LWN: Comments on "A "clarification" from Fedora on the SQLNinja decision"

A "clarification" from Fedora on the SQLNinja decision

mpr22 — Wed, 24 Nov 2010 12:21:48 +0000

Much though the whole topic of public relations gives many people in FOSS an "om vom vom" reaction, only the outright idiots among those people try to pretend that PR doesn't matter to FOSS projects. The author of SQLNinja markets it as an attack tool; putting something marketed by its own author as an attack tool into Fedora would be handing ammunition to the anti-FOSS shills. "Linux distribution endorses computer crime!"

Oh, and "even the legal people aren't really sure" sounds to me like good grounds for the Fedora board to be leery of putting it into Fedora.

A "clarification" from Fedora on the SQLNinja decision

drago01 — Sun, 21 Nov 2010 21:09:34 +0000

* Does the application have the potential to increase our legal
liability in a significant way?

IANAL but I doubt that, even the legal people aren't really sure.

* Does the application have significant legitimate uses outside of
attacking a system?

It clearly does.

* How does the application market itself? As a security tool? As an
easy way to exploit others?

How on earth does it matter? Would the board accept the software if one forked it and advertised it differently even if the code is 1:1 the same?

* How difficult would it be for knowledgeable security professional to
build, versus an unskilled script-kiddie?

Making live harder for people because others can misuse it is the wrong way to solve problems.

* Is this an application that could be easily hosted in a third-party
repository instead of Fedora?

Any application can ... this question does not make any sense either.

So in the end I still think that this is the most idiotic decision the board ever made, and justifications like that do not make it any better.

A "clarification" from Fedora on the SQLNinja decision

Np237 — Fri, 19 Nov 2010 12:53:48 +0000

In the end, the reason for not including hot-babe is that it was extremely buggy, to the point of uselessness.

I find it a bit hasty to compare it to the SQLNinja case.

http://lwn.net/Articles/113644/

pr1268 — Fri, 19 Nov 2010 11:53:08 +0000

That was hilarious! Thanks for the link.

Why Debian?

pr1268 — Thu, 18 Nov 2010 15:08:54 +0000

Why Debian? Does Debian include SQLNinja? Oh wait, it does not (although two other "Ninja" packages are included).

I hope this doesn't turn into another distro flame war. I'm ambivalent towards Fedora's decision not to include SQLNinja, but from their better-safe-than-sorry legal approach, I kind of understand why.

A "clarification" from Fedora on the SQLNinja decision

jwakely — Thu, 18 Nov 2010 10:59:56 +0000

Oh noes, you have to use an alternative repo - the horror!
Why do you hate our way of life, Fedora?

This whole story's a joke. Distro doesn't include package noone's ever heard of. So what?

A "clarification" from Fedora on the SQLNinja decision

mjg59 — Thu, 18 Nov 2010 04:24:45 +0000

http://lwn.net/Articles/113644/

A "clarification" from Fedora on the SQLNinja decision

djzort — Thu, 18 Nov 2010 04:13:50 +0000

another reason to use debian.

A "clarification" from Fedora on the SQLNinja decision

corbet — Wed, 17 Nov 2010 17:05:57 +0000

Because I'm not sure that the situation is a whole lot clearer. Because it was their word, and not mine.

A "clarification" from Fedora on the SQLNinja decision

mgedmin — Wed, 17 Nov 2010 16:57:14 +0000

Why did you put "clarification" in scare quotes?