OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: [Full-Disclosure] Web sites compromised by IIS attack

From: Barry Fitzgerald (bkfsecsdf.lonestar.org)
Date: Fri Jul 02 2004 - 16:33:35 CDT


Denis Dimick wrote:

>>Per the Free Software model it does. The key point here is that Red Hat
>>is redistributing the code and making a profit off of it. It's Red
>>Hat's choice regarding whether to redistribute said code. Since they're
>>making the money off of it, they have to support it.
>>
>>
>>
>
>Sorry Barry but your wrong. If I burn a CD of a bunch of appliactions I
>get off the net and sell it, then by what your saying I should be
>supporting it? So then my ISP should support all the applications I get
>off the net since they take my money and give me net access?
>
>
>
No, I'm not wrong.

The discussion is about who's responsible for support of said software.
There's no obligation through the GNU GPL that support is required if
money changes hands, however the point of the discussion is who's
responsible for support of said software in a situation where the
software produced is broken and supported.

Red Hat sells support. The act of taking binaries and actively and
intentionally redistributing them is a support service.

What type of support you get is contractual based on what you service
level you "buy".

When Red Hat redistributes Free Software and takes money for support,
they become contractually liable to provide that support.

This isn't the same situation as your net access example for three
reasons: First, net access is a transmission medium. ISP's are in the
business of providing access to a service for use of that service, not
in redistribution of software. Second, the ISP isn't selling you a
support contract for software acquired through using their service. Red
Hat does sell support contracts for software they redistribute. Third,
Red Hat can modify the software it's redistributing, making them the
provider of said software. The same can't be said for an ISP.

I suppose if you took my last sentence in the previous message in a
bubble and without any context, yeah - it'd be wrong since the GNU GPL
doesn't require that and has a no warranty clause. However, I didn't
think that you'd read the message that way. Mea Culpa.

>
>Have to agree with you here. To me some of the software that they have
>"bundled" into their CD's has been odd to say the least.
>
>I fear that RH will probally try to become like M$ in the linux world.
>
>
>
>

Very unlikely.

As long as Red Hat complies with the GNU GPL (and they have and continue
to do so) they're not going to end up that way.

It's the SCOs and MSs of the world that deserve your anger. Save your
energy for them. :)

             -Barry

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html