From owner-freebsd-security Mon Sep 27 11:44:15 1999 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id 2510814E7D for ; Mon, 27 Sep 1999 11:44:06 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id LAA12907; Mon, 27 Sep 1999 11:41:00 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <199909271841.LAA12907@gndrsh.dnsmgr.net> Subject: Re: dump(8) Insecurity/Misconfiguration In-Reply-To: <199909271615.MAA92288@cc942873-a.ewndsr1.nj.home.com> from "Crist J. Clark" at "Sep 27, 1999 12:15:30 pm" To: cjclark@home.com Date: Mon, 27 Sep 1999 11:41:00 -0700 (PDT) Cc: Cy.Schubert@uumail.gov.bc.ca (Cy Schubert - ITSD Open Systems Group), dillon@apollo.backplane.com (Matthew Dillon), freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ... > "Companies are permitted to use this program as long as it is not used for > revenue-generating purposes. For example, an Internet service provider is > allowed to install this program on their systems and permit clients to use > SSH to connect; however, actively distributing SSH to clients for the > purpose of providing added value requires separate licensing. Similarly, > a consultant may freely install this software on a client's machine for > his own use, but if he/she sells the client a system that uses SSH as a > component, a separate license is required." > > I'm no lawyer, but it seems like using SSH for helping with dumps > would fall well within this license since backing up files does not > really generate much revenue for us. I'm not a lawyer either, but I'll play the advocate here and show you why you are at risk. First, you used the word ``much'' in the above sentence. _Any_ is _some_ and is _not_ none, henceforth you voilate ``not used for ...''. Second, since backups are a critical piece of keeping your business operating, and your business, hopefully at least, generates revenue you would be in vilation of ``revenue-generating purposes'', though it would be indirectly. > Is there something in the licese I've missed? You all have me nervous > now. A lot of people will say I have overstated the intent of the licence, I'll simply say that I am applying Blacks Legal dictionary to extract what _I_ see as the letter of the agreement. In real law intent is more important than letter, but I would ask this licensor for a written yes/no on what you are doing to protect yourself. You may also find that the license fee is quite low for what you want to do. -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message