Control: retitle 910298 RFP: tmate-ssh-server -- server side part of tmate On 2018-10-04 17:10:07, Varac wrote: > * Package name : tmate-slave > Version : 1.8 > Upstream Author : ? > * URL : https://github.com/tmate-io/tmate-slave
Project was renamed to: https://github.com/tmate-io/tmate-ssh-server/ > * License : OpenBSD ? I took a look and the COPYRIGHT file declares the package as "ISC": https://opensource.org/licenses/ISC ... but then explicitely states the obvious: "THIS IS FOR INFORMATION ONLY, CODE IS UNDER THE LICENCE AT THE TOP OF ITS FILE." ... which brings us to a nice decopy run: Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Files: * Copyright: <author> 2010-2013, Dagobert Michelsen 2011-2012, George Nachman <[email protected]> 2003-2004, Henning Brauer <[email protected]> 1995, International Business Machines, Inc 1996-1998, Internet Software Consortium 2015, Joerg Jung <[email protected]> 2009, Jonathan Alvarado <[email protected]> 2009, Joshua Elsasser <[email protected]> 2011, Marcel P. Partap <[email protected]> 2006-2015, Nicholas Marriott <[email protected]> 2009, Nicholas Marriott <[email protected]> 2008, Otto Moerbeek <[email protected]> 2003, Peter Stuge <[email protected]> 2006-2007, Pierre-Yves Ritschard <[email protected]> 2006-2008, Reyk Floeter <[email protected]> 2010, Romain Francoise <[email protected]> 2004, Ted Unangst and Todd Miller 2013, Thiago de Arruda <[email protected]> 2012, Thomas Adam <[email protected]> 2008-2009, Tiago Cunha <[email protected]> 2014, Tiago Cunha <[email protected]> 1998-2005, Todd C. Miller <[email protected]> 2009, Todd Carson <[email protected]> their authors unless otherwise License: ISC Files: .mailmap .travis.yml CHANGES Dockerfile FAQ Makefile.am README README.md SYNCING TODO autogen.sh configure.ac create_keys.sh example_tmux.conf install_libssh_travis.sh install_msgpack_travis.sh monitor/* presentations/* tmate-daemon-decoder.c tmate-daemon-encoder.c tmate-daemon-legacy.c tmate-debug.c tmate-main.c tmate-msgpack.c tmate-protocol.h tmate-proxy.c tmate-ssh-client-pty.c tmate-ssh-daemon.c tmate-ssh-exec.c tmate-ssh-latency.c tmate-ssh-server.c tmate.h tools/* window-copy.h xmalloc.c xmalloc.h Copyright: 1995, Espoo, Finland 1995, Tatu Ylonen <[email protected]> License: ISC Comment: No explicit license found, using license(s) from: COPYING Files: logo/* Copyright: 2000-2004, Apple Computer Incorporated License: ISC Comment: No explicit license found, using license(s) from: logo/LICENSE Files: compat/bitstring.h compat/daemon.c compat/getopt.c compat/queue.h compat/strcasestr.c compat/strsep.c compat/unvis.c compat/vis.c compat/vis.h Copyright: 1987-1994, The Regents of the University of California License: BSD-3-clause Files: compat/fparseln.c Copyright: 1997, Christos Zoulas License: BSD-4-clause Files: compat/tree.h Copyright: 2002, Niels Provos <[email protected]> License: BSD-2-clause Files: logo/LICENSE Copyright: 2015, Jason Long <[email protected]> License: ISC License: BSD-2-clause Comment: Add the corresponding license text here License: BSD-3-clause Comment: Add the corresponding license text here License: BSD-4-clause Comment: Add the corresponding license text here License: ISC Comment: Add the corresponding license text here ... which confirms it's mostly ISC with some bits of BSD in there. It otherwise seems like a fairly standard autotools kind of thing. Did anyone audit that code in any shape? At first glance it looks a little worrisome: it sure seems to me like it copies the entire tmux source code inside of there. For example, here's cmd.c in tmate-server: https://github.com/tmate-io/tmate-ssh-server/blob/master/cmd.c and tmux: https://github.com/tmux/tmux/blob/master/cmd.c I filed this as a bug in: https://github.com/tmate-io/tmate-ssh-server/issues/59 They also do not seem to be issuing new releases anymore: https://github.com/tmate-io/tmate-ssh-server/issues/33 It also looks like tmate-server needs to be running as root, even if running on a non-privileged port: https://github.com/tmate-io/tmate-ssh-server/issues/40 So, long story short, a bit of a mess? :) A. -- What this country needs is more unemployed politicians. - Angela Davis

