Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fedora Project Drops SQLNinja 'Hacker' Tool

Posted by kdawson on from the dual-use dept.

simonb writes, "In what can only be described as a fit of insanity, the Fedora Board have declared a 'hacker tool' not fit for entry into their software repositories. Today your SQL injection tools, tomorrow your nmap?" The Register links the Fedora board's meeting minutes. From the story: "The move came on Monday in a unanimous vote by the Fedora Project's board of directors rejecting a request that SQLNinja be added to the archive of open-source applications. It came even as a long list of other hacker tools are included in the bundle and was harshly criticized by some security watchers. 'It seems incredibly short sighted to reject software based on perceived legal usage,' said Jacob Appelbaum, a full-time programmer for the Tor Project. 'They have decided to become judges of likely usage based on their own experience. That is a path of madness.' ... [T]he board unanimously decided to add a new statement to Fedora's legal guidelines concerning the inclusion of hacking tools. ... Smith said the language is intended to clarify its stance on a class of software that can be used both to secure and penetrate protected networks."

2 of 159 comments (clear)

  1. Re:That's Interesting by think_nix · · Score: 0, Offtopic

    he reason the Fedora board gave was (and if you had read the link you would know this) is that the nmap is used probably the majority of the time to check if your own ports are open. Of course even a compiler can be used as a penetration tool, so the ability to use something as a penetration tool is not enough to keep it from the distro, which I think you're getting at.

    Really, from reading the minutes, I think they basically decided it wasn't useful enough for their user base. You might disagree, but I trust the Fedora board to know what their user base wants more than I trust you.

    From reading the minutes:

    "Argument for SQLninja to be added to Fedora is that it is a 'penetration testing tool.' "

  2. Re:That's Interesting by think_nix · · Score: 0, Offtopic

    When I or colleagues at work need to install a Fedora box it has most everything on it for security auditing , penetration , etc etc. That is what we do . Imho this thinking is getting more like the windows side of things. Fedora keeps doing this, if you really need something download from site X install etc etc . Or I will have to personally notify myself of updates in the future instead of yum telling me to do so . Or add repo X install some gpg key since you were talking about trust earlier. (allbeit this will probably just get added in an additional repo) I just fail to see the logic in their reasoning thats all.