[opensuse-buildservice] Metasploit and same type of packages
People of (open)SuSE/Novell @security, I have a question. I would like to build a package for metasploit in the buildservice. As metasploit is controversial for for some people. As it's seen as a hack tool, but it's also a tool tool demonstrate vulnerabilities and to do exploit tests on code and security testing. Important I'm NOT building the package for people to exploit systems that they are not authorised to. I'm also against this. I wonder if it's ok to build such a package in respect to legal issues and openSuSE/Novell policy. Regards, Joop. -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On Freitag 07 November 2008 15:47:14 Joop Boonen wrote:
I do not know the tool, but your description sounds like it is illegal in germany according to the new laws from this year. So I am sorry, please do not upload this to our servers (since Build Service is located in germany). bye adrian -- Adrian Schroeter SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On 2008-11-09 11:20, Adrian Schröter wrote:
I'm no legal expert, and my memory could fail me, but according to that law, isn't nmap and nessus illegal tools as well ? I seem to remember it like that, but it could just as well be a myth. /Sylvester -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On Mon, Nov 10, 2008 at 6:06 PM, Sylvester Lykkehus <zly@solidonline.dk> wrote:
I use it for checking the security of the servers I maintain. With the combination of nikto I found it very useful IMHO. But the installation is really straightforward just extract the tarball and call the Ruby program. Is it really necessary to put it on buildservice? (I cannot comment on legal aspect, there are always a pro's and con's for the tools like this one) greeting, medwinz -- Robert Orben - "Never raise your hand to your children - it leaves your midsection unprotected." -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Hello Adrian, OK I won't upload it. It's a pitty that Germany doesn't allow sniff and security test tools any more. I hope the law will change. Regards, Joop. On Freitag 07 November 2008 15:47:14 Joop Boonen wrote:
-- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On Monday 10 November 2008 07:23:00 Joop Boonen wrote:
I hope the law will change.
Don't hold your breath. They were warned many times on consequences, but they made it a law anyway. -- Regards, Rajko -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On Mon, Nov 10, 2008 at 02:23:00PM +0100, Joop Boonen wrote:
There is a wide range of security test tools... nmap, nessus, wireshark can be explained as debugging tools, they do not actually intrude on systems. Metasploit with its ready made intrusion exploits is definitely a "hacker tool" under the new german law, so we cannot include it. (Its installation is not hard though, so the expert/admin will have not much trouble installing it himself from source.) Ciao, Marcus -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On Freitag 07 November 2008 15:47:14 Joop Boonen wrote:
I do not know the tool, but your description sounds like it is illegal in germany according to the new laws from this year. So I am sorry, please do not upload this to our servers (since Build Service is located in germany). bye adrian -- Adrian Schroeter SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On 2008-11-09 11:20, Adrian Schröter wrote:
I'm no legal expert, and my memory could fail me, but according to that law, isn't nmap and nessus illegal tools as well ? I seem to remember it like that, but it could just as well be a myth. /Sylvester -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On Mon, Nov 10, 2008 at 6:06 PM, Sylvester Lykkehus <zly@solidonline.dk> wrote:
I use it for checking the security of the servers I maintain. With the combination of nikto I found it very useful IMHO. But the installation is really straightforward just extract the tarball and call the Ruby program. Is it really necessary to put it on buildservice? (I cannot comment on legal aspect, there are always a pro's and con's for the tools like this one) greeting, medwinz -- Robert Orben - "Never raise your hand to your children - it leaves your midsection unprotected." -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Hello Adrian, OK I won't upload it. It's a pitty that Germany doesn't allow sniff and security test tools any more. I hope the law will change. Regards, Joop. On Freitag 07 November 2008 15:47:14 Joop Boonen wrote:
-- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On Monday 10 November 2008 07:23:00 Joop Boonen wrote:
I hope the law will change.
Don't hold your breath. They were warned many times on consequences, but they made it a law anyway. -- Regards, Rajko -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On Mon, Nov 10, 2008 at 02:23:00PM +0100, Joop Boonen wrote:
There is a wide range of security test tools... nmap, nessus, wireshark can be explained as debugging tools, they do not actually intrude on systems. Metasploit with its ready made intrusion exploits is definitely a "hacker tool" under the new german law, so we cannot include it. (Its installation is not hard though, so the expert/admin will have not much trouble installing it himself from source.) Ciao, Marcus -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
participants (6)
-
Adrian Schröter -
Joop Boonen -
Marcus Meissner -
medwinz -
Rajko M. -
Sylvester Lykkehus