|
|
Subscribe / Log in / New account

Fedora rejects SQLninja

Fedora rejects SQLninja

Posted Nov 11, 2010 11:26 UTC (Thu) by jwakely (subscriber, #60262)
In reply to: Fedora rejects SQLninja by ewan
Parent article: Fedora rejects SQLninja

make it harder than necessary? in what way? I didn't see any suggestion of preventing users installing it themselves. If you can't install it without the help of PackageKit then I'm fairly sure you don't need it.

to post comments

Fedora rejects SQLninja

Posted Nov 11, 2010 13:32 UTC (Thu) by fandingo (guest, #67019) [Link] (1 responses)

Well, it actually goes further than that. SQLNinja was never considered for a default install. This change was to remove it from Fedora's repositories. Maybe RPMFusion or the like will offer it, but the project's site doesn't list repos, so you'd have to build from source. I don't think that's much of a problem, though. Users of something this powerful should at least be able to compile a program...

Fedora rejects SQLninja

Posted Nov 11, 2010 13:38 UTC (Thu) by rahulsundaram (subscriber, #21946) [Link]

"Well, it actually goes further than that. SQLNinja was never considered for a default install. This change was to remove it from Fedora's repositories. "

Actually, the review request filed was blocking on legal to approve it. So it was never in the Fedora repository at any point.

Fedora rejects SQLninja

Posted Nov 11, 2010 13:53 UTC (Thu) by ewan (guest, #5533) [Link] (1 responses)

I'm fairly sure I could build a working system from original source tarballs from around the web, but I'd still rather not. Your logic could happily eliminate most special purpose technical tools from a distribution on the basis that would-be users should be capable of getting them themselves. Like a poster above, I'm not too concerned about SQLninja specifically, but about the policy. We have been here before with bits of Free software that some people find 'unethical', and it still doesn't seem like a good basis for making technical decisions.

The problem with this specific decision is that the policy wording seeks to exclude things that have "no useful foreseeable purposes other than those that are highly likely to be illegal or unlawful" but SQLninja doesn't seem to meet that test - using it on your own systems, as has been mentioned several times in this thread alone, is both legal and foreseeable.

If Fedora is going to set up a policy that says one thing, then do something else because the software makes the board members feel icky, that seems like a bad thing.

Fedora rejects SQLninja

Posted Nov 11, 2010 17:21 UTC (Thu) by Cato (guest, #7643) [Link]

I think it's about probability of illegal use. Perl can be and is used to hack systems via libwww-perl exploit scripts (in fact some site owners block its user agent for this reason), but the percentage of illegal use of Perl is tiny. SQLninja and other pen testing tools are highly likely to be used illegally.

The solution is for someone to do a Fedora-based security oriented distro, like Backtrack, which is aimed at pen testing: http://www.backtrack-linux.org/


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds