Digg this topic Add to my del.icio.us Submit to SlashDot 3 Pages V   1 2 3 >  
Reply to this topicStart new topic
> How to determine if a file is redistributable, Files within .scripts or hosted on boot-land servers
jaclaz
post Oct 8 2007, 09:34 AM
Post #1


Finder
***

Group: Advanced user
Posts: 1,185
Joined: 14-July 06
Member No.: 2


Italy


As all of you know, there has been some discussions over the re-distributability status of Third Party Files.

It has been suggested to find a way to make .script developers responsible about the use of Third Party Files embedded into .scripts, from which it derives the need to help them in determining whether a file or package is re-distributable under the new, proposed policies.

Let me be very clear about this, to avoid any misunderstandings, we are talking here in the future tense, no Rule has been changed till now, current Rules can be found here:
http://www.boot-land.net/forums/index.php?act=boardrules

They are subject to discussion, as they have always been, here:
http://www.boot-land.net/forums/index.php?...opic=82&hl=

Let's start from the following, integrally copied from the closed thread here:
http://www.boot-land.net/forums/index.php?...=3124&st=50

QUOTE (Medevil)
I favore the system of 'good fath', we host/embed software that is eighter share- or freeware and is therefore intended to be distributed and assume in good faith that the developer will welcome this promoting of his software.


Good! (IMG:http://www.boot-land.net/forums/style_emoticons/default/smile.gif)

This applies to a large part of freeware and shareware.

Still, it does not apply to the freeware or shareware that explicitly denies re-packaging or re-distribution.

To continue on the example posted about Foxit PDF-Reader:
http://www.boot-land.net/forums/index.php?...=3197&st=12
it's hard to use the "therefore" as you did or sustain that you, in good faith, presumed that they will welcome this promoting of their software:
QUOTE (http://www.foxitsoftware.com/pdf/rd_eula.htm)
6. REDISTRIBUTION: You can not redistribute Foxit Reader under this agreement, please contact sales@foxitsoftware.com for information on our free redistribution agreement.

as I see it the .script developer should ask for re-distribution agreement, if he wants to embed the file into his .script.

As said, I think that most Freeware/Shareware Authors or Rights Owners will graciously release this permission, and the more will do with Winbuilder everyday gaining popularity. (IMG:http://www.boot-land.net/forums/style_emoticons/default/thumbsup.gif)

So, I think we can start to draw some "tentative" lines:
1) Software that needs any form of registration to be downloaded from the original site CANNOT be embedded
2) Software that cannot be downloaded from the original site CANNOT be embedded (say it's Warez (IMG:http://www.boot-land.net/forums/style_emoticons/default/ph34r.gif) )
3) Software that explicitly prohibits re-distribution or re-packaging in its EULA or homepage CANNOT be embedded
4) Any software that does not belong to any of the above categories can be assumed to be freely redistributable "in good faith" and thus CAN be embedded
5) Any software that cannot be downloaded from the original site, but that was at one time available for public download, provided that it's EULA does not explicitly prohibits re-distribution or re-packaging, CAN be embedded
6) Any Software CAN be embedded as long as the .script developer obtains a re-distribution agreement from software Author or Owner

The above should cover most of the situations, with the exception of:
Any Freeware (NOT Shareware, NOT Commercial Software) whose Author is not anymore reachable to ask him for a free re-distribution permission (say it's FREE Abandonware)

Whenever any software is embedded, Nuno will provide a way within Winbuilder to actually list the embedded files, and a way to credit the Author/Owner in a perceivable manner for the end user of the .script.

The same information needs to be included in the download description or in the post (see proposed amendment to Rules #1.a).

What do you think of this?

jaclaz

P.S.: This thread is intended only as a way to create guidelines for as much as possible easily understand what will be acceptable and accepted to be hosted directly (as is) or indirectly (embedded into .scripts) on boot-land servers.
If you want to discuss the way the new policy will be coded and eventually enforced, please use this thread:
http://www.boot-land.net/forums/Please-ALL...here-t3244.html
Go to the top of the page
 
+Quote Post
psc
post Oct 8 2007, 10:48 AM
Post #2


Guru
***

Group: .script developer
Posts: 3,190
Joined: 14-July 06
From: Korschenbroich, Germany
Member No.: 3


Germany


QUOTE (jaclaz @ Oct 8 2007, 11:34 AM) *
So, I think we can start to draw some "tentative" lines:
1) Software that needs any form of registration to be downloaded from the original site CANNOT be embedded
2) Software that cannot be downloaded from the original site CANNOT be embedded (say it's Warez (IMG:http://www.boot-land.net/forums/style_emoticons/default/ph34r.gif) )
3) Software that explicitly prohibits re-distribution or re-packaging in its EULA or homepage CANNOT be embedded
4) Any software that does not belong to any of the above categories can be assumed to be freely redistributable "in good faith" and thus CAN be embedded
5) Any software that cannot be downloaded from the original site, but that was at one time available for public download, provided that it's EULA does not explicitly prohibits re-distribution or re-packaging, CAN be embedded
6) Any Software CAN be embedded as long as the .script developer obtains a re-distribution agreement from software Author or Owner

(IMG:http://www.boot-land.net/forums/style_emoticons/default/thumbup.gif)

This meets exactly my opinion.

I think it's very descriptive, and does not leave any question open.

EDIT:
To be complete, maybe we add:
7) Any Software CAN be embedded which is written by the .script developer

Peter
Go to the top of the page
 
+Quote Post
thunn
post Oct 19 2007, 10:17 PM
Post #3


Advanced Member
***

Group: .script developer
Posts: 374
Joined: 27-July 06
From: Queens, New York
Member No.: 75


United States


@Psc, I did not request your permission to encoded a certain program you've contributed. These details should not be overlooked, I'm speaking of the C proof fo concept you ported to Delphi recently. Lot's of nice comments don't make up for, may I use the file? ..
regards, -t
Go to the top of the page
 
+Quote Post
psc
post Oct 20 2007, 08:27 AM
Post #4


Guru
***

Group: .script developer
Posts: 3,190
Joined: 14-July 06
From: Korschenbroich, Germany
Member No.: 3


Germany


QUOTE (thunn @ Oct 20 2007, 12:17 AM) *
@Psc, I did not request your permission to encoded a certain program you've contributed. These details should not be overlooked, I'm speaking of the C proof fo concept you ported to Delphi recently. Lot's of nice comments don't make up for, may I use the file? ..
regards, -t

No, I did not port.
I used the description what's happening to write my own code.

Here some parts.
CODE
function hashIt(const Input: DWORD; var res: array of Byte): boolean;
...
begin
...
  if CryptAcquireContext(@cryptProvider, nil, nil, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT or CRYPT_MACHINE_KEYSET) then
  begin
    if CryptCreateHash(cryptProvider, CALG_MD5, 0, 0, @handleHash) then
    begin
      if CryptHashData(handleHash, @nulls, sizeof(nulls), 0) then
      begin
        if CryptHashData(handleHash, @input, sizeof(input), 0) then
        begin
          if CryptGetHashParam(handleHash, HP_HASHVAL, @dataHash[0], @lenHash, 0) then
          begin
            for i := 0 to lenHash - 1 do
            begin
              res[i] := dataHash[i];
            end;
            Result := true;
          end;
        end;
      end;
      CryptDestroyHash(handleHash);
    end;
    CryptReleaseContext(cryptProvider, 0);
  end;
...
  for i := 1 to ParamCount do
  begin
    line := AnsiUpperCase(AnsiReplaceText(ParamStr(i), '/', '-'));
    If Debug then Writeln(Output, 'Parameter: ' + line);
    if line = '-D' then
      debug := true
    else if line = '-W' then
    begin
      pnpKey := cwPNP;
      setupKey := cwSetup;
      signingKey := cwSigning;
    end
  end;
  If Debug then Writeln(Output, 'RegOpenKeyEx ' + pnpKey);
  res := RegOpenKeyEx(HKEY_LOCAL_MACHINE, PAnsiChar(pnpKey), 0, KEY_READ, regKey);
  If Debug then Writeln(Output, 'res ' + IntToStr(res));
  if res = ERROR_SUCCESS then
  begin
    If Debug then Writeln(Output, 'RegQueryValueEx ' + cSeed);
    res := RegQueryValueEx(regKey, cSeed, nil, nil, @seed, @len);
    If Debug then Writeln(Output, 'res ' + IntToStr(res));
    RegCloseKey(regKey);
  end;
// build hash
  if hashIt(seed, hash) = true then
  begin
// write 'privateHash'
    If Debug then Writeln(Output, 'RegOpenKeyEx ' + setupKey);
    res := RegOpenKeyEx(HKEY_LOCAL_MACHINE, PAnsiChar(setupKey), 0, KEY_WRITE, regKey);
    If Debug then Writeln(Output, 'res ' + IntToStr(res));
    if res = ERROR_SUCCESS then
    begin
      If Debug then Writeln(Output, 'RegSetValueEx ' + cPrivate);
      res := RegSetValueEx(regKey, cPrivate, 0, REG_BINARY, @hash[0], sizeof(hash));
      If Debug then Writeln(Output, 'res ' + IntToStr(res));
      RegCloseKey(regKey);
// write policy
      If Debug then Writeln(Output, 'RegOpenKeyEx ' + setupKey);
      res := RegOpenKeyEx(HKEY_LOCAL_MACHINE, PAnsiChar(signingKey), 0, KEY_WRITE, regKey);
      If Debug then Writeln(Output, 'res ' + IntToStr(res));
      if res = ERROR_SUCCESS then
      begin
        If Debug then Writeln(Output, 'RegSetValueEx ' + cPolicy);
        res := RegSetValueEx(regKey, cPolicy, 0, REG_BINARY, @nulls, sizeof(nulls));
        If Debug then Writeln(Output, 'res ' + IntToStr(res));
        RegCloseKey(regKey);
      end;
    end;
  end;
  If Debug then ReadLn(Input);
...


Peter
Go to the top of the page
 
+Quote Post
thunn
post Oct 20 2007, 07:59 PM
Post #5


Advanced Member
***

Group: .script developer
Posts: 374
Joined: 27-July 06
From: Queens, New York
Member No.: 75


United States


Your post answers any doubt with respect to my question. I was really greatfull to receive such prompt assistance with that particular problem.

And no, port is not accurate at all as your exe preinstalls the correct hash vs. a fix on the fly.
(IMG:http://www.boot-land.net/forums/style_emoticons/default/magic.gif)
Go to the top of the page
 
+Quote Post
psc
post Oct 20 2007, 09:32 PM
Post #6


Guru
***

Group: .script developer
Posts: 3,190
Joined: 14-July 06
From: Korschenbroich, Germany
Member No.: 3


Germany


QUOTE (thunn @ Oct 20 2007, 09:59 PM) *
Your post answers any doubt with respect to my question. I was really greatfull to receive such prompt assistance with that particular problem.

And no, port is not accurate at all as your exe preinstalls the correct hash vs. a fix on the fly.
(IMG:http://www.boot-land.net/forums/style_emoticons/default/magic.gif)


Sorry, I forgot to say:

Yes, you may use (IMG:http://www.boot-land.net/forums/../forums/style_emoticons/default/cheers.gif)

Peter
Go to the top of the page
 
+Quote Post
thunn
post Oct 21 2007, 12:39 AM
Post #7


Advanced Member
***

Group: .script developer
Posts: 374
Joined: 27-July 06
From: Queens, New York
Member No.: 75


United States


(IMG:http://www.boot-land.net/forums/../forums/style_emoticons/default/cheers.gif)
Go to the top of the page
 
+Quote Post
Alexei
post Oct 26 2007, 09:22 PM
Post #8


Advanced Member
***

Group: .script developer
Posts: 539
Joined: 30-August 06
Member No.: 283



QUOTE (jaclaz @ Oct 8 2007, 02:34 AM) *
As all of you know, there has been some discussions over the re-distributability status of Third Party Files.
1) Software that needs any form of registration to be downloaded from the original site CANNOT be embedded

Unfortunately, it's not clear enough (IMG:../forums/style_emoticons/default/wink.gif)
Let's suppose webmaster of some web-site had in mind following schema:
Home--->Registration--->EULA--->Download,
but using direct link to download page allows downloading without Registration and acceptance of EULA.
This is true for many web sites and this creates a problem.
One position is that you could obtain the direct download link from somewhere (search angine, etc.).
Another position is that the site should be used as designed.
(IMG:../forums/style_emoticons/default/yahoo.gif) jaclaz, your opinion? (IMG:../forums/style_emoticons/default/wink.gif)
(IMG:../forums/style_emoticons/default/cheers.gif)
Alexei
PS
It's pretty clear when downloaded file contains EULA and copyright notice, but what if it doesn't?


Go to the top of the page
 
+Quote Post
jaclaz
post Oct 29 2007, 10:34 AM
Post #9


Finder
***

Group: Advanced user
Posts: 1,185
Joined: 14-July 06
Member No.: 2


Italy


Well, if I hypothetically would want users of my app to register, I would make sure that the registration step could not be bypassed, nonetheless, in my opinion the Author of a software has all the rights to put ANY limitation to it's use as he fancies, and it is only a site programming error or misconfiguration that allows a (slightly) malicious user to download directly the app.

I would call this behaviour "cheating".

By the same principle, one could claim that a "warez" release (from which EULA and/or activation/validation has been hacked off) is legal because there is nowhere info about it.

Besides the fact that such an excuse (ignorance) won't be accepted in a Court, it surely cannot be invoked, from an ethical standpoint, by one of ours .script developers that all are (or should be) considered as "advanced internet users".

Just do a Google search for:
"parent directory" ghost.zip

does that mean that because a number of (unexperienced or illegal prone) web users have left some directories "open" you are allowed to get everything you wish from there?

It is just like your house, you may lock it's door when you go out or forget it unlocked, but the latter does not authorize me to get in and take whatever I like.

We could rephrase as follows:
QUOTE
1) Software that needs for which any form of registration is asked by the Author to be downloaded for it's downloading from the original site, no matter if the request can be bypassed by using direct links or any other workaround, CANNOT be embedded



jaclaz
Go to the top of the page
 
+Quote Post
psc
post Oct 30 2007, 05:30 PM
Post #10


Guru
***

Group: .script developer
Posts: 3,190
Joined: 14-July 06
From: Korschenbroich, Germany
Member No.: 3


Germany


Now, due to actual reasons I have a new question to be discussed here:

I'm working with VMWare Player script.

I currently included everything EULA concerning stuff into the ISO.

That causes a new 'EULA confirmation' on every boot.

It is easy to avoid this confirmation and to save some space in the ISO by
  • Not copying
    • EULA.txt
    • EULA.rtf
    • richtxt32.ocx
    • richedt20.dll
  • adding some lines to the script
    QUOTE
    FileCreateBlank,%AppData%\VMWare\preferences.ini
    TXTAddLine,%AppData%\VMWare\preferences.ini,"pref.eula.0.appName = #$qVMWare Player#$q","Append"
    TXTAddLine,%AppData%\VMWare\preferences.ini,"pref.eula.0.buildNumber = #$q55017#$q","Append"
Legal? Grey? Illegal?

You have to consider, that I do not publish the result of the script, I only publish the script.

The result of the script (the ISO) is built by the distinct user.

Happy discussions! (IMG:../forums/style_emoticons/default/innocent.gif)

Peter
Go to the top of the page
 
+Quote Post

3 Pages V   1 2 3 >
Fast ReplyReply to this topicStart new topic

Members Who Viewed Topic Today ()

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline


RSS Lo-Fi Version Time is now: 2nd November 2007 - 11:35 PM

MKPortal ©2003-2006 mkportal.it