|
|
Log in / Subscribe / Register

The trojaning of mICQ

The trojaning of mICQ

Posted Feb 21, 2003 16:19 UTC (Fri) by Steve_Baker (guest, #265)
Parent article: The trojaning of mICQ

This is probably an unpopular opinion, but as far as I'm concerned, the developer can do whatever he damn well pleases with his code, and anyone who complains can just write their own damn programs. This developer had very reasonable complaints about how his code was being handled by Debian. Perhaps he could have found another way to respond, but Debians' response to his solution was at least as extreme.

Debian was very much in the wrong on removing his name from the copyright file, but it seems developers are at the mercy of distributions in such matters. It is aken to telling programmers, once they have offered their code to the world, to shut up and go away. How their code is presented to the world is at least as important as its functionality, some allowances should be made for that.

Furthermore, printing a message and exiting is not a trojan horse, a denial of service attack, an easter egg or anything of the sort. Debian got called on to the carpet with their developer abuse and cried foul, but they have no legitimate reason to. Debian and other distributors would do well to remember that licenses can change, and they can be changed to prohibit them from using such programs at all, or in ways much more to the developers liking. Angering the foundation on which your distribution is based is not a good idea.

In my not so humble opinion, Debian owes Mr. Kuhlmann an apology and should take steps to correct their mistakes.

to post comments

The trojaning of mICQ

Posted Feb 22, 2003 0:38 UTC (Sat) by proski (guest, #104) [Link] (3 responses)

In my not so humble opinion, Debian owes Mr. Kuhlmann an apology
That would be the case if Mr. Kuhlmann didn't act in such a childish way. Even adding the same warning code without obfuscation would have made a better statement.

When Opera developers were upset about MSN serving broken pages, they released the "Bork" edition, but they were open about the changes they made. It's not like "borkifying" MSN was an undocumented feature of an official release.

Besides, if Mr. Kuhlmann was upset about Debian distributing old versions of micq, he should have encourage the Debian maintainer to upgrade. Mining the new version to protest against distributing old versions is preposterous. The result of his actions is that the future maintainer will be pretty much discouraged from grabbing the next version without doing a very careful audit of the changes.

The trojaning of mICQ

Posted Feb 22, 2003 2:11 UTC (Sat) by Steve_Baker (guest, #265) [Link] (2 responses)

You cannot justify Debians' actions just because you don't agree with the developer. It would have been better perhaps if he had found some other way to get his point across, but I don't believe for a minute that he hadn't already exhausted most "diplomatic" methods before doing this.

Don't forget that he would be helpless to stop the debian maintainer from removing his bitch message, which was the whole point of obfuscating it and waiting for a specific date in which to appear. He did that precisely because the Debian maintainer has the power to shut him up as it were. Remember that the Debian maintainer was roundly criticized for effectively failing to do so.

Regardless of his so called "childishness", Debian made the greater error in removing his name from the copyright file. That is not excusable, and his later actions do not change the fact that Debian owes him an apology. And I stand by that assertion.

The trojaning of mICQ

Posted Feb 22, 2003 20:51 UTC (Sat) by mongre26 (guest, #4224) [Link]

I agree Steve, the developer can add any features to his program he wishes, no warranties expressed or implied.

It is the responsibility of the maintainers/users of the software to use it responsibly. If they do not like his features, they should not use his software. It is their choice.

The removal of the name from the copyright is the big issue here. That is expressley prohibited under copyright law and illegal in countries that have signed international copyright agreements. The maintainer should be severely chastised for this, even more so since he is ostensibly a supported of software libre.

As far as this being some tip of the iceberg situation as the original LWN editor suggested, please, enough with the scare mongering. There is nothing new here save perhaps people had their assumptions challenged.

Using software, commercial or open source is a calculated risk. There are no guarantees. However I would suspect that we have much more to fear from incompetence than malice when it comes to software.

The ethics of "trojaning" vs. stealing code.

Posted Feb 24, 2003 2:03 UTC (Mon) by Duncan (guest, #6647) [Link]

<quote>
Regardless of his so called "childishness", Debian made the greater error in
removing his name from the copyright file. That is not excusable, and his later
actions do not change the fact that Debian owes him an apology.
</quote>

Initially, I was asking myself what sort of irresponsible general maintainer this was,
to do what he did.

Then I realized the truth of the above. His name wasn't in the copyright file, so he
had every reason to assume none of his code would be in their version anyway.
Thus, he could write whatever he wanted and it wouldn't see the light of day,
because it wouldn't be triggered by being in their distribution, because they would
have removed it as code from someone not in the copyright file, rather than stealing
from him, which taking his code without attribution is, in effect.

Looked at it that way, all he did was prove that they were stealing his code, while at
the same time demonstrating a VERY important point about what he COULD have
done, the dangers that existed if someone were to exploit them, because the Debian
maintainer wasn't doing HIS job, but rather, was stealing from someone else, without
even crediting him for his contribution.

It's going farther than I would have. That's not my nature. However, I certainly
don't blame the general maintainer for doing what he did, because, indeed, he had
every reason to believe in good faith that none of his code was being included
anyway, because after all, the Debian maintainer certainly wasn't THAT unethical,
and CERTAINLY wouldn't include code stolen without attribution, would he?

The trojaning of mICQ

Posted Feb 23, 2003 21:57 UTC (Sun) by giraffedata (guest, #1954) [Link]

>...the developer can do whatever he damn well pleases with his code,
>and anyone who complains can just write their own damn programs.

I agree up to the point of fraud, which is what we had here. The author intentionally misled the Debian project into shipping something different -- something of clearly less value -- from what it thought it was shipping. Had the author been open about what was in the program, I would have no problem with it.

... copyright file

Posted May 20, 2003 14:46 UTC (Tue) by Tadu (guest, #11339) [Link]

Debian was very much in the wrong on removing his name from the copyright file
Just for the records, the package in Debian woody still has the name removed from the copyright file; it's more than half a year since it was reported to the bugtracking system. The bug in that package btw. is something extremely annoying but trivial to fix and is as well still present.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds