Fedora criticised for hacker tool ban

Fedora's refusal to accept the SQLninja tool into its repositories has met with considerable criticism. The tool attempts to penetrate Microsoft SQL Server-based systems via SQL injection attacks in order to open a back door on these systems. What is an evil hacker tool for hijacking computers to some, is a useful tool for testing their own servers to others. The Fedora project leaders chose the former point of view and unanimously voted against adding the tool in a (virtual) board meeting.

However, the issue was discussed at length, and various pros and cons were considered. In the end, the Fedora board decided against the tool to prevent potential legal claims against Fedora – even the sharing of hacker tools is an offence in some countries.

This conclusion has now been criticised by members of the Fedora community. Apparently, in Iran and China even tools which enable users to bypass national censorship measures can be considered hacker tools. Some Fedora users think that removing such tools from the repositories for legal reasons would be the wrong approach. Furthermore, the Fedora repositories already contain numerous hacker tools including vulnerability scanners, password crackers and spyware tools. Security activist and Tor developer Jacob Appelbaum thinks that the decision could make Fedora unpopular with security professionals who, in Appelbaum's opinion, could switch to other distributions as a result.

Adopted in Germany despite considerable criticism from legal and technical experts in mid-2007, paragraph 202c (German language link) of the German Penal Code (StGB), dubbed the "hacker paragraph", also continues to cause confusion in Germany. However, in 2009 the German Federal Constitutional Court clarified that the suitability of a program for hacker purposes in itself doesn't make owning, sharing or using the program a criminal offence.

Previously, the public prosecution in Hannover, Germany rejected a self-denunciation by the chief editor of iX magazine, Jürgen Seeger, for sharing the BackTrack distribution in a special edition of the magazine. According to the prosecutor, the deciding factor with software that is intended for preventing attacks, but can without modification also be used for illegal purposes, is the subjective intention of the user.

(crve)