DiGiT wrote:
> I would apreciate that neither you or anyone else publish my exploits
> to such a medium as this mailinglist or any sort of public arena.
Why not? You quite clearly indicate in the copyright notice at the top
of the code that:
> > * Copyright (c) 2000 - Security.is
> > *
> > * The following material may be freely redistributed, provided
> > * that the code or the disclaimer have not been partly removed,
> > * altered or modified in any way. The material is the property
> > * of security.is. You are allowed to adopt the represented code
> > * in your programs, given that you give credits where it's due.
That says 'freely distributed', right? That means (in my understanding)
that I can freely distribute it providing I haven't changed or modified
the code or disclaimer? Which I haven't done. That code was published
exactly as-is, without modification. It also had to pass through the
moderator of VULN-DEV prior to publishing; presumably if they thought
there were a conflict in some way that the posting would not have been
published to the list.
I suspect that this thread could spin out of control if we're not
careful, since we're going to enter the realms of the
full-disclosure-versus-privacy argument. I found your kit on a server I
was asked to investigate some problems with - along with code for about
60 other exploits - and following the non-appearance of any exploit code
for LPRng on this list, published it - *after* consulting your copyright
notice.
If you object, change the notice.
Have a good weekend
Graeme
Received on Dec 10 2000
Intro
