LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora rejects SQLninja

Fedora rejects SQLninja

Posted Nov 10, 2010 18:31 UTC (Wed) by jspaleta (subscriber, #50639)
In reply to: Fedora rejects SQLninja by frnknstn
Parent article: Fedora rejects SQLninja

I expect there to be further discussion along these lines. When a tool can be used for both legal and illegal purposes, how do judge whether the technology is too risky to include?

A policy such as this needs to be balanced with some specific tests concerning likely or forseeable use to put some guidance in place for the packaging community and for future Boards members into the very subjective discretionary space this policy carves out.

This would be easier if the Fedora Board were a legally binding court of law in some jurisdiction. If they were the boards resulting policy statement would help clarify risks. But since they aren't this policy has to be viewed in the light of an ongoing risk-management conversation.

-jef

(Log in to post comments)

Fedora rejects SQLninja

Posted Nov 11, 2010 9:14 UTC (Thu) by pcampe (guest, #28223) [Link]

>I expect there to be further discussion along these lines. When a tool can
>be used for both legal and illegal purposes, how do judge whether the
>technology is too risky to include?

The point is the definition of "illegal", because circumventing the censorship in Iran or China is illegal, and China is a major country (note that the rule is about "major jurisdictions" and not democracies, quite a big difference in the context).

According to this rule, we could devise a "Fedora China", with tor and many other packages stripped off: which is disgusting, really.

Fedora rejects SQLninja

Posted Nov 11, 2010 13:40 UTC (Thu) by rahulsundaram (subscriber, #21946) [Link]

If you call it Fedora something, you need Fedora Board to approve it which wouldn't happen without strong reasons and sufficient justification.

Fedora rejects SQLninja

Posted Nov 11, 2010 14:07 UTC (Thu) by pcampe (guest, #28223) [Link]

When I fear of a "Fedora China", I fear of something made by the Fedora Board, to comply with some "major jurisdiction".

Fedora rejects SQLninja

Posted Nov 11, 2010 17:43 UTC (Thu) by rahulsundaram (subscriber, #21946) [Link]

It is never "some major jurisdiction". It is clearly defined. Fedora is sponsored by Red Hat and Red Hat is a U.S organization.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds