[framework] Creating a debian package for metasploit.

Mon Dec 17 05:58:43 CST 2007

My reason for wanting a deb is to simplify maintenance and installation, so
if the deb is built djb daemontools style, i'd be perfectly content. Perhaps
this could be a solution for a while?

On Dec 17, 2007 1:38 PM, Tim Brown <tmb at 65535.com> wrote:

> On Monday 17 December 2007 10:55:57 gaurav chaturvedi wrote:
> > >http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323420
> >
> > Oh this is sad indeed, but the dual license should be void now since
> > MSF dosnt use perl. In any case there should be enough room for
> > metasploit under the extra/restricted packages.
> >  We can package MSF and create our own unoficial repository. If we are
> > up for it, i volunteer to create the package/maintain this as a
> > package.
>
> From Metasploit Framework License v1.2
> (http://www.metasploit.com/projects/Framework/msf3/download.html):
>
> "3. The license granted in Section 2 is expressly made subject to and
> limited by the following restrictions:
>
> a. You may only distribute, publicly display, and publicly perform
> unmodified Software. Without limiting the foregoing, You agree to
> maintain (and not supplement, remove, or modify) the same copyright,
> trademark notices and disclaimers in the exact wording as released by
> Developer. "
>
> I believe that packaging it for Ubuntu and Debian would violate this
> clause.
> Moreover the restriction breaks Debians free software guidelines
> (http://www.debian.org/social_contract, DFSG clauses 3 and 4):
>
> "3. Derived Works
> The license must allow modifications and derived works, and must allow
> them to
> be distributed under the same terms as the license of the original
> software.
>
> 4. Integrity of The Author's Source Code
> The license may restrict source-code from being distributed in modified
> form
> _only_ if the license allows the distribution of patch files with the
> source
> code for the purpose of modifying the program at build time. The license
> must
> explicitly permit distribution of software built from modified source
> code.
> The license may require derived works to carry a different name or version
> number from the original software. (This is a compromise. The Debian group
> encourages all authors not to restrict any files, source or binary, from
> being modified.)"
>
> Ubuntu developers approached Metasploit with regard to getting changes
> made to
> the Metasploit license which would allow version 3 of the framework to be
> packaged, and the results of this conversation were made available in the
> bug
> #102212 filed on launchpad (https://bugs.launchpad.net/ubuntu/+bug/102212
> ).
>
> It might be possible to work around it ala make-jpkg but it looks like
> work to
> package it has stalled for now.  It would not AFAIK be possible to
> distribute
> legally any .deb of Metasploit Framework v3 as things stand.
>
> Tim
>
> NB, I am a Debian maintainer, but I'm not talking as one on this occasion
> -
> these are just my personal thoughts :).
> --
> Tim Brown
> <mailto:tmb at 65535.com>
>

-- 
Konrads Smelkovs
Applied IT sorcery.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://spool.metasploit.com/pipermail/framework/attachments/20071217/c654c163/attachment.htm 