[Pkg-nx-group] freenx debian packaging
Paul van der Vlis
paul at vandervlis.nl
Mon Jan 14 08:33:05 UTC 2008
Stefan Lippers-Hollmann schreef:
> Hi
>
> On Samstag, 12. Januar 2008, Paul van der Vlis wrote:
> [...]
>> FreeNX does not have libraries. The NX libraries are coming from
>> Nomachine and they give security-support on them. The used versions are
>> from secure and stable releases so far I know.
>
> It's based on code that has long been abandoned upstream and history
> shows that even the X related security fixes that did exist (and got quite
> some press coverage) weren't applied. I'd really prefer being proven
> wrong, but reality looked different.
I have not studied the security-history of the Nomachine libraries. It's
not sayd that the X related security fixes where also a security-problem
for the use in the NX libraries. I have never seen Nomachine NX on
security related sites.
> Now let's take a look at SuSE's current NX packages from opensuse-factory
> (and they pretty much provide the most dedicated support to their NX
> packages, yes I know that NX 3.1 would be current upstream):
>
> http://download.opensuse.org/distribution/SL-OSS-factory/inst-source/suse/src/NX-2.1.0-51.src.rpm
>
> $ rpm2cpio NX-2.1.0-51.src.rpm | cpio -idmv
<cut list>
> ...most of that stuff is carried along since the NX 1.5 days or even
> longer.
Maybe it is an idea to port the libraries to the versions what are
carried with Debian, and to realease that under GPL. It's still
code-duplication, but it's more easy for the security-support.
I was thinking about the license problem, and I think it's illigal to
use non-GPL applications like Acrobat Reader inside an NX-session. These
non-GPL applications are using X libraries with GPL license. Even
running OpenOfficeOrg would be wrong, because this is LGPL. Hmm, 99.9%
of all Nomachine customers are illigal?
Met vriendelijke groet,
Paul van der Vlis.
--
http://www.vandervlis.nl/
More information about the Pkg-nx-group
mailing list