problems compiling krb5.1.2 on solaris 8

Ken Raeburn raeburn at MIT.EDU
Fri May 24 15:49:03 EDT 2002


zrnaqvi at yahoo.com writes:

> Tom, Marc, Thanks for your help guys. I was able to get the rb51.2.5
> binary for Solaris 8 from the MIT site which should solve my problem.

If there's another krb5 1.2.5 distribution out there that's different
from ours, we'd like to know about it.

We've already heard from one site where a security check found a
problem with setproctitle in ftpd -- but the 1.2.5 source tree they
got was *not* ours, and this bug had been (intentionally or not)
introduced by whomever modified it and distributed it over IRC.

Just to clarify, the license on our code specifically states that if
you modify it, you're *not* allowed to pass it off as MIT's version:

 * ....  Furthermore if you modify this software you must label
 * your software as modified software and not distribute it in such a
 * fashion that it might be confused with the original M.I.T. software.

So whoever is distributing code this way seems to be doing so in
violation of the license, as well as introducing security problems for
the recipient.  Whether this is a malicious action or not, I can't
say.

Also, our distribution includes a PGP signature of the .tar.gz, signed
by Tom Yu.  Don't trust a distribution that doesn't have this.  (We're
looking into putting the signature info on our web site, so it can be
checked even by someone who's had trouble with our download server and
thus got a version from somewhere else.)

Ken



More information about the Kerberos mailing list