[Pkg-nx-group] freenx debian packaging

Paul van der Vlis paul at vandervlis.nl
Mon Jan 14 08:33:05 UTC 2008


Stefan Lippers-Hollmann schreef:
> Hi
> 
> On Samstag, 12. Januar 2008, Paul van der Vlis wrote:
> [...]
>> FreeNX does not have libraries. The NX libraries are coming from
>> Nomachine and they give security-support on them. The used versions are
>> from secure and stable releases so far I know.
>
> It's based on code that has long been abandoned upstream and history
> shows that even the X related security fixes that did exist (and got quite 
> some press coverage) weren't applied. I'd really prefer being proven 
> wrong, but reality looked different.

I have not studied the security-history of the Nomachine libraries. It's
not sayd that the X related security fixes where also a security-problem
for the use in the NX libraries. I have never seen Nomachine NX on
security related sites.

> Now let's take a look at SuSE's current NX packages from opensuse-factory
> (and they pretty much provide the most dedicated support to their NX 
> packages, yes I know that NX 3.1 would be current upstream):
> 
> http://download.opensuse.org/distribution/SL-OSS-factory/inst-source/suse/src/NX-2.1.0-51.src.rpm
> 
> $ rpm2cpio NX-2.1.0-51.src.rpm | cpio -idmv

<cut list>

> ...most of that stuff is carried along since the NX 1.5 days or even 
> longer.

Maybe it is an idea to port the libraries to the versions what are
carried with Debian, and to realease that under GPL. It's still
code-duplication, but it's more easy for the security-support.

I was thinking about the license problem, and I think it's illigal to
use non-GPL applications like Acrobat Reader inside an NX-session. These
non-GPL applications are using X libraries with GPL license. Even
running OpenOfficeOrg would be wrong, because this is LGPL. Hmm, 99.9%
of all Nomachine customers are illigal?

Met vriendelijke groet,
Paul van der Vlis.




-- 
http://www.vandervlis.nl/




More information about the Pkg-nx-group mailing list