Fwd: [opensuse-buildservice] Re: RAR crack tool permitted on OBS?
Forgot to include the list:
On Sat, Jul 27, 2013 at 4:26 PM, Kyrill Detinov
On Sat, 27 Jul 2013 13:38:51 -0500 Malcolm wrote:
Well I would assume that since it's a cracking tool, it would clarify for OBS users?
Hi.
I hope, it's a recovery tool for forgotten passwords. The program site informs:
Warning: Please don't use this program for any illegal things!
BTW. We have one more tool in the _security_ repository. ;) https://build.opensuse.org/package/show?project=security&package=pdfcrack
It can also be a pen-testing tool. It's really no job of a distribution to worry about how users use the software inside. I mean, if it was a botnet, whose only discernible purpose is inherently illegal, maybe (and just maybe). But password cracking software exists for many reasons other than to crack someone else's password. And even if not, until someone legally complains, and somehow the distribution is forced to remove it, I see no point in banning any software. If it was just the potential for illegal use, you'd also ban cp, since it can be used to copy copyrighted content, and also gimp, since it can be used to edit content licensed under no-derivatives, and whatever other software you could imagine was harmless, which can most certainly be used for some illegal purpose. Not to mention that password cracking, in my IANAL view (because IANAL), isn't illegal at all. At least in my jurisdiction. So no... there's no reason to ban it. -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
On Sat, Jul 27, 2013 at 3:44 PM, Claudio Freire
Not to mention that password cracking, in my IANAL view (because IANAL), isn't illegal at all. At least in my jurisdiction.
It is not in most jurisdictions, but Germany has some of the strictest laws for computer hacking tool distribution and openSUSE follows German law for the repositories. Given that tools like metasploit are readily available to the bad guys, it seems important that vulnerability testers have the same access to the tools. Maybe that class of security tools could go into pacman (or maybe they already do). Greg -- Greg Freemyer -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
It totally depends on the use. It's probably safe to say cracking anything -- be it a RAR file or a safe -- that isn't yours is illegal. By the same virtue we shouldn't ban bash despite it being a powerful tool that has the /potential/ to be used for many, many malicious purposes. -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
On Saturday 2013-07-27 22:57, Greg Freemyer wrote:
On Sat, Jul 27, 2013 at 3:44 PM, Claudio Freire
wrote: Not to mention that password cracking, in my IANAL view (because IANAL), isn't illegal at all. At least in my jurisdiction.
It is not in most jurisdictions, but Germany has some of the strictest laws for computer hacking tool distribution and openSUSE follows German law for the repositories.
If it really was like that, why do we still have traceroute and nmap? -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
On Sun, 28 Jul 2013 23:57:37 +0200, Jan Engelhardt wrote:
On Saturday 2013-07-27 22:57, Greg Freemyer wrote:
On Sat, Jul 27, 2013 at 3:44 PM, Claudio Freire
wrote: Not to mention that password cracking, in my IANAL view (because IANAL), isn't illegal at all. At least in my jurisdiction.
It is not in most jurisdictions, but Germany has some of the strictest laws for computer hacking tool distribution and openSUSE follows German law for the repositories.
If it really was like that, why do we still have traceroute and nmap?
Arguably, those tools are diagnostic tools, not password cracking tools. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
Jim Henderson
On Sun, 28 Jul 2013 23:57:37 +0200, Jan Engelhardt wrote:
On Saturday 2013-07-27 22:57, Greg Freemyer wrote:
On Sat, Jul 27, 2013 at 3:44 PM, Claudio Freire
wrote: Not to mention that password cracking, in my IANAL view (because IANAL), isn't illegal at all. At least in my jurisdiction.
It is not in most jurisdictions, but Germany has some of the strictest laws for computer hacking tool distribution and openSUSE follows German law for the repositories.
If it really was like that, why do we still have traceroute and nmap?
Arguably, those tools are diagnostic tools, not password cracking tools.
Jim
Or password remembering tool ;) Anyway I think such packages should be at packman… -- Dmitriy DA(P).DarkneSS Perlow / Linux x64 -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
On Mon, 29 Jul 2013 01:19:46 +0300, Dmitriy Perlow wrote:
Jim Henderson
Mon, 29 Jul 2013 01:10:43 +0300: On Sun, 28 Jul 2013 23:57:37 +0200, Jan Engelhardt wrote:
On Saturday 2013-07-27 22:57, Greg Freemyer wrote:
On Sat, Jul 27, 2013 at 3:44 PM, Claudio Freire
wrote: Not to mention that password cracking, in my IANAL view (because IANAL), isn't illegal at all. At least in my jurisdiction.
It is not in most jurisdictions, but Germany has some of the strictest laws for computer hacking tool distribution and openSUSE follows German law for the repositories.
If it really was like that, why do we still have traceroute and nmap?
Arguably, those tools are diagnostic tools, not password cracking tools.
Jim
Or password remembering tool ;) Anyway I think such packages should be at packman…
To my knowledge, traceroute doesn't have anything to do with passwords, nor does nmap (nmap is a port scanner, not a password tool). Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
On Sun, Jul 28, 2013 at 7:10 PM, Jim Henderson
On Sun, 28 Jul 2013 23:57:37 +0200, Jan Engelhardt wrote:
On Saturday 2013-07-27 22:57, Greg Freemyer wrote:
On Sat, Jul 27, 2013 at 3:44 PM, Claudio Freire
wrote: Not to mention that password cracking, in my IANAL view (because IANAL), isn't illegal at all. At least in my jurisdiction.
It is not in most jurisdictions, but Germany has some of the strictest laws for computer hacking tool distribution and openSUSE follows German law for the repositories.
If it really was like that, why do we still have traceroute and nmap?
Arguably, those tools are diagnostic tools, not password cracking tools.
May I remind people that cracklib (a password cracking library) is part of the core tools? To help check password strength when using passwd? (through pam_cracklib) There's nothing shady about password cracking, as there's nothing shady about copying files. It's the intent and purpose of specific instances of those actions what matters, but that kind of distinction doesn't belong to a software package blacklist. IMHO. -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
On Mon, Jul 29, 2013 at 01:58:58AM -0300, Claudio Freire wrote:
On Sun, Jul 28, 2013 at 7:10 PM, Jim Henderson
wrote: On Sun, 28 Jul 2013 23:57:37 +0200, Jan Engelhardt wrote:
On Saturday 2013-07-27 22:57, Greg Freemyer wrote:
On Sat, Jul 27, 2013 at 3:44 PM, Claudio Freire
wrote: Not to mention that password cracking, in my IANAL view (because IANAL), isn't illegal at all. At least in my jurisdiction.
It is not in most jurisdictions, but Germany has some of the strictest laws for computer hacking tool distribution and openSUSE follows German law for the repositories.
If it really was like that, why do we still have traceroute and nmap?
Arguably, those tools are diagnostic tools, not password cracking tools.
May I remind people that cracklib (a password cracking library) is part of the core tools? To help check password strength when using passwd? (through pam_cracklib)
There's nothing shady about password cracking, as there's nothing shady about copying files. It's the intent and purpose of specific instances of those actions what matters, but that kind of distinction doesn't belong to a software package blacklist.
The decision in the end would lay with lawyers and judges. So we *could* poll our legal folks on that question, but as all legal people they will more tend to be careful ;) I vaguely remember that for guidance the primary purpose of the tool is questioned here. If it is primary or even solely for hacking purposes, it is considered a hacker tool. If it is multi purpose (like tcpdump, nmap, wireshark, or john) it is more or less ok. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
participants (7)
-
Andrew Joakimsen
-
Claudio Freire
-
Dmitriy Perlow
-
Greg Freemyer
-
Jan Engelhardt
-
Jim Henderson
-
Marcus Meissner