On 21/09/16 01:46, Ben Finney wrote:
Thanks for raising this question.

Eriberto Mota<eribe...@debian.org>  writes:

Well, the quoted event resulted in a file with 14 million passwords,
distributed by Kali Linux.
Do you have any reference to the discussions those people had over their
license to distribute that information?

I would expect such a discussion to get into the issue of whether a
single password is subject to copyright restrictions, and further
whether a compiled collection of such works is itself subject to
copyright restriction.

I would want to see such a discussion with clear, solid support for the
freedom to redistribute that work under a free license, before proposing
its distribution in Debian.

IMHO, the passwords themselves are unlikely to pass the threshold of originality. Looking at the longer entries, there are a few passphrases,¹ but not much that could be considered copyrightable. In addition, the fact that passwords appeared multiple times is also an indicator that there was little to no originality involved.

Another question would be if the database itself could be copyrighted, but given that there was no compiling effort at all from rockyou, that won't be the case.² Plus, it was a US company, where there are no database rights.

However, I wonder if the fact that it was stolen would be a problem.


¹ and a lot of waste. In some cases they were probably inserted from spambots which confused it with a comment field. ² Ok, they might claim that their only goal creating the rockyou website was getting such password list from their users, but that would equal admitting an ever bigger misdemeanor.

Reply via email to