[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse)
** Changed in: debian Status: Unknown => New -- [needs-packaging] Metasploit Framework 3.0 (multiverse) https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse)
** Bug watch added: Debian Bug tracker #323420 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323420 ** Also affects: debian via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323420 Importance: Unknown Status: Unknown ** Tags added: auto-search -- [needs-packaging] Metasploit Framework 3.0 (multiverse) https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse)
What about uploading the proposed-for-gutsy deb package to getdeb.net? -- [needs-packaging] Metasploit Framework 3.0 (multiverse) https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse)
Hi Daniel, On Nov 25, 2007 11:04 PM, Daniel Holbach <[EMAIL PROTECTED]> wrote: > Nobody followed up on the lintian/linda errors on: > http://revu.tauware.de/details.py?package=metasploit I submitted patches to H.D. Moore and the Metasploit team to fix many of the errors. However, they decided that they were too busy to modify metasploit for inclusion in Debian/Ubuntu. The Metasploit license non-standard and does not allow modification of the source by anyone other than the msf developers, but does allow redistribution in an unaltered form. With this in mind, H.D. said they would sort it out when they draw up a new license for a future release of msf, possibly version 4.0. As it stands now, we are tied by that license and cannot proceed. H.D. Moore did integrate some of my patches, but not all of them that were required to fix this package for inclusion in Ubuntu :-( -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 (multiverse) https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse)
Nobody followed up on the lintian/linda errors on: http://revu.tauware.de/details.py?package=metasploit -- [needs-packaging] Metasploit Framework 3.0 (multiverse) https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: Fwd: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse)
OK, sounds good. Like I said, I don't have much time to deal with it right now as I am moving so San Francisco. keep me posted if you guys make any significant progress (ie, they fix it on their end or rework the license). metasploit is a tool by them, for them, and we have the benefit of seeing the code and using it for free. they have no obligation to change anything to suit a distro's needs. just keep that in mind ;-P On 8/30/07, Justin M. Wray <[EMAIL PROTECTED]> wrote: > Just an update, we are working with the metasploit team, to hammer out some > of the issues with the current package, etc. > > Please see the below email for communication between myself and the > team-lead. > > Thanks, > Justin M. Wray > > -- Forwarded message -- > From: Justin Wray <[EMAIL PROTECTED]> > Date: Aug 30, 2007 10:01 AM > Subject: Re: Fwd: [Bug 102212] Re: [needs-packaging] Metasploit Framework > 3.0 (multiverse) > To: H D Moore <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] > > Moore: > > With your permission, I would like to post your comments (as well as > mine) to our "bug" (https://bugs.launchpad.net/ubuntu/+bug/102212 ) so > others outside of this thread (including the package approvers) can keep > track of our status. > > On 8/29/07, H D Moore < [EMAIL PROTECTED]> wrote: > > > > Hi Justin, > > > > We can likely help with some of these in the future, but there are some > > things that we should clarify: > > > I appriciate your willingness to help, and look forward to working with > you and the rest of the metasploit team. > > 1) We will continue to use Subversion as a system for performing online > > updates. This means any distribution will always contain .svn > > directories. One solution, for a packager, is to give each user their own > > Metasploit 3 installation and provide a script which extracts this > > package and configures PATH/symlinks during the first use. This is how > > Metasploit 3.1 will work on Windows and a simple way to avoid having > > Subversion modify system-wide directories. > > > I like the idea of each user having their own installation. Not only > does it alleviate any issues implied by SVN and system-wide directories, but > it also allows each user to keep their own patch level, and more importantly > their own exploits. This then allows them to download third-party exploits > (milw0rm and the like) and even write their own, without the fear of > interfering with other users on the system. As such I will see what we can > do about packaging metasploit in such a way, and at the same time keep the > SVN update ability. > > 2) The license may change in the future, but we have no timeline set and > > no requirements to be compatible with debian-legal. For what its worth, > > our license was written by a lawyer and then reviewed again by a second > > legal team as a sanity check. The license stipulations are standard for > > EULAs and are not in line with what most folks consider open source. We > > understand that this doesn't make packaging easy, but allowing other > > people to distribute our software has not been a priority. > > > This makes perfect sence, as does the motive behind such a restrictive > license. However, this will cause the license to fall under the non-free > category. Which requires a bit more user interaction and fore-thought in > order to install. Thus it may scare some users away from trying metasploit, > then again, if they do not know what metasploit is, they will most likely > not be using it in the first place. Which I do not see as a bad thing. > > The major license issues we are having: > * Limited ability to redistribute > * The inability to redistribute changes (patches, etc) > > I understand that redistribution has not been a priority, and this > honestly is a bunch of bureaucracy that hinders productivity, all licenses > are. But allowing distributions (Ubuntu, Fedora, Suse, Backtrack) the > ability to package should be something that is looked at, when the next > license review comes along. The majority of users (even those who use > metasploit) are far more comfortable installing packages from the > distributions repositories. Some will go as far as requesting an > application to be packaged and added to the distribution before they will > install. It allows the user to keep a clean system and easily update all > the applications. Dependencies are handled, updates are provided, and > configuration complete, it makes installation painless. > > I also understand the wish to protect metasploit from re-branded and > r
Fwd: Fwd: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse)
Just an update, we are working with the metasploit team, to hammer out some of the issues with the current package, etc. Please see the below email for communication between myself and the team-lead. Thanks, Justin M. Wray -- Forwarded message -- From: Justin Wray <[EMAIL PROTECTED]> Date: Aug 30, 2007 10:01 AM Subject: Re: Fwd: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse) To: H D Moore <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] Moore: With your permission, I would like to post your comments (as well as mine) to our "bug" (https://bugs.launchpad.net/ubuntu/+bug/102212 ) so others outside of this thread (including the package approvers) can keep track of our status. On 8/29/07, H D Moore < [EMAIL PROTECTED]> wrote: > > Hi Justin, > > We can likely help with some of these in the future, but there are some > things that we should clarify: I appriciate your willingness to help, and look forward to working with you and the rest of the metasploit team. 1) We will continue to use Subversion as a system for performing online > updates. This means any distribution will always contain .svn > directories. One solution, for a packager, is to give each user their own > Metasploit 3 installation and provide a script which extracts this > package and configures PATH/symlinks during the first use. This is how > Metasploit 3.1 will work on Windows and a simple way to avoid having > Subversion modify system-wide directories. I like the idea of each user having their own installation. Not only does it alleviate any issues implied by SVN and system-wide directories, but it also allows each user to keep their own patch level, and more importantly their own exploits. This then allows them to download third-party exploits (milw0rm and the like) and even write their own, without the fear of interfering with other users on the system. As such I will see what we can do about packaging metasploit in such a way, and at the same time keep the SVN update ability. 2) The license may change in the future, but we have no timeline set and > no requirements to be compatible with debian-legal. For what its worth, > our license was written by a lawyer and then reviewed again by a second > legal team as a sanity check. The license stipulations are standard for > EULAs and are not in line with what most folks consider open source. We > understand that this doesn't make packaging easy, but allowing other > people to distribute our software has not been a priority. This makes perfect sence, as does the motive behind such a restrictive license. However, this will cause the license to fall under the non-free category. Which requires a bit more user interaction and fore-thought in order to install. Thus it may scare some users away from trying metasploit, then again, if they do not know what metasploit is, they will most likely not be using it in the first place. Which I do not see as a bad thing. The major license issues we are having: * Limited ability to redistribute * The inability to redistribute changes (patches, etc) I understand that redistribution has not been a priority, and this honestly is a bunch of bureaucracy that hinders productivity, all licenses are. But allowing distributions (Ubuntu, Fedora, Suse, Backtrack) the ability to package should be something that is looked at, when the next license review comes along. The majority of users (even those who use metasploit) are far more comfortable installing packages from the distributions repositories. Some will go as far as requesting an application to be packaged and added to the distribution before they will install. It allows the user to keep a clean system and easily update all the applications. Dependencies are handled, updates are provided, and configuration complete, it makes installation painless. I also understand the wish to protect metasploit from re-branded and re-packaging. But there is ways to allow distribution of changes, while still retaining original copyright, name/branding, and maintainers etc. Thus protecting metasploit from thief but still allowing Ubuntu and others to make needed changes in order to have metasploit integrate cleanly into the distribution. 3) Splitting the package in a way that core, gui, web, and data is > separate will not happen. Exploit modules often depend on updates to the > libraries and APIs. At some point, we may freeze the API or enforce a > versioning system, but at this team the code is inter-dependent. Our intentions on this were two fold. First users may or may not want the web interface, or the gui. Others may just run the web interface, and some may only use the gui. It truly depends on the user, and each has different motives, experience, and opinions. Spiliting the package up allowed the user to cont
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse)
>I won't work on this any more. I would strongly encourage you not to abandon this effort. As the only way to resolve this issue is to work harder, and obviously closer to the MSF Dev team. And I would like to think they do want to see their product released within the Ubuntu repositories. >shows me that people care about what packages make it into the repositories and results in a high quality system for the users I think that has been a selling point for Debian/Ubuntu for years... I'll forward my comments to the metasploit team, and see what we can do... Thanks, Justin M. Wray -- [needs-packaging] Metasploit Framework 3.0 (multiverse) https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse)
I agree with everything you mentioned here, especially braking up the packages. I am actually glad that Ubuntu is rejecting it :-) it shows me that people care about what packages make it into the repositories and results in a high quality system for the users. I am a long time user since Warty :-) So, looks like we need to puch this back to the MSF team so they can clean up their act. They may not even want to, and for that, we can do nothing. So, for myself, I will just continue pulling down sources manually until they work out a new license and/or ways to deal with these issues. They may not care, since it is their tool for their use, and we have the fringe benefit of being able to use it. Oh well...we tried. I won't work on this any more. I'll let you guys take over if you like. The MSF guys don't seen to have time or want to fix these things, at least as far as I can tell. Maybe they do, but they don't care if it makes it into a distro or not... On 8/29/07, Justin M. Wray <[EMAIL PROTECTED]> wrote: > >I said that .svn dirs must be removed ;) > A package for being accepted must be lintian *clean*, so i think, as i prev > said: > 1) we get a good package from dev team > 2) we get an execption from ubuntu-dev > > Completely agree, we were just trying to see if we could get past this > for the time being. > > I think the best solution is as follows: > > 1) We split metasploit into the following packages - > * metasploit-core (Containing all the core components, including CLI) > * metasploit-web (Containing all of the msfweb files) > * metasploit-gui (Containing all of the msfgui and needed files) > * metasploit-data (Containing all exploits, modules, etc.) > > 2) Offer a way to automatically update the exploits and modules only > (leaving core, web, and gui to be updated in future releases or with > security concerns). Although we need to discuss how this should be > approached, specific SVN, repackaging to the archive, a download script, > etc. > > The problem again, is how to we gain the ability to do such. The > options are MSF distributes the upstream package as we have outlined > above, or they allow an exception to the license that grants Ubuntu the > right to modify the package and distribute in the way stated above. > > But it is a long shot that they would repackage just to please one distro > (even though other distros could benefit from such a release). > Worse it is unlikely any license exception or change will be seen until the > next major release which should be accompanied by a new license. > > Which leaves us hanging without a metasploit release again...feedback? > > I wonder if the MSF team would be willing to create a separate SVN trunk > for Ubuntu specifically, in which they release under the layout above? > > Thanks, > Justin M. Wray > > -- > [needs-packaging] Metasploit Framework 3.0 (multiverse) > https://bugs.launchpad.net/bugs/102212 > You received this bug notification because you are a direct subscriber > of the bug. > -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 (multiverse) https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse)
>I said that .svn dirs must be removed ;) A package for being accepted must be lintian *clean*, so i think, as i prev said: 1) we get a good package from dev team 2) we get an execption from ubuntu-dev Completely agree, we were just trying to see if we could get past this for the time being. I think the best solution is as follows: 1) We split metasploit into the following packages - * metasploit-core (Containing all the core components, including CLI) * metasploit-web (Containing all of the msfweb files) * metasploit-gui (Containing all of the msfgui and needed files) * metasploit-data (Containing all exploits, modules, etc.) 2) Offer a way to automatically update the exploits and modules only (leaving core, web, and gui to be updated in future releases or with security concerns). Although we need to discuss how this should be approached, specific SVN, repackaging to the archive, a download script, etc. The problem again, is how to we gain the ability to do such. The options are MSF distributes the upstream package as we have outlined above, or they allow an exception to the license that grants Ubuntu the right to modify the package and distribute in the way stated above. But it is a long shot that they would repackage just to please one distro (even though other distros could benefit from such a release). Worse it is unlikely any license exception or change will be seen until the next major release which should be accompanied by a new license. Which leaves us hanging without a metasploit release again...feedback? I wonder if the MSF team would be willing to create a separate SVN trunk for Ubuntu specifically, in which they release under the layout above? Thanks, Justin M. Wray -- [needs-packaging] Metasploit Framework 3.0 (multiverse) https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse)
** Changed in: ubuntu Status: Incomplete => In Progress -- [needs-packaging] Metasploit Framework 3.0 (multiverse) https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse)
I said that .svn dirs must be removed ;) A package for being accepted must be lintian *clean*, so i think, as i prev said: 1) we get a good package from dev team 2) we get an execption from ubuntu-dev -- [needs-packaging] Metasploit Framework 3.0 (multiverse) https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse)
Kristian: Thank you for following-up in #ubuntu-motu as I have been busy the past few evenings. As I assumed would happen, the package has been rejected. This is obviously due to the multiple errors and issues that we were having (and unable to resolve due to the license). Unless we have these issues resolved today/tomorrow metasploit will not make it into the Gutsy release. We need to speak with the MSF Dev team a bit further and see what we can do. Thanks, Justin M. Wray -- [needs-packaging] Metasploit Framework 3.0 (multiverse) https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse)
Set to incomplete as further packaging/license issues are worked out. Thanks, Justin M. Wray ** Changed in: ubuntu Status: Fix Committed => Incomplete -- [needs-packaging] Metasploit Framework 3.0 (multiverse) https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse)
On 8/27/07, Justin M. Wray <[EMAIL PROTECTED]> wrote: > ** Changed in: ubuntu >Status: In Progress => Fix Committed I just updated my Gutsy install, but I don't see it. Has it made it into multiverse yet? This is the last day. Do you want me to get on #ubuntu-motu and coordinate this with you? -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 (multiverse) https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse)
On 8/27/07, Justin M. Wray <[EMAIL PROTECTED]> wrote: > Not yet, I have uploaded to my PPA, (not sure the status of that system > yet). I will upload to REVU now...time to face the fire. I know some of the packaging people at Canonical/Ubuntu. If they give you a hard time, mention Kristian Erik Hermansen from Cisco aka "The Clonezilla Dude" :-) -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 (multiverse) https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse)
** Changed in: ubuntu Status: In Progress => Fix Committed -- [needs-packaging] Metasploit Framework 3.0 (multiverse) https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse)
Not yet, I have uploaded to my PPA, (not sure the status of that system yet). I will upload to REVU now...time to face the fire. Thanks for all of the assistance. Thanks, Justin M. Wray -- [needs-packaging] Metasploit Framework 3.0 (multiverse) https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse)
So is it officially in Gutsy now? Can I "sudo aptitude update && sudo aptitude install metasploit3" ?? -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 (multiverse) https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse)
** Summary changed: - [needs-packaging] Metasploit Framework 3.0 + [needs-packaging] Metasploit Framework 3.0 (multiverse) -- [needs-packaging] Metasploit Framework 3.0 (multiverse) https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
Kristian: I already have a patch to correct the permission errors, so I can easily apply that to the Rev:5080 build. However, after looking through the linda/lintian output, the Ruby paths are not corrected either. I do not think the changes have been released upstream. We should speak to the upstream developers again. As soon as we have a clean build I'll put this up for testing, and then submission, as long as there are no issues. We have eight more days, if by the 24th, the changes are not applied upstream, I'll submit the package as is, and see what we can do. Hopefully worst case scenario we just upload a fix down the road. Thanks, Justin M. Wray -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/21/07, Justin M. Wray <[EMAIL PROTECTED]> wrote: > Pulled the latest snapshot from (Rev:5080), however all of the > permission issues are still present. The permissions issues are able to be modified, and do not fall under the relevant source code changes policy. They did fix the ruby files though, right? So, let me know if you need help modifying the permissions. We can do it manually for this first build, and talk to the msf boys again later. Do you want me to take over the package upload from here, or do you want to finish up with the permission issues and submit it? -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
Pulled the latest snapshot from (Rev:5080), however all of the permission issues are still present. Thanks, Justin M. Wray -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
I never noticed that msf2 had a GUI, then again I am much more of a CLI guy. Anyhow, I agree, we will add all depends, submit to Gutsy, and deal with the ideal situations down the road when they are possible. Thanks, Justin M. Wray Sent via BlackBerry by AT&T -Original Message- From: Kristian Hermansen <[EMAIL PROTECTED]> Date: Mon, 20 Aug 2007 21:38:54 To:[EMAIL PROTECTED] Subject: Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 On 8/20/07, Justin M. Wray <[EMAIL PROTECTED]> wrote: > Okay, so in general, I would agree that an application that doesn,t > normall have a web feature, should seperated. > > I would also apply this rule to a GUI interface. > > But where do we draw the line? Yes, I also agree that under ideal circumstances this would be the case. However, we are working with a restrictive license so this become a larger issue. Suggest deferring until license is changed... > Just because MSF2 didn't have a GUI or a webinterface, doesn't mean that > people using version 3 won't want it. Then again, are really the ones > who should make that decision? I do not believe so. msf2 did has a GUI as well :-) It just wasn't as easy to use as it is today. I use both the cli and gui, depending on how lazy I am and if I am screening the session, etc. Sometimes for n00bs, a GUI helps them learn enough that they can feel comfortable with the cli at a later point... > But do we really want a metaspolit-core, metasploit-gui, and metasploit- > web. I do see a benifit, as dependencies would be diffrent etc. And I > for one rearly use the web interface, and the GUI is far from mature. > > But then enters the legality issue. Can we really split the package up? > That would require upstream approval, or for them to alter the way they > distribute the package, and I see no benifit for them to do either. Do > you? Yes, there is a benefit, but not at the cost of delaying the package inclusion and/or dealing with license issues... > Last but I am sure not least, updates. Metasploit is updated with SVN, > which would replace the missing files, so the first time the user > updates his metaspolit installation (core) he ends up with the same > thing he would have gotten with -web and -gui. Where is the point in > that? This is the best point to have been made. It makes no sense to break it up if you will pull the files right back in :-) > Of course we could modifiy the package further, and make it only update > part of the package, based on what they install. But all of that would > come far after Gutst, and be more likely after Metasploit LLC releases a > license change, which is in the works. > > So, I do agree, that split packages could be benifitial, however, I do > not this that should be the focus of this release. Instead, I think a > solid package from SVN with all compoents is in order. Agreed, so please include the dependencies for the web interface as well as I have listed. This will be great. 10 days left to cut off :-) -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a direct subscriber of the bug. -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/20/07, Alessandro Tanasi <[EMAIL PROTECTED]> wrote: > Yes, and i am pedantic. So i say, that line is a comment, no a control > file line, so i think i can use a friendly alias. > And now, like pedantic guys, i think we need a huge beer. Let's all hang out and grab some beers at the next security-con. Here is a Google Calendar list of many events ongoing... http://www.google.com/calendar/embed?src=pe2ikdbe6b841od6e26ato0asc%40group.calendar.google.com -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/20/07, Justin M. Wray <[EMAIL PROTECTED]> wrote: > Okay, so in general, I would agree that an application that doesn,t > normall have a web feature, should seperated. > > I would also apply this rule to a GUI interface. > > But where do we draw the line? Yes, I also agree that under ideal circumstances this would be the case. However, we are working with a restrictive license so this become a larger issue. Suggest deferring until license is changed... > Just because MSF2 didn't have a GUI or a webinterface, doesn't mean that > people using version 3 won't want it. Then again, are really the ones > who should make that decision? I do not believe so. msf2 did has a GUI as well :-) It just wasn't as easy to use as it is today. I use both the cli and gui, depending on how lazy I am and if I am screening the session, etc. Sometimes for n00bs, a GUI helps them learn enough that they can feel comfortable with the cli at a later point... > But do we really want a metaspolit-core, metasploit-gui, and metasploit- > web. I do see a benifit, as dependencies would be diffrent etc. And I > for one rearly use the web interface, and the GUI is far from mature. > > But then enters the legality issue. Can we really split the package up? > That would require upstream approval, or for them to alter the way they > distribute the package, and I see no benifit for them to do either. Do > you? Yes, there is a benefit, but not at the cost of delaying the package inclusion and/or dealing with license issues... > Last but I am sure not least, updates. Metasploit is updated with SVN, > which would replace the missing files, so the first time the user > updates his metaspolit installation (core) he ends up with the same > thing he would have gotten with -web and -gui. Where is the point in > that? This is the best point to have been made. It makes no sense to break it up if you will pull the files right back in :-) > Of course we could modifiy the package further, and make it only update > part of the package, based on what they install. But all of that would > come far after Gutst, and be more likely after Metasploit LLC releases a > license change, which is in the works. > > So, I do agree, that split packages could be benifitial, however, I do > not this that should be the focus of this release. Instead, I think a > solid package from SVN with all compoents is in order. Agreed, so please include the dependencies for the web interface as well as I have listed. This will be great. 10 days left to cut off :-) -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
Kristian Hermansen wrote: > So, if we can't modify the package, does that mean that you want the > same package in repositories twice, one with the web interface > dependencies, and on without? I think the web interface is a huge > part of msf3, especially for people who will be using it on Ubuntu. > If we left that out, it would be a major detriment. Otherwise, we > would need th same package in the repos twice (metasploit3 and > metasploit3-web)... Sure, but the control file that i paste is from my package for personal use only, and i need to split ;) > I just wanted to make sure the package name was termed correctly. If > you make the package RECOMMEND 'svn' apt will not resolve this > package, as it is not valid. svn is the command name and not the > package name. Yes, pedantics are my specialty :-p Yes, and i am pedantic. So i say, that line is a comment, no a control file line, so i think i can use a friendly alias. And now, like pedantic guys, i think we need a huge beer. -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
Okay, so in general, I would agree that an application that doesn,t normall have a web feature, should seperated. I would also apply this rule to a GUI interface. But where do we draw the line? Just because MSF2 didn't have a GUI or a webinterface, doesn't mean that people using version 3 won't want it. Then again, are really the ones who should make that decision? I do not believe so. But do we really want a metaspolit-core, metasploit-gui, and metasploit- web. I do see a benifit, as dependencies would be diffrent etc. And I for one rearly use the web interface, and the GUI is far from mature. But then enters the legality issue. Can we really split the package up? That would require upstream approval, or for them to alter the way they distribute the package, and I see no benifit for them to do either. Do you? Last but I am sure not least, updates. Metasploit is updated with SVN, which would replace the missing files, so the first time the user updates his metaspolit installation (core) he ends up with the same thing he would have gotten with -web and -gui. Where is the point in that? Of course we could modifiy the package further, and make it only update part of the package, based on what they install. But all of that would come far after Gutst, and be more likely after Metasploit LLC releases a license change, which is in the works. So, I do agree, that split packages could be benifitial, however, I do not this that should be the focus of this release. Instead, I think a solid package from SVN with all compoents is in order. Thanks, Justin M. Wray Sent via BlackBerry by AT&T -Original Message- From: Kristian Hermansen <[EMAIL PROTECTED]> Date: Mon, 20 Aug 2007 19:57:22 To:[EMAIL PROTECTED] Subject: Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 On 8/20/07, Alessandro Tanasi <[EMAIL PROTECTED]> wrote: > I consider to deploy a separate package with web interface, in my packages. So, if we can't modify the package, does that mean that you want the same package in repositories twice, one with the web interface dependencies, and on without? I think the web interface is a huge part of msf3, especially for people who will be using it on Ubuntu. If we left that out, it would be a major detriment. Otherwise, we would need th same package in the repos twice (metasploit3 and metasploit3-web)... > Are you a kind of pedantic guy? svn stay for nickname of subversion ;) I just wanted to make sure the package name was termed correctly. If you make the package RECOMMEND 'svn' apt will not resolve this package, as it is not valid. svn is the command name and not the package name. Yes, pedantics are my specialty :-p -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a direct subscriber of the bug. -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/20/07, Alessandro Tanasi <[EMAIL PROTECTED]> wrote: > I consider to deploy a separate package with web interface, in my packages. So, if we can't modify the package, does that mean that you want the same package in repositories twice, one with the web interface dependencies, and on without? I think the web interface is a huge part of msf3, especially for people who will be using it on Ubuntu. If we left that out, it would be a major detriment. Otherwise, we would need th same package in the repos twice (metasploit3 and metasploit3-web)... > Are you a kind of pedantic guy? svn stay for nickname of subversion ;) I just wanted to make sure the package name was termed correctly. If you make the package RECOMMEND 'svn' apt will not resolve this package, as it is not valid. svn is the command name and not the package name. Yes, pedantics are my specialty :-p -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
I consider to deploy a separate package with web interface, in my packages. Are you a kind of pedantic guy? svn stay for nickname of subversion ;) -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/20/07, Alessandro Tanasi <[EMAIL PROTECTED]> wrote: > The first metaspoilt 3 package that i do when i open this bug have the > following: > > Depends: ruby, libruby, rdoc, libyaml-ruby, libzlib-ruby, libopenssl- > ruby, libdl-ruby, libreadline-ruby, libiconv-ruby, libgtk2-ruby, > libglade2-ruby What about gems/rails? > and recommends svn. Correct package name is 'subversion'... -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
The first metaspoilt 3 package that i do when i open this bug have the following: Depends: ruby, libruby, rdoc, libyaml-ruby, libzlib-ruby, libopenssl- ruby, libdl-ruby, libreadline-ruby, libiconv-ruby, libgtk2-ruby, libglade2-ruby and recommends svn. -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/20/07, Justin M. Wray <[EMAIL PROTECTED]> wrote: > I'll be packaging tonight, and will place the package online for testing > etc. > > Let me know if you are interested in testing. Great! Sure, I will test it. I think we should make the 'subversion' package a RECOMMENDS. What do you think? -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
The metasploit developers have made the requested changes to the current SVN update. I'll be packaging tonight, and will place the package online for testing etc. Let me know if you are interested in testing. I also wanted to take a moment to thank the metasploit team for working with us, to get this packaged and added to Ubuntu. And I also want to thank Kristian for taking the time out of his own schedule to communicate with the metasploit team. Thanks everyone. Thanks, Justin M. Wray -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
>I think he might have been weary of using my script on the source blindly... Agreed, plus the original script removed SVN, which is used to update MSF, so he would not have done that anyway. I'll send him an email and see if we can get the Ruby paths updated, as well as the permissions corrected. Thanks, Justin M. Wray -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/17/07, Justin M. Wray <[EMAIL PROTECTED]> wrote: > Kristian, I know you have been "attempting" to speak with the MSF Dev's. > Any chance they will apply the patches upstream? Alessandro is right, > it would make things a lot easier, because then we would have no need to > edit the source. hdm is back it seems. Why don't you send an email to [EMAIL PROTECTED], let them know what we are trying to do, and about the issues we encountered. He hasn't gotten back yet about applying my script to the source. So, they may not want to do it. But let's make the list as short as possible. Maybe we can just ask him to change the Ruby paths instead, and do it manually? I think he might have been weary of using my script on the source blindly... -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
Kristian, I know you have been "attempting" to speak with the MSF Dev's. Any chance they will apply the patches upstream? Alessandro is right, it would make things a lot easier, because then we would have no need to edit the source. Thanks, Justin M. Wray -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/16/07, Alessandro Tanasi <[EMAIL PROTECTED]> wrote: > I think that we need a law expert, and as i say in the first posts of > this bug the only easy way is that the msf dev team start to distribute > good archive. Yes ok, but that law does not come into play unless the package is modified, right? So we can worry about fixing the package later. We only have 12 more days to get msf3 in for Gutsy... -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
I think that we need a law expert, and as i say in the first posts of this bug the only easy way is that the msf dev team start to distribute good archive. -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/16/07, Justin M. Wray <[EMAIL PROTECTED]> wrote: > You are right, and none of us (as far as I know) are lawyers, nor Dev's > for MSF. But it is clear to me that modifications are allowed, and they > would result in a cleaner package. Just throwing everything together, > without fixing the current linda/lintian issue, will most likely get the > package rejected, meaning it may not make it in Gutsy at all. Agreed. But if the Metasploit license requires that any changes must NOT be distributed, then we may have an issue. I think we know the license's intention, but we are not allowed to take a risk on behalf of Ubuntu regarding this. The guidelines are there to protect them. So, if we want to default to the least amount of risk, let's go with unmodified. Your only issue with adding it unmodified is that it may be rejected. When we submit it, we could let them know that the issues are only warnings at that they will be resolved in Gutsy+1. If they reject it then, we can send the modified version... > But to answer the question at hand, Yes. Metasploit runs fine, exactly > the way it is packaged, even with the Ruby path issues, and the > permissions etc. We would still have a .desktop (Menu Entry) and > everything else, so it works. Excellent... -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
>OK. So let's do this. Will msf3 work unmodified? And will Ubuntu allow msf3 to slip in unmodified into multiverse? If so, I say we just add it to Gutsy ASAP and then worry about cleaning it up for the next release. We could easily get into many days of interpretation of the license. If we can just place it in multiverse now, we can worry about all that stuff later and get more feedback from hdm when he is not so busy... You are right, and none of us (as far as I know) are lawyers, nor Dev's for MSF. But it is clear to me that modifications are allowed, and they would result in a cleaner package. Just throwing everything together, without fixing the current linda/lintian issue, will most likely get the package rejected, meaning it may not make it in Gutsy at all. But to answer the question at hand, Yes. Metasploit runs fine, exactly the way it is packaged, even with the Ruby path issues, and the permissions etc. We would still have a .desktop (Menu Entry) and everything else, so it works. Thanks, Justin M. Wray -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/16/07, Justin M. Wray <[EMAIL PROTECTED]> wrote: > Let's break down the License, and see where we fall. OK. So let's do this. Will msf3 work unmodified? And will Ubuntu allow msf3 to slip in unmodified into multiverse? If so, I say we just add it to Gutsy ASAP and then worry about cleaning it up for the next release. We could easily get into many days of interpretation of the license. If we can just place it in multiverse now, we can worry about all that stuff later and get more feedback from hdm when he is not so busy... -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
Let's break down the License, and see where we fall. ... Definitions ... c. "Enhancement" means any bug fix, error correction, patch, or other addition to the Software that are independent of the Software and do not require modification of the Software of the Software itself. ... 3. The license granted in Section 2 is expressly made subject to and limited by the following restrictions: a. You may only distribute, publicly display, and publicly perform unmodified Software. Without limiting the foregoing, You agree to maintain (and not supplement, remove, or modify) the same copyright, trademark notices and disclaimers in the exact wording as released by Developer. ... 4. You may develop Enhancements to the Software and distribute Your Enhancements, provided that You agree to each of the following restrictions on this distribution: a. Enhancements may not modify, supplement, or obscure the user interface or output of the Software such that the title of the Software, the copyrights and trademark notices in the Software, or the licensing terms of the Software are removed, hidden, or made less likely to be discovered or read. b. If you release any Enhancement to the Software, You agree to distribute the Enhancement under the terms of this License (or any other later-issued license(s) of Developer for the Software). Upon such release, You hereby grant and agree to grant a non-exclusive royalty-free right, to both (i) Developer and (ii) any of Developer's later licensees, owners, contributors, agents or business partners, to distribute Your Enhancement(s) with future versions of the Software provided that such versions remain available under the terms of this License (or any other later-adopted license(s) of Developer). ... Online Updates The Software includes the ability to download updates (i.e., additional code) from Developer's server(s). These updates may contain bug fixes, new functionality, updated Documentation, and/or Extensions. When retrieving these updates, the Software may transmit the Software version and operating system information from Your computer to the update server. The server may record (store) this information, in conjunction with the IP (global Internet Protocol) address of the user, in order to attempt to maintain accurate end user and version statistics. By using the online update feature, You hereby agree to allow this information to be transmitted, recorded, and stored in any nation by or for Developer. I pulled out only the parts that are important to the matter at hand. An unedited version of the license can be found, attached above or from the metasploit website. I have not modified any content of the license and have only "copied&pasted" the parted needed for discussion. - 1) Definitions, entry "c" - Indicates that bug fixes are considered an "Enhancement" (this includes patches). 2) Section 3 - a indicates that only unmodified versions of the software can be distributed. 3) Section 4 grants the right to create "Enhancements" (or patches) 4) Section 4 - a enforces that the patches do not alter, the user-interface, license, or output etc. 5) Section 4 - b states we must release the patch under the same license (The Metasploit Framework License v1.2) 6) Online Updates Section notes that some user information may be recorded I am no lawyer by here is my feedback on the above statements: 1 - The Ruby patch, and "permissions correction" would fall under an "Enhancement" 2 - This would indicate that we cannot "distribute" the code, however when you get right down to it, Debian policies do not allow this anyway, and we instead "patch" the unmodified source. Either way this state makes it seem as if no modifications are allowed. 3 - However, this section gives the right to "patch" the code. Therefore distributing the unmodified source, and the patches should be fine. 4 - Our patches are only bug fixes, and in no way alter any of these items 5 - Ubuntu packages are released as GPL, we could in theory release the patch under The Metasploit Framework License v1.2, but currently it is included in the package, with no restrictions. This is something we should look into. 6 - I really think this should be relayed to the client, as some would want to know this up front. - Maybe I am reading into this the wrong way, I am not sure, any comments? Thanks, Justin M. Wray -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
** Attachment added: "The Metasploit Framework License v1.2" http://launchpadlibrarian.net/8853728/LICENSE -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
Welcome back Alessandro, I noticed you did package MSF as well, so I hope that I haven't stepped on your toes. I have been reviewing the licenes as well. Have a look at: http ://framework-mirrors.metasploit.com/documents/RELEASE-3.0.txt The part that stands out - * Metasploit is now released under the Metasploit Framework License. This license allows anyone to use the framework for almost anything, but prevents commercial abuse and outright code theft. The Metasploit Framework License helps keep the platform stable and still allows module developers to choose their own licensing terms for their code (commercial or open source). For more information, please see the license document included in the distribution. It is clear that Metasploit LLC is attempting to protect the work from being used to re-create a "metasploit clone" and more importantly be altered and sold. But I do not really think the idea is to keep anyone from packaging the application, as long as the license stays intact and the "core" code isn't altered. We are not changing any code or functions in anyway. Only correcting the Ruby path (thats the patch that is mentioned). I would honestly like clarification from the Metasploit developer's as to what is "legal" and not. Now lets just say the end result is the code cannot be altered in any way, including our patches to the Ruby path, and file permissions. How will Debian (or Ubuntu) handle the resulting package? Obviously it will build, and work, but will have a hefty linda/lintian output, and break a few policies. Then again this is going to multivers anyway... From: http://www.ubuntu.com/community/ubuntustory/components "multiverse" component The "multiverse" component contains software that is "not free", which means the licensing requirements of this software do not meet the Ubuntu "main" Component Licence Policy. The onus is on you to verify your rights to use this software and comply with the licensing terms of the copyright holder. This software is not supported and usually cannot be fixed or updated. Use it at your own risk. So it is clear that Ubuntu is far more lenient with multiverse packages. The package still functions without the "Ruby" patch or the permission correction. It would just be a rather bad package. The best chance we have is to make the minor changes to the source from the patches mentioned. This will also give us the best package possible. Thanks, Justin M. Wray -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/16/07, Alessandro Tanasi <[EMAIL PROTECTED]> wrote: > hello guys, > i was away this days for the CCCamp. I heard it was a good time from my hackers on a plane friends :-) > I see that you done a good work, but remember that tha msf sources can't > modified. > So you can't apply any sort of patches. The only file we "modified" was the ruby paths from '/usr/local/bin/ruby' to '/usr/bin/env ruby'. This is not intellectual property... -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
hello guys, i was away this days for the CCCamp. I see that you done a good work, but remember that tha msf sources can't modified. So you can't apply any sort of patches. -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/16/07, Justin M. Wray <[EMAIL PROTECTED]> wrote: > Okay, well, we should be good to go, I was able to integrate the needed > permission changes into the build. The Ruby patch applies as well. Excellent. > Any other needed changes? Not that I can think of! > I'll post linda/lintian without SVN errors, so we can review. Anything major? -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
Okay, well, we should be good to go, I was able to integrate the needed permission changes into the build. The Ruby patch applies as well. Any other needed changes? I'll post linda/lintian without SVN errors, so we can review. Thanks, Justin M. Wray -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/15/07, Justin M. Wray <[EMAIL PROTECTED]> wrote: > Okay, so I got it working, sort of. > > I am now getting an error from you function, looking into this. Post the output? -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
Okay, so I got it working, sort of. I am now getting an error from you function, looking into this. Thanks, Justin M. Wray -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/15/07, Justin M. Wray <[EMAIL PROTECTED]> wrote: > I think there is a build function to do this, I just need to find it Let me know if you find it... > I am on the road, will be back on the PC in 45. No problem. I just got back from the BeanSec security meetup in Boston. Fun times... -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
Oh okay, didn't catch what you mean't. Sorry. Yes, I changed the directory, to back to the root. I think there is a build function to do this, I just need to find it I am on the road, will be back on the PC in 45. Thanks, Justin M. Wray Sent via BlackBerry by AT&T -Original Message- From: Kristian Hermansen <[EMAIL PROTECTED]> Date: Wed, 15 Aug 2007 20:31:10 To:[EMAIL PROTECTED] Subject: Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 On 8/15/07, Justin M. Wray <[EMAIL PROTECTED]> wrote: > Right, I made a diff, after running your script, thats the RUBY patch > above. Of course :-) I saw that... > However, 'diff' doesn't catch the change in file permissions etc. Yup! > Therefore, within the debian/rules I used part of your script, but that > doesn't seem to be working. What I am saying is that if you put the other parts of my script into another directory (debian/rules) and run it, it will fail to catch all the files I believe. It starts searching from the current directory and recursively downward... -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a direct subscriber of the bug. -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/15/07, Justin M. Wray <[EMAIL PROTECTED]> wrote: > Right, I made a diff, after running your script, thats the RUBY patch > above. Of course :-) I saw that... > However, 'diff' doesn't catch the change in file permissions etc. Yup! > Therefore, within the debian/rules I used part of your script, but that > doesn't seem to be working. What I am saying is that if you put the other parts of my script into another directory (debian/rules) and run it, it will fail to catch all the files I believe. It starts searching from the current directory and recursively downward... -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
>My file is a shell script, not a patch made with diff. And I made the script require to be run from the root directory. You can change that to suit the Debian rules if you like. I am not familiar with everything they enforce... Right, I made a diff, after running your script, thats the RUBY patch above. However, 'diff' doesn't catch the change in file permissions etc. Therefore, within the debian/rules I used part of your script, but that doesn't seem to be working. Thanks, Justin M. Wray -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/15/07, Justin M. Wray <[EMAIL PROTECTED]> wrote: > When packaging you cannot modify the source package at all, other then > through patches. > > As such I added the patch to the debian/rules. Let me check something. My file is a shell script, not a patch made with diff. And I made the script require to be run from the root directory. You can change that to suit the Debian rules if you like. I am not familiar with everything they enforce... -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
When packaging you cannot modify the source package at all, other then through patches. As such I added the patch to the debian/rules. Let me check something. Thanks, Justin M. Wray Sent via BlackBerry by AT&T -Original Message- From: Kristian Hermansen <[EMAIL PROTECTED]> Date: Wed, 15 Aug 2007 19:09:13 To:[EMAIL PROTECTED] Subject: Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 On 8/15/07, Justin M. Wray <[EMAIL PROTECTED]> wrote: > >Can you post the warning messages? > > W: metasploit; Executable > /usr/local/metasploit/framework-3.0/external/source/meterpreter/source/extensions/stdapi/server/net/net.h > with perms 0755 is not an ELF file or script. > > Seems this should have been covered by the script? Should have! Did you first drop the script into the root directory of metasploit? -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a direct subscriber of the bug. -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/15/07, Justin M. Wray <[EMAIL PROTECTED]> wrote: > >Can you post the warning messages? > > W: metasploit; Executable > /usr/local/metasploit/framework-3.0/external/source/meterpreter/source/extensions/stdapi/server/net/net.h > with perms 0755 is not an ELF file or script. > > Seems this should have been covered by the script? Should have! Did you first drop the script into the root directory of metasploit? -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
>Can you post the warning messages? W: metasploit; Executable /usr/local/metasploit/framework-3.0/external/source/meterpreter/source/extensions/stdapi/server/net/net.h with perms 0755 is not an ELF file or script. Seems this should have been covered by the script? Thanks, Justin M. Wray -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/15/07, Justin M. Wray <[EMAIL PROTECTED]> wrote: > The Ruby issue has been resolved, but the scripts method for determining > the correct permissions only partial worked. We still have plenty of > permissions issues. So we need to decide how we will proceed with > those. Can you post the warning messages? > In addition, I have setup a symlink to /usr/bin/ for all of the > executables (msfcli, msfgui, etc). And created a menu link with the MSF > (#) logo. This is all working great, with no issue. The question > however, were should we install the metasploit files? > > I was thinking /usr/local/metasploit/framework-3.0 I think /usr/share/ is better... -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
>Great! So is it ready to be uploaded for Gutsy??? :-) Well, not quite yet, but close. The Ruby issue has been resolved, but the scripts method for determining the correct permissions only partial worked. We still have plenty of permissions issues. So we need to decide how we will proceed with those. In addition, I have setup a symlink to /usr/bin/ for all of the executables (msfcli, msfgui, etc). And created a menu link with the MSF (#) logo. This is all working great, with no issue. The question however, were should we install the metasploit files? I was thinking /usr/local/metasploit/framework-3.0 Any incite? Thanks, Justin M. Wray -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
Assigned to myself, as I will be packaging. Thanks, Justin M. Wray ** Changed in: Ubuntu Assignee: MOTU => Justin M. Wray Status: Confirmed => In Progress -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/15/07, Justin M. Wray <[EMAIL PROTECTED]> wrote: > Here is the diff patch to correct Ruby paths... > > ** Attachment added: "Ruby Path Correction (diff/patch)" >http://launchpadlibrarian.net/8841542/ruby.patch Great! So is it ready to be uploaded for Gutsy??? :-) -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
Here is the diff patch to correct Ruby paths... ** Attachment added: "Ruby Path Correction (diff/patch)" http://launchpadlibrarian.net/8841542/ruby.patch -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
Yeah I looked over the script, should have worked. I just wanted to let you know. I will fix this, correct the rules, and repackage. Thanks, Justin M. Wray Sent via BlackBerry by AT&T -Original Message- From: Kristian Hermansen <[EMAIL PROTECTED]> Date: Wed, 15 Aug 2007 15:31:45 To:[EMAIL PROTECTED] Subject: Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 On 8/15/07, Justin M. Wray <[EMAIL PROTECTED]> wrote: > > E: metasploit: wrong-path-for-ruby ./usr/share/metasploit/external > /ruby-pcapx/examples/tcpdump.rb #!/usr/local/bin/ruby > > Your script does_NOT_ seem to fix this error. However, I do not get > that output with or without your patch. It should! The clean_ruby_paths function should change three files which have this issue. Does it not? I basically just do a sed on the files and replace with (/usr/bin/env ruby). You could fix my script, if it is broken, but don't think it is! Or you could write another script/patch which does this. Or manually. Then we can get it packaged and uploaded for Gutsy. We only have two weeks though. So, let's hustle :-) -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a direct subscriber of the bug. -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/15/07, Justin M. Wray <[EMAIL PROTECTED]> wrote: > > E: metasploit: wrong-path-for-ruby ./usr/share/metasploit/external > /ruby-pcapx/examples/tcpdump.rb #!/usr/local/bin/ruby > > Your script does _NOT_ seem to fix this error. However, I do not get > that output with or without your patch. It should! The clean_ruby_paths function should change three files which have this issue. Does it not? I basically just do a sed on the files and replace with (/usr/bin/env ruby). You could fix my script, if it is broken, but don't think it is! Or you could write another script/patch which does this. Or manually. Then we can get it packaged and uploaded for Gutsy. We only have two weeks though. So, let's hustle :-) -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
> E: metasploit: wrong-path-for-ruby ./usr/share/metasploit/external /ruby-pcapx/examples/tcpdump.rb #!/usr/local/bin/ruby Your script does _NOT_ seem to fix this error. However, I do not get that output with or without your patch. Thanks, Justin M. Wray -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
Okay, ran the script, which did fix the permissions. I repackaged, and linda/lintian are now happy. Thanks, Justin M. Wray -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
** Summary changed: -[needs-packaging] Metasploit Framework 3.0 + [needs-packaging] Metasploit Framework 3.0 -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
Okay, I am away from my desk at the moment, I'll run the scrip as soon as I get back, creat the patch, and repackage. Then we can take a look at the linda/lintian output. Thanks, Justin M. Wray Sent via BlackBerry by AT&T -Original Message- From: Kristian Hermansen <[EMAIL PROTECTED]> Date: Wed, 15 Aug 2007 13:33:04 To:[EMAIL PROTECTED] Subject: Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 On 8/15/07, Justin M. Wray <[EMAIL PROTECTED]> wrote: > We need to check into this a bit more, as I asked about the policy (when I > started working on MSF), and was told, it is not against policy, just frowned > upon. The problem, without the SVN updates, the user would be unable to pull > the new exploits and modules. And its almost pointless to repackage and > distribute the entire binary deb every time one exploit is released, which > may only be 15 lines of Ruby. If we do decide to scrap the SVN update > capability, we will need to come up with a update path for exploits/modules. You have a good point. If it is not against policy, and since this package with be in multiverse anyways, and having updates is a good thing obviously, let's leave them in! Thanks for making a valid point to convince me. You are right. If it is not a hard rule for Debian, it really does amkes sense to leave them in if we won't be penalized for it -- due to the nature of security products and how quickly they are updated. 6 months would be a long time to wait for a new release :-) > Seems in this case we just ignore the SVN issue. Yup. Let's do it. Btw, the cutoff date for multiverse is August 30th. So, if we get the package in before that time, it will be in Gutsy. I checked with #ubuntu-motu. Also, I asked them about the license issues, and the only requirement for multiverse is that the package is allowed to be redistributed. So, we will have metasploit in Gutsy if we hurry up and get this done :-) > Also, some of the errors linda/lintian is producing are due to the > windows files packaged within MSF and the fact that some of the ruby > modules aren't set as executable. This can easily be fixed by a patch > (if not safely ignored). Just take my script, and comment out the clean_svn function at the bottom. Run the other two cleanup routines, and let me know how linda/lintian handles the result. Can you do that today? > Can you create a diff patch of the end result of your script. That it what we would use in the Package, as well as what the MSF devs would want to see. The only files that need to be "modified" are the invalid Ruby script paths (/usr/local/bin/ruby). In my script, I fix them to be (/usr/bin/env ruby). I highly doubt that this constitutes a breach of the Metasploit license agreement, as this portion of the code is not the intellectual property. If we started to modify the logic, that would be a problem, and that's what the license is trying to prevent. All the other changes my script does are dealing with executable permissions and trying to determine which files should or should not be set. I think it worked fairly well. So, get back to me when you have a moment. Maybe we can check in our package into Gutsy before the weekend :-) -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a direct subscriber of the bug. -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/15/07, Justin M. Wray <[EMAIL PROTECTED]> wrote: > We need to check into this a bit more, as I asked about the policy (when I > started working on MSF), and was told, it is not against policy, just frowned > upon. The problem, without the SVN updates, the user would be unable to pull > the new exploits and modules. And its almost pointless to repackage and > distribute the entire binary deb every time one exploit is released, which > may only be 15 lines of Ruby. If we do decide to scrap the SVN update > capability, we will need to come up with a update path for exploits/modules. You have a good point. If it is not against policy, and since this package with be in multiverse anyways, and having updates is a good thing obviously, let's leave them in! Thanks for making a valid point to convince me. You are right. If it is not a hard rule for Debian, it really does amkes sense to leave them in if we won't be penalized for it -- due to the nature of security products and how quickly they are updated. 6 months would be a long time to wait for a new release :-) > Seems in this case we just ignore the SVN issue. Yup. Let's do it. Btw, the cutoff date for multiverse is August 30th. So, if we get the package in before that time, it will be in Gutsy. I checked with #ubuntu-motu. Also, I asked them about the license issues, and the only requirement for multiverse is that the package is allowed to be redistributed. So, we will have metasploit in Gutsy if we hurry up and get this done :-) > Also, some of the errors linda/lintian is producing are due to the > windows files packaged within MSF and the fact that some of the ruby > modules aren't set as executable. This can easily be fixed by a patch > (if not safely ignored). Just take my script, and comment out the clean_svn function at the bottom. Run the other two cleanup routines, and let me know how linda/lintian handles the result. Can you do that today? > Can you create a diff patch of the end result of your script. That it what we would use in the Package, as well as what the MSF devs would want to see. The only files that need to be "modified" are the invalid Ruby script paths (/usr/local/bin/ruby). In my script, I fix them to be (/usr/bin/env ruby). I highly doubt that this constitutes a breach of the Metasploit license agreement, as this portion of the code is not the intellectual property. If we started to modify the logic, that would be a problem, and that's what the license is trying to prevent. All the other changes my script does are dealing with executable permissions and trying to determine which files should or should not be set. I think it worked fairly well. So, get back to me when you have a moment. Maybe we can check in our package into Gutsy before the weekend :-) -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
> Someone has claimed that leaving .svn around is against debian policy, > which would be understandable... We need to check into this a bit more, as I asked about the policy (when I started working on MSF), and was told, it is not against policy, just frowned upon. The problem, without the SVN updates, the user would be unable to pull the new exploits and modules. And its almost pointless to repackage and distribute the entire binary deb every time one exploit is released, which may only be 15 lines of Ruby. If we do decide to scrap the SVN update capability, we will need to come up with a update path for exploits/modules. Seems in this case we just ignore the SVN issue. Also, some of the errors linda/lintian is producing are due to the windows files packaged within MSF and the fact that some of the ruby modules aren't set as executable. This can easily be fixed by a patch (if not safely ignored). > Here is the script I whipped up...let me know if you find any issues with > it... Can you create a diff patch of the end result of your script. That it what we would use in the Package, as well as what the MSF devs would want to see. Thanks, Justin M. Wray -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
Sorry -- Seems Launchpad added some of my responses as "quotes," thus I reposted. > Someone has claimed that leaving .svn around is against debian policy, > which would be understandable... We need to check into this a bit more, as I asked about the policy (when I started working on MSF), and was told, it is not against policy, just frowned upon. The problem, without the SVN updates, the user would be unable to pull the new exploits and modules. And its almost pointless to repackage and distribute the entire binary deb every time one exploit is released, which may only be 15 lines of Ruby. If we do decide to scrap the SVN update capability, we will need to come up with a update path for exploits/modules. Seems in this case we just ignore the SVN issue. Also, some of the errors linda/lintian is producing are due to the windows files packaged within MSF and the fact that some of the ruby modules aren't set as executable. This can easily be fixed by a patch (if not safely ignored). > Here is the script I whipped up...let me know if you find any issues with it... Can you create a diff patch of the end result of your script. That it what we would use in the Package, as well as what the MSF devs would want to see. Thanks, Justin M. Wray -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
Change name to [needs-packaging] Metasploit Framework 3.0. Thanks, Justin M. Wray ** Summary changed: - [needs-packaging] metasploit +[needs-packaging] Metasploit Framework 3.0 -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs