|
Home > Archive > Anonymous Servers > May 2005 > Panta Admin and the GPL
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Panta Admin and the GPL
|
|
| Anonymous via Panta Rhei 2005-04-20, 5:45 pm |
| please release your source code soonest.
until you do you are in violation of terms of GNU Public License
~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified. You need a valid hashcash token to post to groups other
than alt.test and alt.anonymous.messages. Visit www.panta-rhei.dyndns.org
for abuse and hashcash info.
| |
| panta-admin 2005-04-20, 5:45 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi !
>please release your source code soonest.
I want to and I will release the sources.
The problem is only my very limited time at the moment, and the fact that
my reliable source tree is 80 mb. Its full of test files, old versions,
.....
The same is true for the JBN mod.
I need to clean it up first.
It should happen in the next two months.
Cheers,
panta-admin
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQA/ AwUBQmauCtcrLUqmoDLIEQKQ2wCeNJgIpdmgvS6t
GFndOKeLqy13SNAAoJnj
1uDEFoonkvoeh2WfnbNitNmD
=X+gx
-----END PGP SIGNATURE-----
~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified. You need a valid hashcash token to post to groups other
than alt.test and alt.anonymous.messages. Visit www.panta-rhei.dyndns.org
for abuse and hashcash info.
| |
| George Orwell 2005-04-21, 5:45 pm |
| panta-admin wrote:
> I want to and I will release the sources.
> The problem is only my very limited time at the moment, and the fact that
> my reliable source tree is 80 mb. Its full of test files, old versions,
> ....
>
> The same is true for the JBN mod.
> I need to clean it up first.
>
> It should happen in the next two months.
If you can't come up with source code you should remove the binaries
from your web page until such a time as you can. You are violating a
legal agreement you accepted when you used the source code to create
the binaries. You can put them back up when you decide to abide by that
license. The GPL does not allow you to simply say "I'll release source
some time in the future". The source must be available at the same time
as the binaries.
You have been saying for over a year that you'll release the source
code to these things. We only have your word that you ever plan to do
this. We have no idea if you've put a back door into your JBN version
or Reliable. Somebody that would do something like that would also come
up with excuses about why they can't come up with the source code.
They'd keep saying they'll release it soon when asked.
It's looking increasingly more dodgy the more you ignore the GPL and
continue to release binaries without source. If it's possible for you
to compile the binaries then it's possible to zip up the source.
One of the single most important rules of internet anonymity is to
never ever trust closed source programs to provide it for you.
| |
| Thomas J. Boschloo 2005-04-23, 5:46 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
George Orwell wrote:
> panta-admin wrote:
>
>
>
>
> If you can't come up with source code you should remove the binaries
> from your web page until such a time as you can. You are violating a
> legal agreement you accepted when you used the source code to create
> the binaries. You can put them back up when you decide to abide by that
> license. The GPL does not allow you to simply say "I'll release source
> some time in the future". The source must be available at the same time
> as the binaries.
IIRC RProcess used many libraries that were probably not GPL-ed (for
doing SMTP and stuff). That being the case, there might be a problem
because IIRC you cannot mix GPL code with non-GPL code.. IANAL though..
but look at GnuPG that had to be written from scratch because of the
non-GPL pgp license from Phil! And take the IDEA issue that GnuPG has
(it is not included in the package). JBN2 is bound to use IDEA (or even
a full pgp version) to decode CPunk traffic and I think it is used in
E-Sub headers (not sure though, I could find out).
I think I am in violation of GPL by using GnuPG/Enigmail/Thunderbird
with the IDEA plugin right now by signing this post with my RSA v3 key!
Thomas
- --
"Nothing is true. Everything is permitted" - W.S. Burroughs, Naked Lunch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQB5AwUBQmqoAQEP2l8iXKAJAQFBTAMeJco1wpqG
jrLhXFroPTdEm4KY1D9W2mc/
HWbqN6SNn3bqmVwGihvP5Ljt3TXHi/en0AVhhWgXWeda9vLCfbZ6uDxIugHJ6dwm
BlHwZgPqSloNsfGPLIwA7hCQPkI7+8qB++Spuw==
=GsRI
-----END PGP SIGNATURE-----
| |
| Nomen Nescio 2005-04-24, 2:45 am |
| In article < a32586541d903a26b5ca05f8c62e95a2@mixmast
er.it>
George Orwell <nobody@mixmaster.it> wrote:
>
> panta-admin wrote:
>
>
> If you can't come up with source code you should remove the binaries
> from your web page until such a time as you can. You are violating a
> legal agreement you accepted when you used the source code to create
> the binaries. You can put them back up when you decide to abide by that
> license. The GPL does not allow you to simply say "I'll release source
> some time in the future". The source must be available at the same time
> as the binaries.
>
> You have been saying for over a year that you'll release the source
> code to these things. We only have your word that you ever plan to do
> this. We have no idea if you've put a back door into your JBN version
> or Reliable. Somebody that would do something like that would also come
> up with excuses about why they can't come up with the source code.
> They'd keep saying they'll release it soon when asked.
>
> It's looking increasingly more dodgy the more you ignore the GPL and
> continue to release binaries without source. If it's possible for you
> to compile the binaries then it's possible to zip up the source.
>
> One of the single most important rules of internet anonymity is to
> never ever trust closed source programs to provide it for you.
I agree. 80MB (much smaller when zipped) is not so big - no
problem to put that on a web site. Anyone that wants to download
it will just have to wait a while. You can get round to removing
the test files in a couple of months, but for now just make
everything available.
Alternatively I think you can offer to give the source code on
CD (at cost price) to those requesting it. But I'm not an expert
on the GPL.
| |
| Thrasher Admin 2005-04-24, 2:45 am |
| -----BEGIN PGP SIGNED MESSAGE-----
On Sat, 23 Apr 2005 14:20:08 +0200 (CEST), Nomen Nescio
<nobody@dizum.com> wrote:
>In article < a32586541d903a26b5ca05f8c62e95a2@mixmast
er.it>
>George Orwell <nobody@mixmaster.it> wrote:
>
>I agree. 80MB (much smaller when zipped) is not so big - no
>problem to put that on a web site. Anyone that wants to download
>it will just have to wait a while. You can get round to removing
>the test files in a couple of months, but for now just make
>everything available.
>
>Alternatively I think you can offer to give the source code on
>CD (at cost price) to those requesting it. But I'm not an expert
>on the GPL.
http://www.panta-rhei.dyndns.org/downloads/SourceCode/
- --
Cheers,
Thrasher.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQEVAwUBQmrcMGe9vBuCUlx7AQFoMAgAoaroBK0w
fHcGmq8L+yk7Od+ieR2uCPJU
Aq+VkE45hSvyS7gt0yupb0Jo3EmnjWu/TTo/2pR6kFaAqfKX57dFK9EkwPverqip
BQcqi104UT7HkrUiMmCCy4UltZQgBzXsLGW9kiza
G9b/qaX7Y9LJJ8snB6hd+8bL
rhG6Gey/ NoegVaKQ+UORDVqM53jdQjQIQDgRqBeLBuiJsUr5
WUjUWhqqBPyMyJxj
0YJNyLvEprKwV9J/ CEpnOJEx0LerviL57k95MhOTicMAsjDhOS8fH0N+
Ugg31w6t
cQ5KutZBwtWlogGJIUMtEGSw41vIpCqqgUDNbz8L
GkaXXZVnAon5fw==
=zGKG
-----END PGP SIGNATURE-----
| |
| Thomas J. Boschloo 2005-04-24, 7:45 am |
| -----BEGIN PGP SIGNED MESSAGE-----
Nomen Nescio wrote:
<snip>
> I agree. 80MB (much smaller when zipped) is not so big - no
> problem to put that on a web site. Anyone that wants to download
> it will just have to wait a while. You can get round to removing
> the test files in a couple of months, but for now just make
> everything available.
There are good reasons not to release source code also. I don't know all
of them, but one is that it might be easier for an attacker to find
exploits in the source code that the attacker might not release to the
public.
So what do you need?
1) a lot of users who seriously look through the source code
2) pretty mature code that the author believes is free of (most)
programming errors
Panta Admin knows best if 2) applies and IMO should wait with releasing
source code until he has something stable to offer.
Given current traffic in this group I hope that some lurkers will be
able to proof read the code Panta has now released or at least compile
it themselves for added security.
hth,
Thomas
- --
"Nothing is true. Everything is permitted" - W.S. Burroughs, Naked Lunch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQB5AwUBQmtSIwEP2l8iXKAJAQHBGQMfRu/C0OWaJo8PEihtIn4inrCFoLMNtXlT
XI/Uaw6ssy6Wb80KZHQ4Tnmv901K+QXy7KR4NDFp3U/TMcqMhLIITLnzW9bK8Zvt
UimtSizOkldXymz6GaG+7BGtJc3oyH0qsJOonw==
=WPke
-----END PGP SIGNATURE-----
| |
| Userbeam Remailer 2005-04-24, 7:45 am |
| On Sun, 24 Apr 2005, Thomas J. Boschloo <nospam@hccnet.nl.invalid> wrote:
>Nomen Nescio wrote:
>
><snip>
>
>
>There are good reasons not to release source code also. I don't know all
>of them, but one is that it might be easier for an attacker to find
>exploits in the source code that the attacker might not release to the
>public.
There may well be good reasons, but these are all about new projects.
When you modify an existing software under an existing license such as
the GPL that requires source code you have no choice.
| |
| George Orwell 2005-04-24, 2:51 pm |
| On Sat, 23 Apr 2005, Thomas J. Boschloo <nospam@hccnet.nl.invalid> wrote:
>IIRC RProcess used many libraries that were probably not GPL-ed (for
>doing SMTP and stuff). That being the case, there might be a problem
>because IIRC you cannot mix GPL code with non-GPL code.. IANAL though..
>but look at GnuPG that had to be written from scratch because of the
>non-GPL pgp license from Phil! And take the IDEA issue that GnuPG has
>(it is not included in the package). JBN2 is bound to use IDEA (or even
>a full pgp version) to decode CPunk traffic and I think it is used in
>E-Sub headers (not sure though, I could find out).
It's not used in E-Sub headers.
That isn't how the GPL works. You can use closed source libraries in a
GPL project, but you can't include GPL code in a closed source project.
If you couldn't use closed source libraries then you wouldn't be able
to link to the windows gui libraries or anything in a gpl project. It
just doesn't work like that, please take time to read it.
As for the IDEA issue, this wasn't a problem with JBN2 as it uses an
installed PGP to do the encrypting/decrypting. PGP had licensed the use
of IDEA.
All this discussion is pointless anyway as Panta released the source
code.
| |
| Anonymous 2005-04-25, 8:45 pm |
| On Sat, 23 Apr 2005, Nomen Nescio <nobody@dizum.com> wrote:
>In article < a32586541d903a26b5ca05f8c62e95a2@mixmast
er.it>
>George Orwell <nobody@mixmaster.it> wrote:
>
>I agree. 80MB (much smaller when zipped) is not so big - no
>problem to put that on a web site. Anyone that wants to download
>it will just have to wait a while. You can get round to removing
>the test files in a couple of months, but for now just make
>everything available.
>
>Alternatively I think you can offer to give the source code on
>CD (at cost price) to those requesting it. But I'm not an expert
>on the GPL.
dodge like that will cause distrust greater than now
80MB source not sounding real since RProcess original source only 350K
zipped
-=-
This message was sent via two or more anonymous remailing services.
~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified. You need a valid hashcash token to post to groups other
than alt.test and alt.anonymous.messages. Visit www.panta-rhei.dyndns.org
for abuse and hashcash info.
| |
| Thomas J. Boschloo 2005-05-01, 5:48 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
George Orwell wrote:
> On Sat, 23 Apr 2005, Thomas J. Boschloo <nospam@hccnet.nl.invalid> wrote:
>
>
>
> It's not used in E-Sub headers.
I need only show you this from rem1.c in mix3.0b2:
#ifdef USE_IDEA
void t1_esub(BUFFER *esub, BUFFER *subject)
{
BUFFER *iv, *out;
char hex[33];
iv = buf_new();
out = buf_new();
buf_appendrnd(iv, 8);
id_encode(iv->data, hex);
buf_append(out, hex, 16);
digest_md5(esub, esub);
digest_md5(subject, subject);
buf_ideacrypt(subject, esub, iv, ENCRYPT);
id_encode(subject->data, hex);
buf_appends(out, hex);
buf_move(subject, out);
buf_free(iv);
buf_free(out);
}
#endif /* USE_IDEA */
> That isn't how the GPL works. You can use closed source libraries in a
> GPL project, but you can't include GPL code in a closed source project.
I understood that GPL infects everything that uses it. Perhaps you are
right here..
> If you couldn't use closed source libraries then you wouldn't be able
> to link to the windows gui libraries or anything in a gpl project. It
> just doesn't work like that, please take time to read it.
I won't but I will take your word for it..
> As for the IDEA issue, this wasn't a problem with JBN2 as it uses an
> installed PGP to do the encrypting/decrypting. PGP had licensed the use
> of IDEA.
For non commercial use.. So JBN2 must also be for non commercial use
only by your argument. The two licenses just seem to conflict to me (IANAL).
> All this discussion is pointless anyway as Panta released the source
> code.
It is not pointless! Also note that while mix2.0.4 is GPL, mix3.0b2 is
not! And mix3.0b2 includes the IDEA license file while 2.0.4 probably
doesn't use IDEA at all (that functionality is probably added to
Reliable by PGP, but I also remember seeing some Reliable Esub code that
did IDEA all by itself!).
Just how can Reliable both use IDEA and be GPL I ask myself?!
Thomas
- --
"Nothing is true. Everything is permitted" - W.S. Burroughs, Naked Lunch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQB5AwUBQnJKdgEP2l8iXKAJAQGNggMgnRZw5dF3
6maNm+g0BpyVn2gHs3f+QCyP
2msbGz0ckFQ5mvuTePXG9/M/ 1wMZH923dUA2Fwn9iuSmAECjf2iAETzDAifumg7S
K1HYVeTdHIyzKyofyhtrCxNbhrwrEEIdAjDtjg==
=eSZF
-----END PGP SIGNATURE-----
|
|
|
|
|