Metasploit mailing list archives
Framework License
From: justfriends4n0w at yahoo.com (Randy Flood)
Date: Mon, 23 Jan 2006 06:55:30 -0800 (PST)
I am not a lawyer. I have the following thoughts on the license. Perhaps some of them are just misunderstandings of how I am reading it. But, anyway, here are my thougts: 0. What is the overall goal of the license? Is it to make the framework easy to commercialize? It kind of sucks to think that Microsoft or whoever could buy the framework, and kill it, and no one could fork off an Open Source version of it. I'd prefer to see a license where any modifications had to be provided back to the project, but where new versions of the framework could be made and distributed. 1. When you say that the license is permanent until terminated, that implies that you can terminate the license at any time for anyone. That kind of sucks. I'd prefer it was clearer that the license would terminate if it was violated, but that it could not just be terminated. That makes developing for the framework less useful. 2. The definition of software is circular. Don't you want to define it more along the lines of source code, executables, libraries, (documentation?) etc? But, be careful, many people would like to generate shellcode using the Framework and then distribute it in other applications. I'd like to see exploits called out specifically as modifiable and redistributable under either the Creative Commons License, or the license specified by the component developer. Specifically, at least one exploit was released under the GPL which I think prohibits you from making additional restrictions on its distribution. I want the ability to customize any exploit in the framework, so that I can try to make them less likely to be detected by IDS systems or whatever. Can I do that? 3. What if I want to develop an alternative user interface or enhancement, but find that the framework itself would need modified in order to do so? It would be nice to be able to do this, but it appears to be prohibited, or at the very least cumbersome to implement under the license. 4. I think you should permit people to make modifications, but prohibit them from distributing them. 5. I think that rather than relying on the License being imposed when you use the software, you should rely on it being imposed for anyone who distributes the software. I am not a lawyer, but I think that there is some question over whether licenses for software that rely on the use of the software can be enforced in many cases. On the other hand, copyright law provides severe penalties for copying software and distributing it without a license. Hence, use the wording from the GPL which, as I recall, states that you cannot redistribute the software without accepting the license. If you insist on enforcing the license upon use, then create a separate clause that also enforces the license when people distribute it. State that they have no right to redistribute it unless they accept the license. 6. You need something that says if any one section of the license is deemed illegal, or unenforeble or whatever, that the remaining provisions are still binding. --------------------------------- Yahoo! Photos Got holiday prints? See all the ways to get quality prints in your hands ASAP. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20060123/286001e5/attachment.htm>
Current thread:
- I have a problem with cmd_interact PAYLOAD Alexey Romanov (Jan 12)
- I have a problem with cmd_interact PAYLOAD H D Moore (Jan 12)
- Framework License Randy Flood (Jan 23)
- Framework License H D Moore (Jan 23)
- Framework License Randy Flood (Jan 23)
- I have a problem with cmd_interact PAYLOAD H D Moore (Jan 12)