From owner-freebsd-security Mon Sep 27 14:53:46 1999 Delivered-To: freebsd-security@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id 0E39914C80 for ; Mon, 27 Sep 1999 14:53:36 -0700 (PDT) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id RAA92701; Mon, 27 Sep 1999 17:54:21 -0400 (EDT) (envelope-from cjc) From: "Crist J. Clark" Message-Id: <199909272154.RAA92701@cc942873-a.ewndsr1.nj.home.com> Subject: Re: dump(8) Insecurity/Misconfiguration In-Reply-To: <199909271841.LAA12907@gndrsh.dnsmgr.net> from "Rodney W. Grimes" at "Sep 27, 1999 11:41:00 am" To: freebsd@gndrsh.dnsmgr.net (Rodney W. Grimes) Date: Mon, 27 Sep 1999 17:54:21 -0400 (EDT) Cc: cjclark@home.com, Cy.Schubert@uumail.gov.bc.ca (Cy Schubert - ITSD Open Systems Group), dillon@apollo.backplane.com (Matthew Dillon), freebsd-security@FreeBSD.ORG Reply-To: cjclark@home.com X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Rodney W. Grimes wrote, > ... > > "Companies are permitted to use this program as long as it is not used for > > revenue-generating purposes. For example, an Internet service provider is > > allowed to install this program on their systems and permit clients to use > > SSH to connect; however, actively distributing SSH to clients for the > > purpose of providing added value requires separate licensing. Similarly, > > a consultant may freely install this software on a client's machine for > > his own use, but if he/she sells the client a system that uses SSH as a > > component, a separate license is required." > > > > I'm no lawyer, but it seems like using SSH for helping with dumps > > would fall well within this license since backing up files does not > > really generate much revenue for us. > > I'm not a lawyer either, but I'll play the advocate here and show > you why you are at risk. First, you used the word ``much'' in the > above sentence. _Any_ is _some_ and is _not_ none, henceforth you > voilate ``not used for ...''. I forgot the Smiley. I meant 'much' sarcastically, as in, doing backups generates no revenue. In fact, it costs us money. > Second, since backups are a critical > piece of keeping your business operating, and your business, hopefully > at least, generates revenue you would be in vilation of ``revenue-generating > purposes'', though it would be indirectly. But it gives the specific example of an ISP using SSH to _service_ customers, which is something that does generate revenue. Once you consider their example of what is acceptable use, it seems quite clear to me that our use is many steps farther away from revenu generating and therefore would be permitted. As for the other comment someone made about RSA, their license is basically the same. It prohibits commercial us for "revenue generating," but otherwise permitted. Thanks to everyone for all of your information and opinions on this. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message