Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Web sites compromised by IIS attack
From: Maarten <fulldisc () ultratux org>
Date: Sat, 3 Jul 2004 12:39:04 +0200

On Friday 02 July 2004 23:33, Barry Fitzgerald wrote:
Denis Dimick wrote:
Per the Free Software model it does.  The key point here is that Red Hat
is redistributing the code and making  a profit off of it.  It's Red
Hat's choice regarding whether to redistribute said code.  Since they're
making the money off of it, they have to support it.

Sorry Barry but your wrong. If I burn a CD of a bunch of appliactions I
get off the net and sell it, then by what your saying I should be
supporting it? So then my ISP should support all the applications I get
off the net since they take my money and give me net access?

No, I'm not wrong.

The discussion is about who's responsible for support of said software.
There's no obligation through the GNU GPL that support is required if
money changes hands, however the point of the discussion is who's
responsible for support of said software in a situation where the
software produced is broken and supported.

Red Hat sells support.  The act of taking binaries and actively and
intentionally redistributing them is a support service.

Well that is open to debate.  If I just download Redhat, they make no money 
off me.  Do they still have to fix my software then ? Are they responsible ?

I'll give you a couple of scenarios, you decide what you do in each case.

A guy walks in front of you. You see him throwing a sandwich in the bin. So 
you take it out and eat it, and subsequentially you get food-poisoning. Will 
you blame the guy ?  And if so, do you have any legal recourse to do so ?

Next, an unknown fellow hands you a sandwich saying he's not hungry anymore.
The same thing happens, you get sick off it.  Now do you blame / sue ?
(Let's assume he did not know the food had gone bad and acted in good faith)

Same scenario, but this time it is a friend who hands you the sandwich.
Do you sue him ?  Or do you perhaps sue the shop where he bought it ?
Can you even hold him responsible, seeing as he acted in good faith ?

Next scenario, someone sells you the sandwich, for 5 cents. You frown upon the 
exceptionally low price but you thank him and eat it nevertheless. Yada yada.

Last scenario, which you already know, you buy the sandwich at a normal price.
Do you sue in this case ?

Note: I don't have all the answers to the above... just some food (pun not 
intended) for thought...


What type of support you get is contractual based on what you service
level you "buy".

When Red Hat redistributes Free Software and takes money for support,
they become contractually liable to provide that support.

This isn't the same situation as your net access example for three
reasons: First, net access is a transmission medium.  ISP's are in the
business of providing access to a service for use of that service, not
in redistribution of software.  Second, the ISP isn't selling you a
support contract for software acquired through using their service.  Red
Hat does sell support contracts for software they redistribute.  Third,
Red Hat can modify the software it's redistributing, making them the
provider of said software.  The same can't be said for an ISP.

I suppose if you took my last sentence in the previous message in a
bubble and without any context, yeah - it'd be wrong since the GNU GPL
doesn't require that and has a no warranty clause.  However, I didn't
think that you'd read the message that way.  Mea Culpa.

Have to agree with you here. To me some of the software that they have
"bundled" into their CD's has been odd to say the least.

I fear that RH will probally try to become like M$ in the linux world.

Very unlikely.

As long as Red Hat complies with the GNU GPL (and they have and continue
to do so) they're not going to end up that way.

It's the SCOs and MSs of the world that deserve your anger.  Save your
energy for them.  :)


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]