Proposed legal guidelines change re "illegal" packages

Mike McGrath mmcgrath at
Thu Nov 11 21:45:43 UTC 2010

On Thu, 11 Nov 2010, Behdad Esfahbod wrote:

> Hi board,
> I read the lwn coverage of the discussion going on re packaging of software
> that is illegal.  In particular, the proposed change:
> "Where, objectively speaking, the package has essentially no useful
> foreseeable purposes other than those that are highly likely to be
> illegal or unlawful in one or more major jurisdictions in which Fedora
> is distributed or used, such that distributors of Fedora will face
> heightened legal risk if Fedora were to include the package, then the
> Fedora Project Board has discretion to deny inclusion of the package for
> that reason alone."
> I just want to make a note that in many oppressing countries, say, Iran,
> China, etc, many filtering circumvention and privacy tools may be illegal.  It
> would be wrong to exclude such tools from Fedora.
> Plus, the whole discussion reminds me of security-by-obscurity reasonings.  If
> the software is out there, not packaging it in Fedora sure is not going to
> stop any determined person from using it...  And there are so many dedicated
> "security oriented" bootable CD / distors out there that it just makes Fedora
> less useful by not having a spin for such stuff.


In my mind the question comes down to this:  Would you, Behdad Esfahbod,
allow yourself to be legally liable for any wrong doing that is done with
this software?

Sure there's a difference between using 'normal' software improperly.
But if left up to a jury, of which probably none has a clue what the likes
of nmap or sql even are, would you let them decide if you, Behdad
Esfahbod, should be held to legal and financial damages should someone
misuse that software?

Because that's what people are asking Red Hat to do.  And yes, there is
certainly some very not-illegal uses for sqlninja.  But would you be
willing to sit in a court room, with your money sitting on the chair next
to you, while some high paid prosecutor tries to get it by showing a jury
the huge lettering on their website that says:

"SQLNINJA ... a SQL Server injection & takeover tool" -

I'm just saying this one doesn't seem as clean cut to me as it did when I
first heard it.


More information about the advisory-board mailing list