deliver me from
Fedora Project leaders have banned a popular penetration-testing tool from their repository out of concern it could saddle the organization with legal burdens. The move came on Monday in a unanimous vote by the Fedora Project's board of directors rejecting a request that SQLNinja be added to the archive of open-source …
I'll stick to:
rpm -Uvh rpmfusion-free-release-stable.noarch.rpm
rpm -Uvh rpmfusion-nonfree-release-stable.noarch.rpm
yum install sqlninja
because strutting politicians are stinking things up relentlessly, believing that draconian laws will make the world a happy place full of smiles, candy, fluffy animals and well-ironed uniforms.
This will go on until only criminals and three-letter agencies have dual-use tools and then we are truly owned.
No need to get melodramatic...
SQLNinja only tests SQL injection on MS-SQL servers. Which isn't something that is even available on Fedora. So why include it as a Fedora package?
If you don't want criminals and three-letter agencies to own your data, make it secure to begin. Just like the Google streetview war driving scandal. Everyone is outraged by what Google did, but no one seems a bit concerned that those APs are wide open, and are still open today.
This post has been deleted by its author
This post has been deleted by a moderator
Not to remove it from use, but remove Fedora's liability if it's used illegally.
Of course you can still install it manually, but now Fedora can say they do not condone it.
Lawyers are not always stupid, imagine if Microsoft decided to get legal after a few high profile attacks on SQL Server and sued Fedora for making the tool available.
They might not win, but they could bankrupt the open source competition.
Axe to grind much?
SQLNinja is marketed as more of an skiddie tool than a pentest tool - describing it as "a popular penetration-testing tool" is rather disingenuous. Sure, it /can/ be used for that, but that's not how it's marketed, and it's hardly popular among security professionals.
Fedora does not package every single piece of FOSS GNU/Linux software in the world, and does not aim to. All I see is an author with some sort of personal problem here.
Biting the hand that feeds IT © 1998–2020