Hey all, It turns out that there are severe issues with the Majordomo license (which is appended at the end) when trying to resolve security matters of example.. The problems are caused by this phrase:
You may not publicly distribute a modified or incomplete version of Majordomo. [see below, part 2d] Now you can wonder what "Majordomo" means and what "modified" means. I'd say define them as the upstream .tar.gz archive and any changes to it. This implies that I (as the maintainer of the Debian majordomo package) am not allowed to make changes to the scripts. With the current (BUGTRAQ and other places) security problems with majordomo, this s*cks. Majordomo is in non-free currently, by the way. It was brought to my attention that SuSE (Hi, Joey :> ) released a public statement on this issue, stating that they won't supply fixes to those security matters because of the license. I guess other distributions will act similar. In my humble opinion there are two ways to get rid of this matter: . remove majordomo from the distribution. I don't think the userbase would like this. . don't alter the scripts that come with majordomo, but patch them in postinst. I don't like to do it that way, but maybe it could work..? Any suggestions and ideas to resolve this issue are appreciated. Kind regards, Remco PS Please keep me Cc'd as I am not on this list. ====== MAJORDOMO LICENSE AGREEMENT Version 1.1 18 May 96 Great Circle Associates (GCA) is the original developer of Majordomo, a package for managing Internet mailing lists. Since its initial release, many organizations and individuals have contributed enhancements and fixes, but the original copyright has been retained by Great Circle Associates. Majordomo is distributed in source code form, with almost all modules written in Perl (there is one small C program), and runs on many UNIX platforms. Majordomo is not a supported product of Great Circle Associates, but is made available for use on the following basis. GCA grants you a license as follows to the Majordomo package: 1. LICENSE. GCA grants you a non-exclusive, non-transferable license for the Majordomo package ("Majordomo") and its associated documentation, subject to all of the following terms and conditions. In accepting a copy of Majordomo you agree to the following terms and conditions. This license permits you to use, copy, and modify Majordomo solely for your organization's use. 2. LIMITATIONS ON LICENSE. a. You may only use, copy, and modify Majordomo as expressly provided for in this Agreement. You must reproduce and include this Agreement, and GCA's copyright notices on any copy and its associated documentation. b. No part of Majordomo may be incorporated into any program or other product that is sold, or for which any revenue is received without written permission of Great Circle Associates, with the following exceptions: You may install Majordomo at your site and run mailing lists for other using it, and charge for that service. You may install Majordomo at other sites, and charge for your time to install, configure, customize, and manage it. You may charge for enhancements you've made to the Majordomo software, subject to the distribution restrictions listed below. You may not charge for the Majordomo software itself. A commercial license will be required in all other cases. c. If Majordomo is being provided or configured for a customer, the provider must clearly state in documentation and bid/proposal materials that the Majordomo technologies are licensed and provided by Great Circle Associates, and a copy of this license must be included with the configured system. d. Majordomo, if modified, must carry prominent notices stating that changes have been made, and the dates of any such changes. You may publicly distribute an unmodified and complete version of Majordomo, for instance as part of a collection of free software packages, but you must distribute the whole package, and you must tell people where they can obtain the latest version: ftp://ftp.greatcircle.com/pub/majordomo/ You may not publicly distribute a modified or incomplete version of Majordomo. You may make such a version available to your own clients, subject to the restrictions below, but not to the general public (for instance, by placing it on an anonymous FTP site). You may not distribute (publicly or privately) a modified version of Majordomo without clearly identifying it as such (by changing the version string in majordomo_version.pl), identifying the changes (through appropriate README documentation and/or comments in the code), identifying who will be responsible for supporting the modified version, and informing people receiving the modified version where they can find an unmodified version: ftp://ftp.greatcircle.com/pub/majordomo/ e. All rights not expressly granted herein are reserved to GCA. 3. NO GCA OBLIGATION: You are solely responsible for maintaining your copy of Majordomo and the security of the operating environment in which Majordomo may be used. You are solely responsible for all of your costs and expenses incurred in connection with the distribution of Majordomo or any Application Program hereunder, and GCA shall have no liability, obligation or responsibility therefor. GCA shall have no obligation to provide maintenance, support, upgrades, or new releases to you. 4. NO WARRANTY OF PERFORMANCE. Majordomo and its associated documentation are licensed "as is" without warranty as to their performance, merchantability, or fitness for any particular purpose. The entire risk as to the results and performance of Majordomo is assumed by you. Should Majordomo prove defective, you assume the entire cost of all necessary servicing, repair, or correction. 5. LIMITATION OF LIABILITY. Neither GCA nor any other person who has been involved in the creation, production or delivery of Majordomo shall be liable to you or to any other person for any direct, indirect, special, incidental, consequential, or punitive damages, even if GCA has been advised of the possibility of such damages. 6. TERM. The license granted hereunder is effective until terminated. This license shall automatically terminate without notice if you breach any of the provisions hereof. You may terminate it at any time by destroying Majordomo and its associated documentation. 7. GENERAL. a. This Agreement shall be governed by the laws of the State of California. b. Address all correspondence regarding this license to GCA's electronic mail address <[EMAIL PROTECTED]>, or to Great Circle Associates 1057 West Dana Street Mountain View, CA 94041 USA [ Note: the form of this license was derived, by permission, from the license for the Firewalls Toolkit distributed by Trusted Information Systems, Inc. ] ========