deliver me from
Fedora Project leaders have banned a popular penetration-testing tool from their repository out of concern it could saddle the organization with legal burdens. The move came on Monday in a unanimous vote by the Fedora Project's board of directors rejecting a request that SQLNinja be added to the archive of open-source …
deliver me from
I'll stick to:
rpm -Uvh rpmfusion-free-release-stable.noarch.rpm
rpm -Uvh rpmfusion-nonfree-release-stable.noarch.rpm
yum install sqlninja
Indeed you don't have to compile anything, it seems. It's a perl script.
because strutting politicians are stinking things up relentlessly, believing that draconian laws will make the world a happy place full of smiles, candy, fluffy animals and well-ironed uniforms.
This will go on until only criminals and three-letter agencies have dual-use tools and then we are truly owned.
No need to get melodramatic...
SQLNinja only tests SQL injection on MS-SQL servers. Which isn't something that is even available on Fedora. So why include it as a Fedora package?
If you don't want criminals and three-letter agencies to own your data, make it secure to begin. Just like the Google streetview war driving scandal. Everyone is outraged by what Google did, but no one seems a bit concerned that those APs are wide open, and are still open today.
Anyone who believes penetration testers and security professionals are not capable of downloading and installing the utility themselves, is truly living in la-la land.
Never heard of it before but now I want to know more and I might just be installing it, manually of course, into my testbed Fedora VM!
Not to remove it from use, but remove Fedora's liability if it's used illegally.
Of course you can still install it manually, but now Fedora can say they do not condone it.
Lawyers are not always stupid, imagine if Microsoft decided to get legal after a few high profile attacks on SQL Server and sued Fedora for making the tool available.
They might not win, but they could bankrupt the open source competition.
If a distro feels liable to distribute some unlawful packages in some juridictions, there's no surprise to not distribute this kind of stuff, no ?
Tell Alberto Revelli to rewrite SQLNinja in security-prevention terms (e.g. "identifies SQL injection vulnerabilities" versus "get root on remote systems") and the problem is solved.
Axe to grind much?
SQLNinja is marketed as more of an skiddie tool than a pentest tool - describing it as "a popular penetration-testing tool" is rather disingenuous. Sure, it /can/ be used for that, but that's not how it's marketed, and it's hardly popular among security professionals.
Fedora does not package every single piece of FOSS GNU/Linux software in the world, and does not aim to. All I see is an author with some sort of personal problem here.
fscked by SHA-1 collision? Not so fast, says Linus Torvalds