Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Web sites compromised by IIS attack
From: Barry Fitzgerald <bkfsec () sdf lonestar org>
Date: Fri, 02 Jul 2004 17:33:35 -0400

Denis Dimick wrote:

Per the Free Software model it does. The key point here is that Red Hat is redistributing the code and making a profit off of it. It's Red Hat's choice regarding whether to redistribute said code. Since they're making the money off of it, they have to support it.

Sorry Barry but your wrong. If I burn a CD of a bunch of appliactions I get off the net and sell it, then by what your saying I should be supporting it? So then my ISP should support all the applications I get off the net since they take my money and give me net access?

No, I'm not wrong. The discussion is about who's responsible for support of said software. There's no obligation through the GNU GPL that support is required if money changes hands, however the point of the discussion is who's responsible for support of said software in a situation where the software produced is broken and supported.

Red Hat sells support. The act of taking binaries and actively and intentionally redistributing them is a support service.

What type of support you get is contractual based on what you service level you "buy". When Red Hat redistributes Free Software and takes money for support, they become contractually liable to provide that support. This isn't the same situation as your net access example for three reasons: First, net access is a transmission medium. ISP's are in the business of providing access to a service for use of that service, not in redistribution of software. Second, the ISP isn't selling you a support contract for software acquired through using their service. Red Hat does sell support contracts for software they redistribute. Third, Red Hat can modify the software it's redistributing, making them the provider of said software. The same can't be said for an ISP.

I suppose if you took my last sentence in the previous message in a bubble and without any context, yeah - it'd be wrong since the GNU GPL doesn't require that and has a no warranty clause. However, I didn't think that you'd read the message that way. Mea Culpa.

Have to agree with you here. To me some of the software that they have "bundled" into their CD's has been odd to say the least. I fear that RH will probally try to become like M$ in the linux world.

Very unlikely.

As long as Red Hat complies with the GNU GPL (and they have and continue to do so) they're not going to end up that way.

It's the SCOs and MSs of the world that deserve your anger. Save your energy for them. :)


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]