Debian Bug report logs - #323420
RFP: metasploit-framework -- advanced platform for developing, testing, and using exploit code

Package: wnpp; Maintainer for wnpp is wnpp@debian.org;

Reported by: Luciano Bello <luciano@linux.org.ar>

Date: Tue, 16 Aug 2005 17:03:09 UTC

Severity: wishlist

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, debian-devel@lists.debian.org, <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>:
Bug#323420; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to Luciano Bello <luciano@linux.org.ar>:
New Bug report received and forwarded. Copy sent to debian-devel@lists.debian.org, <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>.

Your message did not contain a Subject field. They are recommended and useful because the title of a Bug is determined using this field. Please remember to include a Subject field in your messages in future.

Full text and rfc822 format available.


Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Luciano Bello <luciano@linux.org.ar>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Date: Tue, 16 Aug 2005 14:00:05 -0300
Package: wnpp
Severity: wishlist
Owner: Luciano Bello <luciano@linux.org.ar>

* Package name    : metasploit-framework
  Version         : 2.4
  Upstream Author : H D Moore <msfdev@metasploit.com>
* URL             : http://www.metasploit.org/projects/Framework/
* License         : GPL and Artistic
  Description     : advanced platform for developing, testing, and using exploit code

The Metasploit Framework is a complete environment for writing, testing,
and using exploit code. This environment provides a solid platform for
penetration-testing, shellcode development, and vulnerability research.
The majority of the Framework is composed of object-oriented Perl code,
with optional components written in C, assembler, and Python.


-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.10-1-686-smp
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)



Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>:
Bug#323420; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to Luciano Bello <lbello@arcert.gov.ar>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>. Full text and rfc822 format available.

Message #10 received at 323420@bugs.debian.org (full text, mbox):

From: Luciano Bello <lbello@arcert.gov.ar>
To: 323420@bugs.debian.org
Subject: advanced platform for developing, testing, and using exploit code
Date: Tue, 16 Aug 2005 14:16:26 -0300
retitle 323420 ITP: metasploit-framework -- advanced platform for
developing, testing, and using exploit code
thanks




Changed Bug title. Request was from Luciano Bello <lbello@arcert.gov.ar> to control@bugs.debian.org. Full text and rfc822 format available.

Changed Bug title. Request was from Luciano Bello <luciano@linux.org.ar> to control@bugs.debian.org. Full text and rfc822 format available.

Changed Bug title. Request was from Luciano Bello <luciano@linux.org.ar> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>:
Bug#323420; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to James Westby <jw+debian@jameswestby.net>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>. Full text and rfc822 format available.

Message #21 received at 323420@bugs.debian.org (full text, mbox):

From: James Westby <jw+debian@jameswestby.net>
To: 323420@bugs.debian.org
Subject: Status update?
Date: Tue, 23 May 2006 21:37:38 +0100
Could you please confirm the current status of this ITP?

James

-- 
  James Westby
  jw+debian@jameswestby.net
  http://jameswestby.net/




Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>:
Bug#323420; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to Luciano Bello <luciano@linux.org.ar>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>. Full text and rfc822 format available.

Message #26 received at 323420@bugs.debian.org (full text, mbox):

From: Luciano Bello <luciano@linux.org.ar>
To: James Westby <jw+debian@jameswestby.net>, 323420@bugs.debian.org
Subject: Re: Bug#323420: Status update?
Date: Mon, 29 May 2006 19:24:48 -0300
[Message part 1 (text/plain, inline)]
El Martes, 23 de Mayo de 2006 17:37, James Westby escribió:
> Could you please confirm the current status of this ITP?

I'm was with much work. I'm still working on it.

probably will be a release candidate in the next week.

BTW, what's your opinion with metasploit v3.0?

luciano
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>:
Bug#323420; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to James Westby <jw+debian@jameswestby.net>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>. Full text and rfc822 format available.

Message #31 received at 323420@bugs.debian.org (full text, mbox):

From: James Westby <jw+debian@jameswestby.net>
To: Luciano Bello <luciano@linux.org.ar>
Cc: James Westby <jw+debian@jameswestby.net>, 323420@bugs.debian.org
Subject: Re: Bug#323420: Status update?
Date: Tue, 30 May 2006 00:14:10 +0100
Luciano Bello wrote:
> El Martes, 23 de Mayo de 2006 17:37, James Westby escribió:
>   
>> Could you please confirm the current status of this ITP?
>>     
>
> I'm was with much work. I'm still working on it.
>
> probably will be a release candidate in the next week.
>   
I would be interested in helping with this package if you agree.

I have had an initial look and it does look difficult with lots of 
pitfalls.

Could you let me know when you have a version together and I'll take a look.

> BTW, what's your opinion with metasploit v3.0?
>   

I think the license will have to go to debian-legal, I might do this in 
a week or so. I think the two versions should be packaged separately if 
they are both to be in.

What do you think of setting up a metasploit alioth group to handle 
these packages?

> luciano
>   

James




Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>:
Bug#323420; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to James Westby <jw+debian@jameswestby.net>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>. Full text and rfc822 format available.

Message #36 received at 323420@bugs.debian.org (full text, mbox):

From: James Westby <jw+debian@jameswestby.net>
To: debian-legal@lists.debian.org
Cc: 323420@bugs.debian.org
Subject: License issues with metasploit-framework
Date: Tue, 18 Jul 2006 12:38:37 +0100
Hi, there is an open ITP on metasploit-framework (#323420), and the
owner Luciano asked me to contact this list about some of the license
issues involved with the package.

At the moment the framework is at version 2, and is released under a
dual license of GPL v2 and Perl Artistic. 

There are a lot of contributed files in the package. Most have the
following header

;        This file is part of the Metasploit Exploit Framework
;        and is subject to the same licenses and copyrights as
;        the rest of this package.

and some have no license header. There are a few that say the following

# This file is part of the Metasploit Framework and may be redistributed
# according to the licenses defined in the Authors field below. In the
# case of an unknown or missing license, this file defaults to the same
# license as the core Framework (dual GPLv2 and Artistic). The latest
# version of the Framework can always be obtained from metasploit.com.

There is one with

 * The contents of this file constitute Original Code as defined in and
 * are subject to the Apple Public Source License Version 1.1 (the
 * "License").  You may not use this file except in compliance with the
 * License.  Please obtain a copy of the License at
 * http://www.apple.com/publicsource and read it before using this file.
 *
 * This Original Code and all software distributed under the License are
 * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
 * License for the specific language governing rights and limitations
 * under the License.

which the archives seem do suggest is not DFSG-free.

There is a zlib implementation with the following license

===
This software is provided 'as-is', without any express or implied
  warranty.  In no event will the authors be held liable for any damages
  arising from the use of this software.

  Permission is granted to anyone to use this software for any purpose,
  including commercial applications, and to alter it and redistribute it
  freely, subject to the following restrictions:

  1. The origin of this software must not be misrepresented; you must
not
     claim that you wrote the original software. If you use this
software
     in a product, an acknowledgment in the product documentation would
be
     appreciated but is not required.
  2. Altered source versions must be plainly marked as such, and must
not be
     misrepresented as being the original software.
  3. This notice may not be removed or altered from any source
distribution.
===

And my favourite

# Yo yo, this be da socketNinja.
# Alpha-2.0 release
# Distribute and get a visit from tireIronNinja

which I don't think is free.

There are also binary files distributed in the tarball, these are not
meant to be compiled, as they are for executing on the target computer.
I'm not sure how this sits, as they are obviously not the preferred form
of modification, and some don't include the source they were compiled
from.

Now, we could contact upstream and get them to include proper headers
etc., but I wanted to know how much of this was unsuitable for
distribution, as if it leaves a severely crippled package then it's not
really worth it. 

Also upstream are working on version 3 which is in alpha now. The decided
to change the license to The Metasploit Framework License v1.0.
http://www.metasploit.com/projects/Framework/msf3/download.html?Release=alpha-r3

===
The Metasploit Framework License v1.0
Copyright (C) 2006 Metasploit LLC

Definitions

    a. "License" means this particular version of this document (or,
where specifically indicated, a successor iteration of the License
officially issued/announced by the Developer).

    b. "Software" means any software that is distributed under the terms
of this License.

    c. "Extension" means any enhancement to the Software that does not
require modification of the Software itself. "Extensions" include any
module or plug-in that is intended (by design and coding) to, or can, be
dynamically loaded by the Software.

    d. "Developer" means the then-current copyright holder(s) of the
Software, including, but not limited to, the Metasploit personnel and
any third-party contributors (or their successor[s]/transferee[s])).

    e. "Documentation" means any end user, technical/programmer, network
administrator, or other manual(s), tutorial(s), or code sample(s)
provided or offered by Developer with the Software, excluding those
items created by a third party.

    f. "Use" means to download, install, access, copy, execute, sell, or
otherwise benefit from the Software (directly or indirectly, with or
without notice or knowledge of the Software's incorporation or
utilization in any larger application or product).

    g. "You" means the individual or organization that is using the
Software under the conditions of the License.

    h. "Interface" means to execute, parse, or otherwise benefit from
the use of the Software.

    i. "Interaction Software" means any external software program or
library that interfaces with, but is not a component or subset of, the
Software. 


License Grants

    1. Provided that You both agree to and do comply with any and all
conditions and requirements in this License, You are granted the
non-exclusive rights specified in this License. Use of any of the
Software in any form and to any extent signifies acceptance of this
License. If You do not agree to all of these terms, then do not use the
Software and immediately remove all copies of the Software, the
Documentation, and any other items provided under the License.

    2. Provided that -each- of the following necessary, express
conditions are met, You may copy and distribute the Software:

        a. The Software that You received is distributed unmodified,
including but not restricted to You maintaining (and not supplementing,
removing, or modifying) the same copyright, trademark notices and
disclaimers in the exact wording as released by the Developer.

        b. The Software is distributed without any charge, beyond (at
Your option) the reasonable costs of data transfer or storage media. You
may -not- (i) sell, lease, rent, or otherwise charge for the Software,
(ii) include any component or subset of the Software in any commercial
application or product, or (iii) sell, lease, rent, or otherwise charge
for any appliance (i.e., hardware, peripheral, personal digital device,
or other electronic product) that includes any component or subset of
the Software. 

    3. You -may- use the Software to provide some service(s) and charge
for the service(s), provided that the recipient of the service is
clearly informed in writing (including via electronic notice or
on-screen display, without paper notice) of both (a) the existence,
name/trademark, and use of the Software in relation to the service and
(b) where the recipient of the service may obtain a copy of the Software
(e.g., refer them to www.metasploit.com).

    4. You may make modifications (i.e., additions) to the Software and
distribute Your modifications, but solely in a form that is -separate-
from the Software, such as patches. The following restrictions apply to
modifications:

        a. Modifications must not alter, supplement, or remove any
copyright, trademark, or other proprietary right(s) or legal notices or
licensing terms displayed by or provided with the Software.

        b. When any modification to the Software is released by You
under this License, You hereby grant and agree to grant a non-exclusive
royalty-free right, to both (i) the Developer and (ii) any of
Developer's later licensees, successors, or partners, to distribute Your
modification(s) in future versions of the Software provided that such
versions remain available under the terms of this License (or any other
later-adopted license(s) of the Developer). 

    5. You may develop Extensions to the Software and distribute these
Extensions under any license You see fit, as long as -each- of the
following conditions are met:

        a. The Extension, when installed with the Software, must -not-
modify any of the behavior (change the display, modify the available
commands, etc) of the Software until the user explicitly requests (e.g.,
by invoking or exercising a command or feature are a screen display or
other express notification of the new code's existence and function)
that the Extension should be activated.

        b. The Extension may programmatically execute (e.g., call a
method) code provided by this Software, but may not include or create
copies of the Software (modified or otherwise) in the Extension itself.

        c. The Extension may -not- modify the user interface or output
of the Software such that the Software copyright(s), licensing terms, or
title of the Software is/are no longer visible to the user or are
changed or supplemented. 

    6. You may develop external software components that interface with
the Software and distribute these components, provided that -each- of
the following conditions are met:

        a. The external software component is distributed without any
charge beyond the reasonable costs of data transfer or storage media.
You may not sell the external software component or sell an appliance
that includes the software component.

        b. The external software component clearly indicates to the
user, via the user interface and/or program output, both (a) the role of
the Software in the component and (b) where the user may obtain a copy
of the Software.

        c. The external software component does not modify, supplement,
or obscure the user interface or output of the Software such that the
title of the Software, the copyrights and trademark notices in the
Software, or the licensing terms of the Software are removed, hidden, or
made less likely to be discovered and read. 


    Online Updates

    The Software includes the ability to download updates (i.e.,
additional code) from the Developer's server(s). These updates may
contain bug fixes, new functionality, updated Documentation, and/or
Extensions. When retrieving these updates, the Software may transmit the
Software version and operating system information from Your computer to
the update server. The server may record (store) this information, in
conjunction with the IP (global Internet Protocol) address of the user,
in order to attempt to maintain accurate end user / version statistics.
By using the online update feature, You hereby agree to allow this
information to be transmitted, recorded, and stored in any nation by or
for the Developer.
    Proper Use

    As an express condition of this License, You agree that You will use
the Software -solely- in compliance with all then-applicable local,
state, national, and international laws, rules and regulations as may be
amended or supplemented from time to time, including any then-current
laws and/or regulations regarding the transmission and/or encryption of
technical data exported from or imported into Your country of residence.
Violation of any of the foregoing may result in immediate, automatic
termination of this License without notice, and may subject You to
state, national and/or international penalties and other legal
consequences.
    Copyright and Trademark

    Product names, words or phrases mentioned in this License or the
Software may be trademark(s) or servicemark(s) of the Developer
registered in certain nations and/or of third parties. You may not alter
or supplement the copyright or trademark notices as contained in the
Software.
    License Termination

    This License is effective until terminated. This License will
terminate immediately without notice from the Developer if You breach or
fail to comply with any provision of this License. Upon such termination
You must destroy the Software, all accompanying written materials, and
all copies thereof.
    Limitations of Liability

    In no event will the Developer, any contributor, owner, or licensee,
or any third party affiliated with Developer be liable to You or any
third party for any consequential, incidental, indirect or special
damages whatsoever (including, without limitation, loss of expected
savings, loss of confidential information, presence of viruses, damages
for loss of profits, business interruption, loss of business information
and the like or otherwise) or any related expense whether foreseeable or
not, arising out of the use of or inability to use or any failure of the
Software or accompanying materials, regardless of the basis of the claim
and even if the Developer or a Developer's representative has been
advised of the possibility of such damage, and even in the event of the
failure of an exclusive remedy. You hereby acknowledge, by using the
Software, the reasonability of this liability limitation provision, that
Developer would not offer the Software without the inclusion and
enforceability of this provision, and that You (and not the Software)
are solely responsible for Your network, data, and application security
testing, planning , audits, updates, and training, which require regular
analysis, supplementing, and expertise.
    No Warranty

    The Software and this License document are provided AS IS with NO
WARRANTY OF ANY KIND, INCLUDING THE WARRANTY OF DESIGN, MERCHANTABILITY,
TITLE, OR FITNESS FOR A PARTICULAR PURPOSE.
    Indemnification

    You agree to indemnify, hold harmless, and defend the Developer and
Developer's owners, contributors, agents, and business partners from and
against any and all claims or actions including reasonable legal
expenses that arise or result from Your use of or inability to use the
Software. Developer agrees to notify You and reasonably cooperate with
Your defense of any third party claim triggering such indemnification.
    Miscellaneous

    If any part of this License is found void and unenforceable, it will
not affect the validity of the balance of the License, which shall
remain valid and enforceable to the maximum extent according to its
terms.
    Choice of Law; Venue

    The License will be construed, interpreted and governed by the laws
of Texas, USA, without regard to its conflict of law rules. Any
litigation related to this License must be filed and heard in the courts
for Travis County, Texas.

    To download version 3.0 of the Metasploit Framework, you must
acknowledge your acceptance of this license by clicking the 'Accept this
License' button below.
===

The webpage requires a click through of this license to get the source.

How does this license look? If it is DFSG-free, then the best option is
probably to package this version.

Apologies for dumping everything here, but I want to be clear about the
legal issues before proceeding.

Thanks,

James



-- 
  James Westby
  jw+debian@jameswestby.net
  http://jameswestby.net/




Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>:
Bug#323420; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>. Full text and rfc822 format available.

Message #41 received at 323420@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: debian-legal@lists.debian.org
Cc: 323420@bugs.debian.org
Subject: Re: License issues with metasploit-framework
Date: Tue, 18 Jul 2006 21:30:10 +0200
* James Westby:

> ;        This file is part of the Metasploit Exploit Framework
> ;        and is subject to the same licenses and copyrights as
> ;        the rest of this package.

This should be fine; a lot of Perl modules use similar language.

> There is a zlib implementation with the following license

This is the original zlib license.

>         b. The Software is distributed without any charge, beyond (at
> Your option) the reasonable costs of data transfer or storage media. You
> may -not- (i) sell, lease, rent, or otherwise charge for the Software,
> (ii) include any component or subset of the Software in any commercial
> application or product, or (iii) sell, lease, rent, or otherwise charge
> for any appliance (i.e., hardware, peripheral, personal digital device,
> or other electronic product) that includes any component or subset of
> the Software. 

This doesn't look DFSG-free to me.  Most of the other, rather
innovative clauses, have problems as well.  If the click-through part
must be enforced by redistributors, it's not even suitable for the
non-free section.

I can understand why upstream is doing this, but I don't think the
result is still free software.



Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>:
Bug#323420; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to Francesco Poli <frx@firenze.linux.it>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>. Full text and rfc822 format available.

Message #46 received at 323420@bugs.debian.org (full text, mbox):

From: Francesco Poli <frx@firenze.linux.it>
To: debian-legal@lists.debian.org
Cc: 323420@bugs.debian.org
Subject: Re: License issues with metasploit-framework
Date: Wed, 19 Jul 2006 01:26:14 +0200
[Message part 1 (text/plain, inline)]
On Tue, 18 Jul 2006 12:38:37 +0100 James Westby wrote:

> 
> Hi, there is an open ITP on metasploit-framework (#323420), and the
> owner Luciano asked me to contact this list about some of the license
> issues involved with the package.

Hi, this is indeed the right list to contact.

> 
> At the moment the framework is at version 2, and is released under a
> dual license of GPL v2 and Perl Artistic.

For all the parts that are actually under this dual licensing, that's
fine.

> 
> There are a lot of contributed files in the package. Most have the
> following header
> 
> ;        This file is part of the Metasploit Exploit Framework
> ;        and is subject to the same licenses and copyrights as
> ;        the rest of this package.

Seems more or less OK, even though having a clear copyright & permission
notice that explicitly refers to the dual GPLv2/Artistic would be much
better and safer. 

> 
> and some have no license header.

These ones are concerning, especially if there is no other indication
that they really fall under the same licenses as the rest of the
framework!
I think that a clarification from upstream is needed.

> There are a few that say the
> following
> 
> # This file is part of the Metasploit Framework and may be
> # redistributed according to the licenses defined in the Authors field
> # below. In the case of an unknown or missing license, this file
> # defaults to the same license as the core Framework (dual GPLv2 and
> # Artistic). The latest version of the Framework can always be
> # obtained from metasploit.com.

What does the "Authors field below" say?
Is there one?

If there is, then you (we) have to check whether it defines a licensing
scheme which is DFSG-free and compatible with the rest of the framework.

If there isn't, then it's more or less OK, with the above-mentioned
warning (being explicit would be far better).

> 
> There is one with
> 
>  * The contents of this file constitute Original Code as defined in
>  * and are subject to the Apple Public Source License Version 1.1 (the
>  * "License").  You may not use this file except in compliance with
>  * the License.  Please obtain a copy of the License at
>  * http://www.apple.com/publicsource and read it before using this
>  * file.
>  * This Original Code and all software distributed under the License
>  * are distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND,
>  * EITHER EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH
>  * WARRANTIES, INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF
>  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR
>  * NON-INFRINGEMENT.  Please see the License for the specific language
>  * governing rights and limitations under the License.
> 
> which the archives seem do suggest is not DFSG-free.

What was analysed on debian-legal was (at least) Apple's APSL v2.0:
definitely non-free (and GPLv2-incompatible).

This is APSL v1.1: I don't know if this version has ever been reviewed
on debian-legal.
If someone finds the time to look at it, it would be useful to assess
its DFSG-freeness and {GPLv2/Artistic}-compatibility.

If it's not {GPLv2/Artistic}-compatible, then upstream should be
persuaded to relicense or replace the file. Or possibly Debian can
substitute the file with a {GPLv2/Artistic}-compatible drop-in
replacement (if at all possible).

> 
> There is a zlib implementation with the following license
> 
> ===
[...]
> ===

This is actually the so-called zlib license: DFSG-free and
GPLv2-compatible, AFAICS.

> 
> And my favourite
> 
> # Yo yo, this be da socketNinja.
> # Alpha-2.0 release
> # Distribute and get a visit from tireIronNinja
> 
> which I don't think is free.

It lacks (at least) permission to modify and distributed modified
versions (see DFSG#3).
It doesn't even clearly grant permission to distribute (see DFSG#1):
"Distribute" seems like an order, not a permission!
I don't understand the visit part...  :-/

Upstream should be contacted and asked to relicense this file.
Or, as usual, this file could be dropped or replaced.

> 
> There are also binary files distributed in the tarball, these are not
> meant to be compiled, as they are for executing on the target
> computer. I'm not sure how this sits, as they are obviously not the
> preferred form of modification, and some don't include the source they
> were compiled from.

If the actual source for those binaries is not available, we are going
very far from DFSG compliance (see DFSG#2).
Upstream should be got in touch with and asked for source under
a DFSG-free and {GPLv2/Artistic}-compatible license.

Alternatively those binaries should be dropped or replaced.

> 
> Now, we could contact upstream and get them to include proper headers
> etc., but I wanted to know how much of this was unsuitable for
> distribution, as if it leaves a severely crippled package then it's
> not really worth it.

It's up to you to decide whether it's worth fixing this melting pot of
copyrights and licenses.
Whatever you decide, thanks for contributing Debian.

> 
> Also upstream are working on version 3 which is in alpha now. The
> decided to change the license to The Metasploit Framework License
> v1.0.
> http://www.metasploit.com/projects/Framework/msf3/download.html?Release=alpha-r3

Oh my goodness!
Another project that decides they need their own awkward and
incompatible license!

Writing a good license is a really hard task: it requires good lawyers
and a long revision process.  Worse, it can fail even with such things!
Moreover, even when you create a good license, license proliferation is
bad, since it creates barriers that obstruct free software sharing and
reuse.

It would really be appreciated if you tried to persuade upstream to
adopt a well-established and clearly DFSG-free license, instead of
writing their own.

GNU GPLv2 is a good choice.
Even GPLv2/Artistic dual license is good.
Another good choice is the Expat license
(http://www.jclark.com/xml/copying.txt), if copyleft is not regarded as
an important goal.

> 
> ===
> The Metasploit Framework License v1.0
> Copyright (C) 2006 Metasploit LLC
[...]
> ===
> 
> The webpage requires a click through of this license to get the
> source.
> 
> How does this license look? If it is DFSG-free, then the best option
> is probably to package this version.

I didn't find the time to thoroughly analyse the license, but I spotted
at least a choice of venue, which is non-free:

| Any
| litigation related to this License must be filed and heard in the
| courts for Travis County, Texas.

If I manage to review the license completely, I will send my analysis to
debian-legal only, because I don't think the BTS is the right place for
license analysis and discussion.
When a conclusion is reached a link to the list archives can be sent as
a followup for the bug report...

> 
> Apologies for dumping everything here, but I want to be clear about
> the legal issues before proceeding.

Pasting the full text of licenses and unclear copyright & permission
notices is the recommended method to get advice from debian-legal, hence
I think you did nothing wrong.

> 
> Thanks,

You're welcome!


-- 
    :-(   This Universe is buggy! Where's the Creator's BTS?   ;-)
......................................................................
  Francesco Poli                             GnuPG Key ID = DD6DFCF4
 Key fingerprint = C979 F34B 27CE 5CD8 DC12  31B5 78F4 279B DD6D FCF4
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>:
Bug#323420; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to Francesco Poli <frx@firenze.linux.it>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>. Full text and rfc822 format available.

Message #51 received at 323420@bugs.debian.org (full text, mbox):

From: Francesco Poli <frx@firenze.linux.it>
To: 323420@bugs.debian.org
Subject: Re: License issues with metasploit-framework
Date: Thu, 20 Jul 2006 19:28:32 +0200
[Message part 1 (text/plain, inline)]
On Wed, 19 Jul 2006 01:26:14 +0200 Francesco Poli wrote:

> If I manage to review the license completely, I will send my analysis
> to debian-legal only, because I don't think the BTS is the right place
> for license analysis and discussion.
> When a conclusion is reached a link to the list archives can be sent
> as a followup for the bug report...

I don't know if, at present, someone else is still willing to comment on
the license, but, anyway, the thread on debian-legal starts at:
http://lists.debian.org/debian-legal/2006/07/msg00108.html

In particular, my analysis of The Metasploit Framework
License v1.0 can be found here:
http://lists.debian.org/debian-legal/2006/07/msg00127.html
but, please, take a look to the other messages, too.

HTH.


-- 
But it is also tradition that times *must* and always
do change, my friend.   -- from _Coming to America_
..................................................... Francesco Poli .
 GnuPG key fpr == C979 F34B 27CE 5CD8 DC12  31B5 78F4 279B DD6D FCF4
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>:
Bug#323420; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to James Westby <jw+debian@jameswestby.net>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>. Full text and rfc822 format available.

Message #56 received at 323420@bugs.debian.org (full text, mbox):

From: James Westby <jw+debian@jameswestby.net>
To: Luciano Bello <luciano@linux.org.ar>
Cc: 323420@bugs.debian.org
Subject: Metasploit packaging - license issues
Date: Thu, 3 Aug 2006 18:30:48 +0100
Hi Luciano,

I hope you are well.

So debian-legal helped point out the places where metasploit in its
current state makes it undistributable, and the new license is not DFSG
free.

How would you like to proceed now? Do you want to conatact the
developers to try and make an effort to sort all of this out?

James

-- 
  James Westby




Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>:
Bug#323420; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to Luciano Bello <luciano@linux.org.ar>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>. Full text and rfc822 format available.

Message #61 received at 323420@bugs.debian.org (full text, mbox):

From: Luciano Bello <luciano@linux.org.ar>
To: James Westby <jw+debian@jameswestby.net>, 323420@bugs.debian.org
Subject: Re: Bug#323420: Metasploit packaging - license issues
Date: Fri, 4 Aug 2006 16:07:35 -0300
[Message part 1 (text/plain, inline)]
El Jueves, 3 de Agosto de 2006 14:30, James Westby escribió:
> I hope you are well.
Yes, I am :)

> So debian-legal helped point out the places where metasploit in its
> current state makes it undistributable, and the new license is not DFSG
> free.
> How would you like to proceed now? Do you want to conatact the
> developers to try and make an effort to sort all of this out?

The upstream is H D Moore <hdm[at]metasploit.com>. Exist a list with 
metasploit users and developers in framework[at]metasploit.com. Contact 
upstream can be a good idea, maybe drop a mail in the mailing list can 
produce debate but I'm not sure about the results.

Thanks for your help.

luciano
[Message part 2 (application/pgp-signature, inline)]

Changed Bug title to `ITP: firewalk -- attempts to determine what rules in a remote firewall' from `ITP: metasploit-framework -- advanced platform for developing, testing, and using exploit code'. Request was from Luciano Bello <luciano@debian.org> to control@bugs.debian.org. (Tue, 07 Aug 2007 20:51:02 GMT) Full text and rfc822 format available.

Changed Bug title to `ITP: metasploit-framework -- advanced platform for developing, testing, and using exploit code' from `ITP: firewalk -- attempts to determine what rules in a remote firewall'. Request was from Luciano Bello <luciano@debian.org> to control@bugs.debian.org. (Tue, 07 Aug 2007 23:03:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>:
Bug#323420; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to Matt Taggart <taggart@debian.org>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>. Full text and rfc822 format available.

Message #70 received at 323420@bugs.debian.org (full text, mbox):

From: Matt Taggart <taggart@debian.org>
To: 323420@bugs.debian.org
Subject: metasploit licnese issues
Date: Wed, 02 Jul 2008 12:42:22 -0700
Any update on #323420, regarding metasploit licening?
If it could be made at least redistributable it could go in non-free.

Thanks,

-- 
Matt Taggart
taggart@debian.org






Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>:
Bug#323420; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to Luciano Bello <luciano@debian.org>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, luciano bello <luciano@linux.org.ar>. Full text and rfc822 format available.

Message #75 received at 323420@bugs.debian.org (full text, mbox):

From: Luciano Bello <luciano@debian.org>
To: Matt Taggart <taggart@debian.org>, 323420@bugs.debian.org, control@bugs.debian.org
Subject: Re: Bug#323420: metasploit licnese issues
Date: Wed, 2 Jul 2008 17:48:21 -0300
[Message part 1 (text/plain, inline)]
retitle 323420 RFP: metasploit-framework -- advanced platform for developing, testing, and using exploit code
noowner 323420
thank...

El Mié 02 Jul 2008, Matt Taggart escribió:
> Any update on #323420, regarding metasploit licening?
> If it could be made at least redistributable it could go in non-free.

No progress at all in this. Feel free to follow it if you want.

luciano
[signature.asc (application/pgp-signature, inline)]

Changed Bug title to `RFP: metasploit-framework -- advanced platform for developing, testing, and using exploit code' from `ITP: metasploit-framework -- advanced platform for developing, testing, and using exploit code'. Request was from Luciano Bello <luciano@debian.org> to control@bugs.debian.org. (Wed, 02 Jul 2008 20:51:04 GMT) Full text and rfc822 format available.

Removed annotation that Bug was owned by luciano bello <luciano@linux.org.ar>. Request was from Luciano Bello <luciano@debian.org> to control@bugs.debian.org. (Wed, 02 Jul 2008 20:51:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>:
Bug#323420; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to sam penny <xanthraxoid@yahoo.co.uk>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>. Full text and rfc822 format available.

Message #84 received at 323420@bugs.debian.org (full text, mbox):

From: sam penny <xanthraxoid@yahoo.co.uk>
To: 323420@bugs.debian.org
Subject: Alternative / Workaround
Date: Mon, 28 Jul 2008 14:08:07 +0000 (GMT)
The metasploit guys appear to be happy to distribute .debs, which might be a solution for some people, even if it doesn't allow debian to distribute / maintain their own...

http://spool.metasploit.com/pipermail/framework/2007-December/003095.html

Cheers & God bless
    Sam "SammyTheSnake" Penny



      __________________________________________________________
Not happy with your email address?.
Get the one you really want - millions of new email addresses available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html




Changed Bug title to `ITP: metasploit-framework -- advanced platform for developing, testing, and using exploit code' from `RFP: metasploit-framework -- advanced platform for developing, testing, and using exploit code'. Request was from Luciano Bello <luciano@debian.org> to control@bugs.debian.org. (Mon, 25 Aug 2008 22:54:03 GMT) Full text and rfc822 format available.

Owner recorded as Luciano Bello <luciano@debian.org>. Request was from Luciano Bello <luciano@debian.org> to control@bugs.debian.org. (Mon, 25 Aug 2008 22:54:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, Luciano Bello <luciano@debian.org>:
Bug#323420; Package wnpp. (Fri, 10 Oct 2008 18:33:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Kristian Erik Hermansen" <kristian.hermansen@gmail.com>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, Luciano Bello <luciano@debian.org>. (Fri, 10 Oct 2008 18:33:02 GMT) Full text and rfc822 format available.

Message #93 received at 323420@bugs.debian.org (full text, mbox):

From: "Kristian Erik Hermansen" <kristian.hermansen@gmail.com>
To: 323420@bugs.debian.org
Subject: Metasploit 3.2 will have new BSD license
Date: Fri, 10 Oct 2008 11:25:37 -0700
Please be advised that inclusion of Metasploit 3.2 will be much easier
given the news that a BSD licensed release of Metasploit 3.2 will be
available soon!
http://www.metasploit.com/blog/#blog-0
-- 
Kristian Erik Hermansen
http://kristian-hermansen.blogspot.com




Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, Luciano Bello <luciano@debian.org>:
Bug#323420; Package wnpp. (Sun, 19 Oct 2008 23:03:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to The Anarcat <anarcat@anarcat.ath.cx>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, Luciano Bello <luciano@debian.org>. (Sun, 19 Oct 2008 23:03:02 GMT) Full text and rfc822 format available.

Message #98 received at 323420@bugs.debian.org (full text, mbox):

From: The Anarcat <anarcat@anarcat.ath.cx>
To: 323420@bugs.debian.org
Subject: status?
Date: Sun, 19 Oct 2008 18:56:43 -0400
[Message part 1 (text/plain, inline)]
I am interested in working on a port now that 3.2 is BSD-licensed. Was
there any work other than just looking at the license done yet? If so,
please provide a diff so that I don't start from scratch for nothing...
;)

I'm not sure when/if I'll really have time to work on this though, so
don't hold your breath.

a.

-- 
Thoughtcrime does not entail death: thoughtcrime IS death.
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, Luciano Bello <luciano@debian.org>:
Bug#323420; Package wnpp. (Mon, 20 Oct 2008 03:03:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to The Anarcat <anarcat@anarcat.ath.cx>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, Luciano Bello <luciano@debian.org>. (Mon, 20 Oct 2008 03:03:03 GMT) Full text and rfc822 format available.

Message #103 received at 323420@bugs.debian.org (full text, mbox):

From: The Anarcat <anarcat@anarcat.ath.cx>
To: 323420@bugs.debian.org
Subject: some work performed
Date: Sun, 19 Oct 2008 22:55:30 -0400
[Message part 1 (text/plain, inline)]
So I spent some time horsing around with metasploit... I have a
.diff.gz, but there isn't a lot in there, mostly a debian/control and
debian/copyright file. 

So I attach a .diff.gz for you people to peruse. I'm not sure I'm
capable for actually working out a debian/rules file for this mess but I
have at least sorted out some stuff from the copyright issues and made
up a todo list.

A.

-- 
Ce que les siècles des grands abatoirs nous aura appris
Devrait être inscrit au fond de toutes les écoles;
Voici l'homme: le destructeur des mondes est arrivé.
                        - [no one is innocent]
[metasploit-framework_3.2~svn5774-1.diff.gz (application/octet-stream, attachment)]
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>:
Bug#323420; Package wnpp. (Wed, 05 Nov 2008 18:09:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Luciano Bello <luciano@debian.org>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>. (Wed, 05 Nov 2008 18:09:03 GMT) Full text and rfc822 format available.

Message #108 received at 323420@bugs.debian.org (full text, mbox):

From: Luciano Bello <luciano@debian.org>
To: "Kristian Erik Hermansen" <kristian.hermansen@gmail.com>, 323420@bugs.debian.org
Subject: Re: Bug#323420: Metasploit 3.2 will have new BSD license
Date: Wed, 5 Nov 2008 15:05:51 -0300
[Message part 1 (text/plain, inline)]
El Vie 10 Oct 2008, Kristian Erik Hermansen escribió:
> Please be advised that inclusion of Metasploit 3.2 will be much easier
> given the news that a BSD licensed release of Metasploit 3.2 will be
> available soon!
> http://www.metasploit.com/blog/#blog-0

Sorry for the delay, I'm VACed these days (until mid-november).

IIRC, the problem is with the copyright in the payloads and shellcodes. Can you check it?

luciano
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, Luciano Bello <luciano@debian.org>:
Bug#323420; Package wnpp. (Wed, 05 Nov 2008 19:39:12 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Kristian Erik Hermansen" <kristian.hermansen@gmail.com>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, Luciano Bello <luciano@debian.org>. (Wed, 05 Nov 2008 19:39:15 GMT) Full text and rfc822 format available.

Message #113 received at 323420@bugs.debian.org (full text, mbox):

From: "Kristian Erik Hermansen" <kristian.hermansen@gmail.com>
To: "Luciano Bello" <luciano@debian.org>
Cc: 323420@bugs.debian.org, msfdev@metasploit.com
Subject: Re: Bug#323420: Metasploit 3.2 will have new BSD license
Date: Wed, 5 Nov 2008 11:33:33 -0800
On Wed, Nov 5, 2008 at 10:05 AM, Luciano Bello <luciano@debian.org> wrote:
> El Vie 10 Oct 2008, Kristian Erik Hermansen escribió:
>> Please be advised that inclusion of Metasploit 3.2 will be much easier
>> given the news that a BSD licensed release of Metasploit 3.2 will be
>> available soon!
>> http://www.metasploit.com/blog/#blog-0
>
> Sorry for the delay, I'm VACed these days (until mid-november).
>
> IIRC, the problem is with the copyright in the payloads and shellcodes. Can you check it?

I don't believe that is an issue any longer.  Could someone from the
metasploit legal/dev team please comment on allowing Luciano to pull
MSF 3.2 sources into Debian given the new BSD license?  Please advise.
 Thanks!
-- 
Kristian Erik Hermansen
http://kristian-hermansen.blogspot.com




Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, Luciano Bello <luciano@debian.org>:
Bug#323420; Package wnpp. (Wed, 05 Nov 2008 19:48:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to H D Moore <hdm@metasploit.com>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, Luciano Bello <luciano@debian.org>. (Wed, 05 Nov 2008 19:48:07 GMT) Full text and rfc822 format available.

Message #118 received at 323420@bugs.debian.org (full text, mbox):

From: H D Moore <hdm@metasploit.com>
To: "Kristian Erik Hermansen" <kristian.hermansen@gmail.com>
Cc: "Luciano Bello" <luciano@debian.org>, 323420@bugs.debian.org, msfdev@metasploit.com
Subject: Re: Bug#323420: Metasploit 3.2 will have new BSD license
Date: Wed, 5 Nov 2008 13:46:56 -0600
He is welcome to pull from SVN, however we plan on making some major 
changes which should help packaging prior to the 3.2 release. These 
changes would allow a /etc/msfrc file to be used to indicate the 
directory paths of each component (bin, data, lib, modules, plugins, 
etc). Still about a week away from being done.


On Wednesday 05 November 2008, Kristian Erik Hermansen wrote:
> On Wed, Nov 5, 2008 at 10:05 AM, Luciano Bello <luciano@debian.org> 
wrote:
> > El Vie 10 Oct 2008, Kristian Erik Hermansen escribió:
> >> Please be advised that inclusion of Metasploit 3.2 will be much
> >> easier given the news that a BSD licensed release of Metasploit 3.2
> >> will be available soon!
> >> http://www.metasploit.com/blog/#blog-0
> >
> > Sorry for the delay, I'm VACed these days (until mid-november).
> >
> > IIRC, the problem is with the copyright in the payloads and
> > shellcodes. Can you check it?
>
> I don't believe that is an issue any longer.  Could someone from the
> metasploit legal/dev team please comment on allowing Luciano to pull
> MSF 3.2 sources into Debian given the new BSD license?  Please advise.
>  Thanks!






Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>:
Bug#323420; Package wnpp. (Thu, 06 Nov 2008 09:24:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Luciano Bello <luciano@debian.org>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>. (Thu, 06 Nov 2008 09:24:02 GMT) Full text and rfc822 format available.

Message #123 received at 323420@bugs.debian.org (full text, mbox):

From: Luciano Bello <luciano@debian.org>
To: "Kristian Erik Hermansen" <kristian.hermansen@gmail.com>, The Anarcat <anarcat@anarcat.ath.cx>, James Westby <jw+debian@jameswestby.net>
Cc: 323420@bugs.debian.org
Subject: Re: Bug#323420: Metasploit 3.2 will have new BSD license
Date: Thu, 6 Nov 2008 07:22:43 -0200
[Message part 1 (text/plain, inline)]
El Mié 05 Nov 2008, H D Moore escribió:
> He is welcome to pull from SVN, however we plan on making some major 
> changes which should help packaging prior to the 3.2 release.

Kristian, anarcat and James,
	It looks that you are interested in help with this package. Are you agree if we wait to 3.2 release to start packaging it?

luciano
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, Luciano Bello <luciano@debian.org>:
Bug#323420; Package wnpp. (Wed, 12 Nov 2008 01:18:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Kristian Erik Hermansen" <kristian.hermansen@gmail.com>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, Luciano Bello <luciano@debian.org>. (Wed, 12 Nov 2008 01:18:02 GMT) Full text and rfc822 format available.

Message #128 received at 323420@bugs.debian.org (full text, mbox):

From: "Kristian Erik Hermansen" <kristian.hermansen@gmail.com>
To: "Luciano Bello" <luciano@debian.org>
Cc: "The Anarcat" <anarcat@anarcat.ath.cx>, "James Westby" <jw+debian@jameswestby.net>, 323420@bugs.debian.org
Subject: Re: Bug#323420: Metasploit 3.2 will have new BSD license
Date: Tue, 11 Nov 2008 17:14:12 -0800
On Thu, Nov 6, 2008 at 1:22 AM, Luciano Bello <luciano@debian.org> wrote:
> Kristian, anarcat and James,
>        It looks that you are interested in help with this package. Are you agree if we wait to 3.2 release to start packaging it?

Agreed.  We will begin after 3.2 is out.  Regards...
-- 
Kristian Erik Hermansen
http://kristian-hermansen.blogspot.com




Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, Luciano Bello <luciano@debian.org>:
Bug#323420; Package wnpp. (Tue, 20 Jan 2009 22:21:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Savvas Radevic" <vicedar@gmail.com>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, Luciano Bello <luciano@debian.org>. (Tue, 20 Jan 2009 22:21:02 GMT) Full text and rfc822 format available.

Message #133 received at 323420@bugs.debian.org (full text, mbox):

From: "Savvas Radevic" <vicedar@gmail.com>
To: 323420@bugs.debian.org
Subject: 3.2 is out
Date: Tue, 20 Jan 2009 23:19:44 +0100
3-clause BSD license, as promised:
http://trac.metasploit.com/browser/framework3/trunk/README

But there are some contents not supported:
31	The Metasploit Framework is provided under the BSD license above.
32	
33	The copyright on this package is held by Metasploit LLC.
34	
35	This copyright does not apply to the following components:
36	 - The vncdll.dll binary or its associated source code (modified RealVNC)
37	 - The icons used by msfweb that were not created by the Metasploit Project
38	 - The Ole::Storage library located under lib/ole
39	 - The Scruby library located under lib/scruby
40	 - The PcapRub library located under external/pcaprub
41	 - The Ruby-Lorcon library located under external/ruby-lorcon
42	 - The Byakugan plugin located under external/source/byakugan

I don't know if it matters for the debian distribution, I thought of
just letting you know.




Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>:
Bug#323420; Package wnpp. (Tue, 03 Feb 2009 21:03:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Luciano Bello <luciano@debian.org>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>. (Tue, 03 Feb 2009 21:03:03 GMT) Full text and rfc822 format available.

Message #138 received at 323420@bugs.debian.org (full text, mbox):

From: Luciano Bello <luciano@debian.org>
To: "Savvas Radevic" <vicedar@gmail.com>, 323420@bugs.debian.org
Subject: Re: Bug#323420: 3.2 is out
Date: Tue, 3 Feb 2009 18:57:59 -0200
El Mar 20 Ene 2009, Savvas Radevic escribió:
> 36	 - The vncdll.dll binary or its associated source code (modified RealVNC)

according with framework-3.2/external/source/vncdll/LICENCE.txt is GPL . Copyright RealVNC Ltd. 2002 and Copyright AT&T Laboratories Cambridge 1996-2001 (according to REALVNC.README.txt)

> 37	 - The icons used by msfweb that were not created by the Metasploit Project

in framework-3.2/data/msfweb/ I found a lot of different copyrights holders. In framework-3.2/data/msfweb/public/images/ there isn't any licence file. Some of them looks like Tango Gnome Icons (I'm not sure) and there is many company/brands logos, like framework-3.2/data/msfweb/public/images/rails.png and /framework-3.2/data/msfweb/public/images/platform-icons/3com.png .

> 38	 - The Ole::Storage library located under lib/ole

according with framework-3.2/lib/ole/LICENCE is GPL . Apparently was written by apparently, from http://code.google.com/p/ruby-msg/ . I have no idea of a real name.

> 39	 - The Scruby library located under lib/scruby

according with framework-3.2/lib/scruby/LICENCE is GPL . The copyright holder is Sylvain Sarmejeanne.

> 40	 - The PcapRub library located under external/pcaprub

according with framework-3.2/external/pcaprub/LICENCE is GPL . I have no idea who's the copyright holder

> 41	 - The Ruby-Lorcon library located under external/ruby-lorcon

according with external/ruby-lorcon/README was developed by Joshua Wright and dragorn. It's GPLv2.

> 42	 - The Byakugan plugin located under external/source/byakugan

Many files contains the legend: "Copyright (c) Microsoft Corporation.  All rights reserved."

luciano






Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, Luciano Bello <luciano@debian.org>:
Bug#323420; Package wnpp. (Tue, 03 Feb 2009 21:45:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Savvas Radevic <vicedar@gmail.com>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, Luciano Bello <luciano@debian.org>. (Tue, 03 Feb 2009 21:45:02 GMT) Full text and rfc822 format available.

Message #143 received at 323420@bugs.debian.org (full text, mbox):

From: Savvas Radevic <vicedar@gmail.com>
To: Luciano Bello <luciano@debian.org>, 323420@bugs.debian.org
Subject: Re: Bug#323420: 3.2 is out
Date: Tue, 3 Feb 2009 22:44:02 +0100
I've done my own report at launchpad:
https://bugs.edge.launchpad.net/ubuntu/+bug/102212/comments/94

>> 42     - The Byakugan plugin located under external/source/byakugan
>
> Many files contains the legend: "Copyright (c) Microsoft Corporation.  All rights reserved."

So, this will create problems? I don't use metasploit unfortunately,
what is this plugin used for?




Changed Bug title to 'RFP: metasploit-framework -- advanced platform for developing, testing, and using exploit code' from 'ITP: metasploit-framework -- advanced platform for developing, testing, and using exploit code' Request was from Luciano Bello <luciano@debian.org> to control@bugs.debian.org. (Sun, 15 Nov 2009 18:57:12 GMT) Full text and rfc822 format available.

Changed Bug title to 'ITP: metasploit-framework -- advanced platform for' from 'RFP: metasploit-framework -- advanced platform for developing, testing, and using exploit code' Request was from Julián Moreno Patiño <darkjunix@gmail.com> to control@bugs.debian.org. (Sat, 20 Mar 2010 16:36:02 GMT) Full text and rfc822 format available.

Owner changed from Luciano Bello <luciano@debian.org> to Julián Moreno Patiño <darkjunix@gmail.com>. Request was from Julián Moreno Patiño <darkjunix@gmail.com> to control@bugs.debian.org. (Sat, 20 Mar 2010 16:36:02 GMT) Full text and rfc822 format available.

Changed Bug title to 'RFP: metasploit-framework -- advanced platform for' from 'ITP: metasploit-framework -- advanced platform for' Request was from Julián Moreno Patiño <darkjunix@gmail.com> to control@bugs.debian.org. (Sun, 13 Feb 2011 23:33:07 GMT) Full text and rfc822 format available.

Removed annotation that Bug was owned by Julián Moreno Patiño <darkjunix@gmail.com>. Request was from Julián Moreno Patiño <darkjunix@gmail.com> to control@bugs.debian.org. (Sun, 13 Feb 2011 23:33:07 GMT) Full text and rfc822 format available.

Changed Bug title to 'RFP: metasploit-framework -- advanced platform for developing, testing, and using exploit code' from 'RFP: metasploit-framework -- advanced platform for' Request was from "Julián Moreno Patiño" <darkjunix@gmail.com> to control@bugs.debian.org. (Mon, 14 Feb 2011 00:03:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#323420; Package wnpp. (Tue, 17 Jul 2012 11:57:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Carlos Alberto Lopez Perez <clopez@igalia.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org. (Tue, 17 Jul 2012 11:57:06 GMT) Full text and rfc822 format available.

Message #160 received at 323420@bugs.debian.org (full text, mbox):

From: Carlos Alberto Lopez Perez <clopez@igalia.com>
To: 323420@bugs.debian.org
Subject: Re: Bug#323420: Status update?
Date: Tue, 17 Jul 2012 13:42:28 +0200
[Message part 1 (text/plain, inline)]
Hello,


It seems that some parts of metasploit-framework (byakugan at least) are
proprietary.



What about doing a metasploit-framework package with the core and all
the free parts and a metasploit-framework-nonfree with the non-free parts?

[signature.asc (application/pgp-signature, attachment)]

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 05:54:23 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.