[Owasp-testing] OSSTMM manual, followup by Pete about OSS

Javier Fernández-Sanguino jfernandez at germinus.com
Tue Jan 23 05:46:42 EST 2007

Matteo G.P. Flora dijo:
> Hi all,
> sorry for the long message, but as I told you all I was asking Pete to 
> respond to the questions that were on the list...

I'm not going to answer point by point, specially since Pete is not on 
the list (and not CC'ed) and I don't want to enter and endless debate.

Suffice it to say that I have been maintaining free (as in speech) 
documentation like the "Debian Securing Manual" for over 5 years. All of 
it's completely GPLd, and my position on open source documentation is 
that I don't care if people make money out of it, rehash it for some 
other Debian-derived distribution (like Ubuntu), fork it, put it in a 
book or even throw it to the wastebasket. Actually, if others profit 
from my work it's ok for me as long as I'm credited. I didn't get into 
this for the money.

And I do work in the IT security industry and have hardened a number of 
systems (both Debian, other Unices and Windows). I'm very much aware of 
the commercial value of an operating system's in-depth security manual 
(as long as it has a big user base, which Debian certainly has).



[1] http://www.debian.org/doc/user-manuals#securing

More information about the Owasp-testing mailing list