Re: EPL and GPL incompatibility

[Ángel González]

On 10/09/16 16:45, George Bateman wrote:

Also, if upstream are wrong, is the mechanism described at
https://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs
sufficient to resolve the problem?
Yes, they should granting an additional permission to link with 
libraries covered by the Eclipse Public License. Granting that shouldn't 
be a problem since they already think it's allowed.


The only nitpick is that all copyright holders (of the GPL code linking 
with incompatible libs) would need to agree on this, not just eg. the 
main developer.

Re: Can "rockyou" wordlist be packaged in Debian?

[Paul Wise]

On Wed, Sep 21, 2016 at 12:47 AM, Eriberto Mota wrote:

> Can rockyou be packaged in Debian, considering that Kali will put a
> DFSG-compatible license for this wordlist?

Kali certainly isn't the owner of the wordlist so they definitely
can't put a license on it.

OTOH, it probably is not copyrightable.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Re: Can "rockyou" wordlist be packaged in Debian?

[Ángel González]

On 21/09/16 01:46, Ben Finney wrote:

Thanks for raising this question.

Eriberto Mota  writes:


Well, the quoted event resulted in a file with 14 million passwords,
distributed by Kali Linux.

Do you have any reference to the discussions those people had over their
license to distribute that information?

I would expect such a discussion to get into the issue of whether a
single password is subject to copyright restrictions, and further
whether a compiled collection of such works is itself subject to
copyright restriction.

I would want to see such a discussion with clear, solid support for the
freedom to redistribute that work under a free license, before proposing
its distribution in Debian.


IMHO, the passwords themselves are unlikely to pass the threshold of 
originality.
Looking at the longer entries, there are a few passphrases,¹ but not 
much that could be considered copyrightable. In addition, the fact that 
passwords appeared multiple times is also an indicator that there was 
little to no originality involved.


Another question would be if the database itself could be copyrighted, 
but given that there was no compiling effort at all from rockyou, that 
won't be the case.² Plus, it was a US company, where there are no 
database rights.


However, I wonder if the fact that it was stolen would be a problem.

Best

¹ and a lot of waste. In some cases they were probably inserted from 
spambots which confused it with a comment field.
² Ok, they might claim that their only goal creating the rockyou website 
was getting such password list from their users, but that would equal 
admitting an ever bigger misdemeanor.

Re: Can "rockyou" wordlist be packaged in Debian?

[Ben Finney]

Thanks for raising this question.

Eriberto Mota  writes:

> Well, the quoted event resulted in a file with 14 million passwords,
> distributed by Kali Linux.

Do you have any reference to the discussions those people had over their
license to distribute that information?

I would expect such a discussion to get into the issue of whether a
single password is subject to copyright restrictions, and further
whether a compiled collection of such works is itself subject to
copyright restriction.

I would want to see such a discussion with clear, solid support for the
freedom to redistribute that work under a free license, before proposing
its distribution in Debian.

-- 
 \ “Airports are ugly. Some are very ugly. Some attain a degree of |
  `\ugliness that can only be the result of a special effort.” |
_o__)   —Douglas Adams, _The Long Dark Tea-Time of the Soul_, 1988 |
Ben Finney

Re: your mail

[Steve Langasek]

Hi Jennifer,

On Tue, Sep 20, 2016 at 09:45:17AM -0400, Jennifer Nielsen wrote:
> I believe my personal, private data( photos, videoing, watching, recording
> audio, etc.) Has been tampered with, and placed on the Debian FTP site,
> without my permission or knowledge. Your copyright permission notice states
> that without permission from me it becomes a copyright, patent issue. I
> believe that money has been involved in distribution of it. If you have
> advice for me or a way to help, I greatly appreciate it! Thank u

I think you must have misunderstood something.  The Debian FTP site is this:

  http://ftp.debian.org/debian/

This site is used to distribute the Debian operating system, which is Free
Software.  No private data is distributed from this site.

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developerhttp://www.debian.org/
slanga...@ubuntu.com vor...@debian.org


signature.asc
Description: PGP signature

Can "rockyou" wordlist be packaged in Debian?

[Eriberto Mota]

Hi,

>From Wikipedia[1]:

"Based in San Francisco, California, RockYou was founded in 2005 by
Lance Tokuda and Jia Shen. The company's first product, a slide show
service, was designed to work as an application widget. Later
applications included various forms of voice mail, text and photo
stylization, and games.

[...]

In December 2009, the company experienced a data breach resulting in
the exposure of over 32 million user accounts. This resulted from
storing user data in an unencrypted database and not patching a
ten-year-old SQL vulnerability. RockYou failed to provide a
notification of the breach to users and miscommunicated the extent of
the breach."

[1] https://en.wikipedia.org/wiki/RockYou


Well, the quoted event resulted in a file with 14 million passwords,
distributed by Kali Linux. These passwords are widely used by most
common users around the world and are a very good dictionary for
crackers as John the Ripper and Aircrack-ng. It is useful for security
checks, forensics investigations, etc. A little example:

bowhunter6
bowhunter3
bowhouse
bowflex1
bowfinger

Can rockyou be packaged in Debian, considering that Kali will put a
DFSG-compatible license for this wordlist?

Thanks a lot in advance.

Regards,

Eriberto

[no subject]

[Jennifer Nielsen]

I believe my personal, private data( photos, videoing, watching, recording
audio, etc.) Has been tampered with, and placed on the Debian FTP site,
without my permission or knowledge. Your copyright permission notice states
that without permission from me it becomes a copyright, patent issue. I
believe that money has been involved in distribution of it. If you have
advice for me or a way to help, I greatly appreciate it! Thank u