Re: [opensuse-packaging] Distributing Metasploit on OBS?
On 06/23/2016 11:58 PM, Greg Freemyer wrote:
On Thu, Jun 23, 2016 at 11:46 PM, Uzair Shamim <ushamim@linux.com> wrote:
Hi,
I'm curious about if it is legal/within rules to distribute Metasploit on OBS? I have been able to get the package to build and so on but I am not sure if this breaks some rule for distribution. Part of my concern is that Metasploit does come bundled with exploits so it could possibly cause issues with the law.
Any feedback/answers would be appreciated!
Uzair,
It is definitely legal in the US, the concern is German law. OBS restricts itself to hosting packages that are legal from both the US and German law perspective.
There are some "auditing" tools in OBS that a user can use to attempt to hack/crack their website / passwords.
Metasploit is conceptually similar in my mind so it is conceivable.
Do you want it in a home project? devel project? factory?
Hi, For now I would like it in my home repo but it would be nice to get it into at least a devel repo. Besides the legal questions, part of the problem for now is getting some of the ruby libs I need for Metasploit built in my repo and then I would like to submit to devel. -- Regards, Uzair Shamim -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
Hi, German law prohibits delivery of tools explicitly designed for hacking other machines, so the answer is "No". Ciao, Marcus On Fri, Jun 24, 2016 at 12:10:53AM -0400, Uzair Shamim wrote:
On 06/23/2016 11:58 PM, Greg Freemyer wrote:
On Thu, Jun 23, 2016 at 11:46 PM, Uzair Shamim <ushamim@linux.com> wrote:
Hi,
I'm curious about if it is legal/within rules to distribute Metasploit on OBS? I have been able to get the package to build and so on but I am not sure if this breaks some rule for distribution. Part of my concern is that Metasploit does come bundled with exploits so it could possibly cause issues with the law.
Any feedback/answers would be appreciated!
Uzair,
It is definitely legal in the US, the concern is German law. OBS restricts itself to hosting packages that are legal from both the US and German law perspective.
There are some "auditing" tools in OBS that a user can use to attempt to hack/crack their website / passwords.
Metasploit is conceptually similar in my mind so it is conceivable.
Do you want it in a home project? devel project? factory?
Hi,
For now I would like it in my home repo but it would be nice to get it into at least a devel repo. Besides the legal questions, part of the problem for now is getting some of the ruby libs I need for Metasploit built in my repo and then I would like to submit to devel.
-- Regards, Uzair Shamim -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
-- Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real <meissner@suse.de> -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On 06/24/2016 03:16 AM, Marcus Meissner wrote:
Hi,
German law prohibits delivery of tools explicitly designed for hacking other machines, so the answer is "No".
Ciao, Marcus
Hi, So what would be the best way to distribute RPMs? Build on my machine and then share via github or something? -- Regards, Uzair Shamim -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
Gesendet: Montag, 27. Juni 2016 um 07:46 Uhr Von: "Uzair Shamim" <ushamim@linux.com> An: opensuse-packaging@opensuse.org Betreff: Re: [opensuse-packaging] Distributing Metasploit on OBS?
On 06/24/2016 03:16 AM, Marcus Meissner wrote:
Hi,
German law prohibits delivery of tools explicitly designed for hacking other machines, so the answer is "No".
Ciao, Marcus
Hi,
So what would be the best way to distribute RPMs? Build on my machine and then share via github or something?
Talk to the packman-maintainers if they would host it. Best regards Axel -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On 06/27/2016 05:42 AM, Axel Braun wrote:
Gesendet: Montag, 27. Juni 2016 um 07:46 Uhr Von: "Uzair Shamim" <ushamim@linux.com> An: opensuse-packaging@opensuse.org Betreff: Re: [opensuse-packaging] Distributing Metasploit on OBS?
On 06/24/2016 03:16 AM, Marcus Meissner wrote:
Hi,
German law prohibits delivery of tools explicitly designed for hacking other machines, so the answer is "No".
Ciao, Marcus
Hi,
So what would be the best way to distribute RPMs? Build on my machine and then share via github or something?
Talk to the packman-maintainers if they would host it.
Best regards Axel
Hi, Doesnt packman host repos in Germany and so would be subject to the same restrictions in this case? -- Regards, Uzair Shamim -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
Hi,
So what would be the best way to distribute RPMs? Build on my machine and then share via github or something?
Talk to the packman-maintainers if they would host it.
Best regards Axel
Hi,
Doesnt packman host repos in Germany and so would be subject to the same restrictions in this case?
-- Regards, Uzair Shamim
Specifically not. Packman is not a formal part of openSUSE and contains some packages that would be a copyright violation if hosted in either Germany or the US. I'm sure there are other reasons that packman exists, but one of the major ones are those potentially copyright violating packages. As to metasploit, Germany is the only country I personally know where hosting the packages would be illegal. Greg -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
Greg Freemyer <greg.freemyer@gmail.com> writes:
Packman is not a formal part of openSUSE and contains some packages that would be a copyright violation if hosted in either Germany or the US. I'm sure there are other reasons that packman exists, but one of the major ones are those potentially copyright violating packages.
No, copyright is not the reason, this is all free software. Andreas. -- Andreas Schwab, SUSE Labs, schwab@suse.de GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different." -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On 06/27/2016 01:38 PM, Greg Freemyer wrote:
Hi,
So what would be the best way to distribute RPMs? Build on my machine and then share via github or something?
Talk to the packman-maintainers if they would host it.
Best regards Axel
Hi,
Doesnt packman host repos in Germany and so would be subject to the same restrictions in this case?
-- Regards, Uzair Shamim
Specifically not.
Packman is not a formal part of openSUSE and contains some packages that would be a copyright violation if hosted in either Germany or the US. I'm sure there are other reasons that packman exists, but one of the major ones are those potentially copyright violating packages.
As to metasploit, Germany is the only country I personally know where hosting the packages would be illegal.
Greg
Well I asked on the packman ML, and seems that its not allowed: On 06/28/2016 02:00 PM, Olaf Hering wrote:
On Mon, Jun 27, Uzair Shamim wrote:
I'm curious about if it is legal/within rules to distribute Metasploit on packman? I have asked about OpenSUSE build service and it seems that is not allowed due to German laws, would it possible on packman?
Quoting an earlier reply on this topic:
# Date: Fri, 24 Jun 2016 09:16:47 +0200 # Subject: Re: [opensuse-packaging] Distributing Metasploit on OBS? # From: Marcus Meissner <meissner@suse.de> # To: Uzair Shamim <ushamim@linux.com> # Cc: opensuse-packaging <opensuse-packaging@opensuse.org> # # German law prohibits delivery of tools explicitly designed for hacking # other machines, so the answer is "No". # # Ciao, Marcus
PMBS is hosted in Germany, so I suspect the answer remains "No".
Olaf
So the question is, what is the next best way to distribute RPMs? -- Regards, Uzair Shamim -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
participants (5)
-
Andreas Schwab -
Axel Braun -
Greg Freemyer -
Marcus Meissner -
Uzair Shamim