[Owasp-testing] OSSTMM manual, followup by Pete about OSS
jfernandez at germinus.com
Tue Jan 23 05:46:42 EST 2007
Matteo G.P. Flora dijo:
> Hi all,
> sorry for the long message, but as I told you all I was asking Pete to
> respond to the questions that were on the list...
I'm not going to answer point by point, specially since Pete is not on
the list (and not CC'ed) and I don't want to enter and endless debate.
Suffice it to say that I have been maintaining free (as in speech)
documentation like the "Debian Securing Manual" for over 5 years. All of
it's completely GPLd, and my position on open source documentation is
that I don't care if people make money out of it, rehash it for some
other Debian-derived distribution (like Ubuntu), fork it, put it in a
book or even throw it to the wastebasket. Actually, if others profit
from my work it's ok for me as long as I'm credited. I didn't get into
this for the money.
And I do work in the IT security industry and have hardened a number of
systems (both Debian, other Unices and Windows). I'm very much aware of
the commercial value of an operating system's in-depth security manual
(as long as it has a big user base, which Debian certainly has).
More information about the Owasp-testing