Re: ms-sys contains MBRs which are copyrighted by Microsoft
leorolla dijo [Thu, Apr 01, 2010 at 06:23:59AM -0700]: For security reasons it could perform a checksum verification to protect the user from a corrupt or virus-infected backup file. So the simple changes in the source would be: * remove the problematic file from the source code * change the source code to -look for a 446-byte file with a specific filename -if absent, produce error message explaining what the user is supposed to do and exit -perform the checksum verification -if fails, produce appropriate error message and exit -copy the file to the mbr (Is it also be copyright violation to distribute checksums along with the program? In this case, add look for the presence of a checksum file with a given name etc; if absent, produce an error message telling the user to copy it from a trusted source etc and exit.) Humm... and given the search space is just giant (and not mindboggingly huge), you could even add a loop that generates a random 446-byte-long content until it matches the md5sum and the sha1sum for said file? -- Gunnar Wolf • gw...@gwolf.org • (+52-55)5623-0154 / 1451-2244 -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100414232213.gb14...@gwolf.org
Re: ms-sys contains MBRs which are copyrighted by Microsoft
Gunnar Wolf gw...@gwolf.org wrote: leorolla dijo [Thu, Apr 01, 2010 at 06:23:59AM -0700]: For security reasons it could perform a checksum verification to protect the user from a corrupt or virus-infected backup file. So the simple changes in the source would be: * remove the problematic file from the source code * change the source code to -look for a 446-byte file with a specific filename -if absent, produce error message explaining what the user is supposed to do and exit -perform the checksum verification -if fails, produce appropriate error message and exit -copy the file to the mbr (Is it also be copyright violation to distribute checksums along with the program? In this case, add look for the presence of a checksum file with a given name etc; if absent, produce an error message telling the user to copy it from a trusted source etc and exit.) Humm... and given the search space is just giant (and not mindboggingly huge), you could even add a loop that generates a random 446-byte-long content until it matches the md5sum and the sha1sum for said file? The math does not work. The search space is still too unfeasibly large. There are 2^(8*448) different combinations. You will find a collision in md5sum first, though the sun would have burned out long before the loop completed. Cheers, Walter Landry wal...@geodynamics.org -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100414.163703.914206309142954568.wal...@geodynamics.org
Re: ms-sys contains MBRs which are copyrighted by Microsoft
I fully agree with the argument for the package removal (though nobody should believe that the copyright holder would ever take any copyright-enforcement action, which is irrelevant here). It is however very reasonable to believe that the user who wants to _restore_ such code to the MBR indeed has the rights to use this code. I mean the user has the licence to use one of the operating systems that come with this code. In the case the user wants to _restore_ this code but does not have such rights, it is anyway the case that the user was already using this code before, and all that ms-sys is doing for the user is to bring his system back to the state it was before a linux install, which cannot be reasonably considered as assisting the user in the copyright infringement. I may be wrong at this point, please feel free to disagree. So the main legal problem is that ms-sys *contains* copyrighted code. There may be other solutions to this rather than removing ms-sys from the repositories. It definitely would not be copyright infringement to ask the user to grab these 446 bytes from a previous backup of their system, or from another PC where the user has a legal copy of such MBR code. For security reasons it could perform a checksum verification to protect the user from a corrupt or virus-infected backup file. So the simple changes in the source would be: * remove the problematic file from the source code * change the source code to -look for a 446-byte file with a specific filename -if absent, produce error message explaining what the user is supposed to do and exit -perform the checksum verification -if fails, produce appropriate error message and exit -copy the file to the mbr (Is it also be copyright violation to distribute checksums along with the program? In this case, add look for the presence of a checksum file with a given name etc; if absent, produce an error message telling the user to copy it from a trusted source etc and exit.) Don Armstrong wrote: severity 425943 serious retitle 425943 ms-sys contains MBRs which are copyrighted by Microsoft thanks ms-sys contains verbatim copies of the master boot records of windows 2000 and windows 95B et al. While it would be valid to reimplement an MBR in such a way that it was functionally similar to an MBR that boots these MS operating systems, the length and expressive content of the MBR makes it rather likely that it is copyrightable, and that we have not been granted the right to distribute, nor is the assembly in question licensed in accordance with the DFSG (nor is the assembly even actually present, which falls afoul of DFSG §2). Finally, debian/copyright does not properly discuss this problem at all, nor does it mention the copyrights on syslinux's mbr or any of the other mbrs which are present. Possible solutions to the problem are: 1) Re-implement any MBRs for which the source/copyright is not available. 2) Get permission to distribute and modify the MBR from MS and distribute a disassembled and commented version; if distribution only, move ms-sys to non-free. 3) Remove ms-sys from the archive I strongly suggest if #1 or #2 doesn't occur relatively rapidly that #3 is taken as an interim measure until it can be rectified. Don Armstrong -- I shall require that [a scientific system's] logical form shall be such that it can be singled out, by means of emperical tests, in a negative sense: it must be possible for an emperical scientific system to be refuted by experience. -- Sir Karl Popper _Logic of Scientific Discovery_ §6 http://www.donarmstrong.com http://rzlab.ucr.edu -- View this message in context: http://old.nabble.com/ms-sys-removal-request-tp15462196p28107789.html Sent from the Debian Legal mailing list archive at Nabble.com. -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/28107789.p...@talk.nabble.com
ms-sys contains MBRs which are copyrighted by Microsoft
severity 425943 serious retitle 425943 ms-sys contains MBRs which are copyrighted by Microsoft thanks ms-sys contains verbatim copies of the master boot records of windows 2000 and windows 95B et al. While it would be valid to reimplement an MBR in such a way that it was functionally similar to an MBR that boots these MS operating systems, the length and expressive content of the MBR makes it rather likely that it is copyrightable, and that we have not been granted the right to distribute, nor is the assembly in question licensed in accordance with the DFSG (nor is the assembly even actually present, which falls afoul of DFSG §2). Finally, debian/copyright does not properly discuss this problem at all, nor does it mention the copyrights on syslinux's mbr or any of the other mbrs which are present. Possible solutions to the problem are: 1) Re-implement any MBRs for which the source/copyright is not available. 2) Get permission to distribute and modify the MBR from MS and distribute a disassembled and commented version; if distribution only, move ms-sys to non-free. 3) Remove ms-sys from the archive I strongly suggest if #1 or #2 doesn't occur relatively rapidly that #3 is taken as an interim measure until it can be rectified. Don Armstrong -- I shall require that [a scientific system's] logical form shall be such that it can be singled out, by means of emperical tests, in a negative sense: it must be possible for an emperical scientific system to be refuted by experience. -- Sir Karl Popper _Logic of Scientific Discovery_ §6 http://www.donarmstrong.com http://rzlab.ucr.edu
