On 21/09/16 01:46, Ben Finney wrote:
Thanks for raising this question.
Eriberto Mota<eribe...@debian.org> writes:
Well, the quoted event resulted in a file with 14 million passwords,
distributed by Kali Linux.
Do you have any reference to the discussions those people had over their
license to distribute that information?
I would expect such a discussion to get into the issue of whether a
single password is subject to copyright restrictions, and further
whether a compiled collection of such works is itself subject to
copyright restriction.
I would want to see such a discussion with clear, solid support for the
freedom to redistribute that work under a free license, before proposing
its distribution in Debian.
IMHO, the passwords themselves are unlikely to pass the threshold of
originality.
Looking at the longer entries, there are a few passphrases,¹ but not
much that could be considered copyrightable. In addition, the fact that
passwords appeared multiple times is also an indicator that there was
little to no originality involved.
Another question would be if the database itself could be copyrighted,
but given that there was no compiling effort at all from rockyou, that
won't be the case.² Plus, it was a US company, where there are no
database rights.
However, I wonder if the fact that it was stolen would be a problem.
Best
¹ and a lot of waste. In some cases they were probably inserted from
spambots which confused it with a comment field.
² Ok, they might claim that their only goal creating the rockyou website
was getting such password list from their users, but that would equal
admitting an ever bigger misdemeanor.
