back to article Fedora bars SQLNinja hack tool

Fedora Project leaders have banned a popular penetration-testing tool from their repository out of concern it could saddle the organization with legal burdens. The move came on Monday in a unanimous vote by the Fedora Project's board of directors rejecting a request that SQLNinja be added to the archive of open-source …

COMMENTS

This topic is closed for new posts.
  1. mafoo

    lord

    deliver me from

    ./configure

    make

    make install

    1. Anonymous Coward
      Happy

      Whoa, way too much effort

      I'll stick to:

      wget http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm

      wget http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm

      rpm -Uvh rpmfusion-free-release-stable.noarch.rpm

      rpm -Uvh rpmfusion-nonfree-release-stable.noarch.rpm

      yum install sqlninja

    2. Anonymous Coward
      Go

      lord answers your prayer

      Indeed you don't have to compile anything, it seems. It's a perl script.

  2. Destroy All Monsters Silver badge
    Big Brother

    Fedora does what is has to...

    because strutting politicians are stinking things up relentlessly, believing that draconian laws will make the world a happy place full of smiles, candy, fluffy animals and well-ironed uniforms.

    This will go on until only criminals and three-letter agencies have dual-use tools and then we are truly owned.

  3. Tom Samplonius
    Stop

    @Destroy All Monsters

    No need to get melodramatic...

    SQLNinja only tests SQL injection on MS-SQL servers. Which isn't something that is even available on Fedora. So why include it as a Fedora package?

    If you don't want criminals and three-letter agencies to own your data, make it secure to begin. Just like the Google streetview war driving scandal. Everyone is outraged by what Google did, but no one seems a bit concerned that those APs are wide open, and are still open today.

  4. This post has been deleted by its author

  5. The Fuzzy Wotnot
    Thumb Up

    Well done!

    Never heard of it before but now I want to know more and I might just be installing it, manually of course, into my testbed Fedora VM!

  6. This post has been deleted by a moderator

  7. Mr Templedene

    The point is

    Not to remove it from use, but remove Fedora's liability if it's used illegally.

    Of course you can still install it manually, but now Fedora can say they do not condone it.

    Lawyers are not always stupid, imagine if Microsoft decided to get legal after a few high profile attacks on SQL Server and sued Fedora for making the tool available.

    They might not win, but they could bankrupt the open source competition.

  8. lucmars

    No surprise

    If a distro feels liable to distribute some unlawful packages in some juridictions, there's no surprise to not distribute this kind of stuff, no ?

  9. Joe User

    The simple solution

    Tell Alberto Revelli to rewrite SQLNinja in security-prevention terms (e.g. "identifies SQL injection vulnerabilities" versus "get root on remote systems") and the problem is solved.

  10. Anonymous Coward
    Thumb Down

    @Author

    Axe to grind much?

    SQLNinja is marketed as more of an skiddie tool than a pentest tool - describing it as "a popular penetration-testing tool" is rather disingenuous. Sure, it /can/ be used for that, but that's not how it's marketed, and it's hardly popular among security professionals.

    Fedora does not package every single piece of FOSS GNU/Linux software in the world, and does not aim to. All I see is an author with some sort of personal problem here.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020