Debian Bug report logs - #258057
Hydra is not really free

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Javier Fernández-Sanguino Peña <jfs@computer.org>

To: submit@bugs.debian.org

Subject: Hydra is not really free

Date: Wed, 7 Jul 2004 14:10:50 +0200

[Message part 1 (text/plain, inline)]

Package: hydra
Version: N/A
Priority: serious

Debian/copyright says hydra is GPL, which it is not. You have not read the 
LICENCE.HYDRA file:

--------------------------------------------------------------------------

                        LICENCE FOR HYDRA (all version)
                     by van Hauser <vh@thc.org>


1. This software comes with no warrenty or promised features. If it works
for you - fine. It just comes "AS-IS", which means as a bunch of bits and 
bytes.

2. Anyone may use this software and pass it on to other persons or 
companies
as long as it is not charged for! (except for a small transfer/medium fee)

3. This tool may *NOT* be used for illegal purpose. Please check the law
which affects your doing. I will have got no liability for any damage etc.
done with this tool legally or illegaly.

4. If this tool is used while providing a commercial service (e.g. as part
of a penetration test) the report has to state the tools name and version,
and additionally the author (van Hauser) and the distribution homepage
(http://www.thc.org).

5. In all other respects the GPL 2.0 applies

--------------------------------------------------------------------------

This license fails DFSG #5 and #6 and should be moved to non-free...

Regards

Javier

[signature.asc (application/pgp-signature, inline)]

Message #10 received at 258057@bugs.debian.org (full text, mbox, reply):

From: Branden Robinson <branden@debian.org>

To: 258057@bugs.debian.org

Cc: debian-legal@lists.debian.org

Subject: Hydra license is not DFSG-free

Date: Mon, 12 Jul 2004 03:10:49 -0500

[Message part 1 (text/plain, inline)]

[debian-legal: please see <URL: http://bugs.debian.org/258057 >]

It should also be noted that because this license is GPL-incompatible[1],
any GNU GPL-licensed code in it, that is not copyrighted by van Hauser is
being used in violation of the GNU GPL.  That means we cannot distribute
this package even in non-free.

Under the Free Software Foundation's interpretation of the GNU GPL, this is
also true if Hydra links against GNU GPL-licensed libraries.

[1] Clauses 2, 3, and 4 of this license are "further restrictions" as
described in GPL clause 6.

  6.  Each time you redistribute the Program (or any work based on the
  Program), the recipient automatically receives a license from the
  original licensor to copy, distribute or modify the Program subject to
  these terms and conditions.  You may not impose any further restrictions
                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  on the recipients' exercise of the rights granted herein. You are not
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  responsible for enforcing compliance by third parties to this License.

-- 
G. Branden Robinson                |      "There is no gravity in space."
Debian GNU/Linux                   |      "Then how could astronauts walk
branden@debian.org                 |       around on the Moon?"
http://people.debian.org/~branden/ |      "Because they wore heavy boots."

[signature.asc (application/pgp-signature, inline)]

Message #15 received at 258057@bugs.debian.org (full text, mbox, reply):

From: Branden Robinson <branden@debian.org>

To: 258057@bugs.debian.org, debian-legal@lists.debian.org

Subject: Re: Hydra license is not DFSG-free

Date: Mon, 12 Jul 2004 03:23:10 -0500

[Message part 1 (text/plain, inline)]

[self-followup]

On Mon, Jul 12, 2004 at 03:10:49AM -0500, Branden Robinson wrote:
> [debian-legal: please see <URL: http://bugs.debian.org/258057 >]
[...]
> Under the Free Software Foundation's interpretation of the GNU GPL, this is
> also true if Hydra links against GNU GPL-licensed libraries.

I checked into this, and it doesn't appear to be the case.

516 branden@sisyphus:~$ dlocate -L hydra
/.
/usr
/usr/bin
/usr/bin/hydra
/usr/bin/pw-inspector
/usr/share
/usr/share/doc
/usr/share/doc/hydra
/usr/share/doc/hydra/LICENCE.HYDRA
/usr/share/doc/hydra/copyright
/usr/share/doc/hydra/changelog.gz
/usr/share/doc/hydra/README.gz
/usr/share/doc/hydra/changelog.Debian.gz
517 branden@sisyphus:~$ ldd $(which hydra)
        libm.so.6 => /lib/libm.so.6 (0x0ff6c000)
        libssl.so.0.9.7 => /usr/lib/libssl.so.0.9.7 (0x0ff1a000)
        libcrypto.so.0.9.7 => /usr/lib/libcrypto.so.0.9.7 (0x0fde3000)
        libc.so.6 => /lib/libc.so.6 (0x0fc85000)
        libdl.so.2 => /lib/libdl.so.2 (0x0fc62000)
        /lib/ld.so.1 => /lib/ld.so.1 (0x30000000)
518 branden@sisyphus:~$ ldd $(which pw-inspector)
        libc.so.6 => /lib/libc.so.6 (0x0fea2000)
        /lib/ld.so.1 => /lib/ld.so.1 (0x30000000)

It is well known that the GNU C library is not GPLed, but LGPLed.

However, the above did expose a different problem.

The OpenSSL license, which applies to libssl.so.0.9.7 and
libcrypto.so.0.9.7, is not GNU GPL-compatible, and therefore Debian
requires an OpenSSL exception clause to be added to this package before we
can redistribute it.[1]

[1] http://www.gnome.org/~markmc/openssl-and-the-gpl.html

-- 
G. Branden Robinson                |     Organized religion is a sham and a
Debian GNU/Linux                   |     crutch for weak-minded people who
branden@debian.org                 |     need strength in numbers.
http://people.debian.org/~branden/ |     -- Jesse Ventura

[signature.asc (application/pgp-signature, inline)]

Message #20 received at 258057-done@bugs.debian.org (full text, mbox, reply):

From: Martin Michlmayr <tbm@cyrius.com>

To: 258057-done@bugs.debian.org, 290183-done@bugs.debian.org

Subject: hydra removed

Date: Sat, 19 Mar 2005 07:14:46 +0000

The hydra package has been removed from Debian because it is
undistributeable.
-- 
Martin Michlmayr
http://www.cyrius.com/

Send a report that this bug log contains spam.