Le Vendredi 13 Mai 2005 12:18, vous avez écrit : > I took a quick look at the code and found it may require DFSG actions. > > http://cvs.sourceforge.net/viewcvs.py/waste/waste/license.cpp?rev=1.1&view= >auto that arrays are either the GPL license itself, backdoor code (who > knows, I didn't try to decode it) or some hashes of something. > > To me it seems it violates the GPL, the source code is not in a > changeable form. > > It is also a good place to hide backdoors when crackers get access the > the source code repository...
Yep, when I see that: WASTE - license.cpp Copyright (C) 2003 Nullsoft, Inc. Copyright (C) 2004 WASTE Development Team Then that: //ADDED Md5Chap - THIS PART IS GPL LICENSE!!! TOUCH AND DIE! Followed by a full binary only array, I feel it like you: it might be a good place for a backdoor, given that TOUCH AND DIE seems very strange refering to GPL licence... I'm shouting an email to the public mailing list, CCed the bug adress. Romain -- If you are the big tree, We are the small axe, Ready to cut you down, Sharpen to cut you down....
pgppLNhao5MLa.pgp
Description: PGP signature
