On Tue, 25 May 2004 11:05:03 PDT, Seth Alan Woolley said:
Copyright means the right to publish a work in its entirety. As long as
they aren't republishing the whole code when they find a vulnerability,
it's protected under fair use. What is illegal to republish isn't
illegal to acquire. If one acquires the Cisco code outside of a
licensing arrangement, they surely didn't agree to their additional
restrictions preventing audit or duplication.
There's a few points you need to deal with:
1) Although you can probably get away with "fair use" for a small code
snippet demonstrating a problem in an advisory (the infamous "the problem
is in these 15 lines" part), you will have a *very* hard time doing anything
resembling a good audit while only accessing a "fair use" amount of code.
How did you find the 15 problem lines without looking at an amount of
code far in excess of what "fair use" authorizes?
2) The fact that you're getting a copy from somebody other than Cisco does NOT
make it "clean". That is true for trade secrets, where if the cat is out of
the bag already, redistributing it further is no problem (although you better
make sure the cat is *out* of the bag and not merely poking its nose out).
Absent some licensing agreement, you can't copy it. Period, end of discussion.
Go read the GPL, the part where it says "You are not required to accept this
License, since you have not signed it. However, nothing else grants you
permission to modify or distribute the Program or its derivative works. These
actions are prohibited by law if you do not accept this License.". A lot of
very
highly talented legal minds have looked at that, and they all come up
with the same reading: "You make a copy without accepting the GPL terms,
you're screwed".
Re-read your first sentence. The only one that applies is
redistribution. Copying for personal use and use itself are still
perfectly legal outside of an explicit contract with Cisco that says
otherwise, and even then, one would have to agree to it.
Umm. No. It's Cisco's code, and you do *NOT* have *any* rights to it other
than what (a) you're able to establish under "fair use" or (b) Cisco authorizes
you to have. Although the "Betamax case" granted the "fair use" right
to videotape, timeshift, and (by extension) rip your own CD's to digital:
http://www.eff.org/Legal/Cases/sony_v_universal_decision.php
there is *still* a requirement that the original copy be legally obtained, and
there are limitations - although the court held that making a copy for
your *own* use was OK, other uses weren't covered - you can't distribute
copies to others, and copying things you didn't have a clear right to have
the first copy is right out as well.
And I'd be very wary of trying to use "He made the copy, I just took the copy
he made" as a defense - you're still liable for some penalties, and if you knew
or
should have known the copy was infringing you're probably equally liable as the
person who made the copy....
pgpLhChD45Wjq.pgp
Description: PGP signature
