On Sun, 14 Oct 2001 [EMAIL PROTECTED] wrote: > And on the second topic, I found at least a few blatant GPL violations with > the "UT Linux" cd which I came across by accident. It sounds like a > stripped down redhat 6.2 with some extra proprietary software. I > know the 'proprietary software' consists of at least tripwire, but > they don't have a specific list online. > http://www.utexas.edu/cc/sds/products/utlusage.html > > Here's the problems: They have no written mention of source code > availability, restrict the distribution of the cd to the university > affiliates, charge a subscription, and restrict redistribution of > it.
A few things to note. As you already noticed, this is more of a bastille thing as opposed to a full distro. Second, remember that tripwire version 2 hasn't been an open source product for very long (around a year I believe), and there are still two distinct product lines, so what's on the UT Linux CD may not be GPL. Third, internal, private distribution among an organization actually changes the way the GPL applies, so limiting redistribution beyond the organization may in fact bring it in line with the GPL. Finally, there's nothing in the GPL that says you can't charge a fee. > Anyone care to comment on this before I report it to the FSF? > Should I obtain a copy of the cd first ($10), or would it be in my > best interest to not agree to that license by purchasing one? > Please don't email the FSF yet, I will be emailing them in a day or > two once we figure out the exact terms in violation and we don't > need the redundance. While I haven't read the license, I would guess that the license refers to the CD as a whole, not to its component parts. Therefore, I don't think you have much to worry about on that front unless you were planning on burning copies and redistributing. I would strongly suggest that you obtain a copy of the CD before you notify the FSF. And I would suggest that you talk to ITS before you notify the FSF as well. If they have indeed violated the GPL, they will probably be willing to fix it without bringing in the FSF. > What do you think about contacting ITS and handling this ourselves? > Rumor has it that ITS had some employees who personally installed > and failed to secure their linux setups, which resulted in some > script kiddie breakins and subsequent network sniffing sometime in > the last year or two. As a result, Morgan Watkins had issued a > statement that nobody in ITS was to run Linux on the administrative > network. I think this is the 'solution' ITS came up with to solve > the problem for those who they probably deemed 'genuinely needed > linux.' Its a sad shame, they're paranoid about security and > stability, but they were running Solaris with clear text passwords > for the majority of their functions. Firewalls? I dunno, but > there are none apparent on ITS lab computer networks. OK, I won't speak to this rumor specifically, but I'll give my own impression as a UT employee who's been pushing linux since I was hired nearly five years ago. When I first spoke the words linux to an ACITS employee nearly five years ago, their reaction was about what you described above. It was as if I'd suggesting injecting them with the bubonic plague. Back then I think they assumed that a linux box on the network implied the owner of the box was an untrustworthy, malicious (or at least mischevious) hacker. Since then, however, I think their attitude has changed for a variety of reasons. They've seen linux used in a variety of legitimate ways. They've seen other OSs cracked just as easily as linux, and realized that security has more to do with admins than with OSs. And, like it or not, linux has become more mainstream since then. In any case, I think the prevailing attitude now at ITS is that Linux is a legitimate alternative to other OSs. They're starting to see all the same benefits (particularly cost) that we've all been touting for years. The UT Linux CD is an effort to make it safer for people to deploy linux in their organizations. If anything, I would say this is a solution for the fact that more and more departments on campus are willing to try running their own servers on linux rather than depend on ITS to manage such things. To me this is a much better solution than some of the heavy-handed proclamations ACITS has made regarding network security in the past. -- Public key #7BBC68D9 at | Shane Williams http://pgp.mit.edu/ | Systems Administrator UT-GSLIS =----------------------------------+------------------------------- All syllogisms contain three lines | [EMAIL PROTECTED] Therefore this is not a syllogism | www.gslis.utexas.edu/~shanew --------------------------------------------------------------------------- Send administrative requests to [EMAIL PROTECTED]
