Jake Appelbaum wrote: > Hello, > > I am interested in packaging "hydra" from the THC group. I think that it > would be an excellent addition to the Debian project. > > My question arises from an added license that is in the hydra-3.1.tar.gz > package that I downloaded from http://www.thc.org/releases.php > > The package has two files of importance to this topic: > LICENCE.HYDRA > LICENSE.GNU > > As it's not available on their website I will reproduce LICENCE.HYDRA > here: > > LICENCE FOR HYDRA (all version) > by van Hauser <[EMAIL PROTECTED]> > > > 1. This software comes with no warrenty or promised features. If it > works for you - fine. It just comes "AS-IS", which means as a bunch of > bits and bytes. This is fine, and should not be in the license; it should be a separate disclaimer.
> 2. Anyone may use this software and pass it on to other persons or > companies as long as it is not charged for! (except for a small > transfer/medium fee) The requirement that the fee be "small" is probably not DFSG-free. > 3. This tool may *NOT* be used for illegal purpose. Please check the law > which affects your doing. I will have got no liability for any damage > etc. done with this tool legally or illegaly. The author is clearly not proficient in English, and should get help with license drafting. This shouldn't be in the license; it should be a separate disclaimer. > 4. If this tool is used while providing a commercial service (e.g. as > part of a penetration test) the report has to state the tools name and > version, and additionally the author (van Hauser) and the distribution > homepage (http://www.thc.org). This appears non-free. (Anyway, what "report" is it talking about)? > 5. In all other respects the GPL 2.0 applies > > LICENCE.HYDRA (END) > > > The LISCENSE.GNU is the standard GPL 2.0 > > > So my questions regarding this package should be pretty obvious by this > point. > > Is this even possible to package this and hope to get it into Debian? > > Or would this just be considered non-free? > > Should I email the upstream author and ask if he can remove those > additional restrictions to facilitate his project becoming a Debian > package? Yes. In particular, clauses 1 and 3 don't belong in a license at all; clause 4 would be OK if it was a request rather than a requirement; and clause 2 would just need to be removed. -- There are none so blind as those who will not see.
