are aren't a lawyer.

> You may also find that the license fee is quite low for what you want to do.

NOT!

Nate

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



This archive was generated by hypermail 2.0b3 on Mon Sep 27 1999 - 23:53:23 CDT