01.10.08

Gemini version available ♊︎

McAfee Receives Warning After Spreading GPL FUD

Posted in FUD, GPL, Security at 10:14 pm by Dr. Roy Schestowitz

As you may recall, McAfee recently contributed to Linux and GPL FUD and later tried to mitigate the damage (without retraction of its claims). Someone whom I know has independently decided to challenge McAfee for its alleged GPL violations. I helped in drafting a response, which is appended below.

Contact was first made, but the issue at hand was escaped.

Dear Jerry,

Thank you for contacting McAfee Customer Service.

I sincerely apologize for the inconvenience but I am unable to understand your message. Please rephrase and resend your issue in detail so that I can assist you more efficiently.

I would like to inform you that McAfee Customer Service can only answer issues related to McAfee.

Please include your previous correspondence when you reply to this e-mail.
Your reference number for this contact is 81456567.

Sincerely,

Venj V.
McAfee CS-Tier 1

Here is the second message, with responses yet to come.

Dear Sir,

The company that you work for, McAfee, develops and sells software. Apparently, included in your software are third party contributions protected under the General Public License, otherwise known as the GPL. The GPL license stipulates that your company can indeed use GPL-licensed software to develop the products which McAfee sells, provided that you make modification to the GPL-licensed source code available and freely accessible for public use. If GPL code that you added to software was changed by you, then under those provisions of the GPL I request access to the source code of parts of your products that make use of the GPL-licensed source code.

To help you understand what is being requested, here are some relevant URLs that support my request for relevant McAfee source code. A copy of the licence is typically accompanied with to source code that you download for use and the language is clear enough to ensure understanding of use (there are no ‘hidden’ expectations and surprising obligations).

The General Public License 2.0 can be found at:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt

There is an excellent FAQ that explains the terms of the GPL at:
http://www.gnu.org/licenses/gpl-faq.html

One of the relevant points leading to my request for your source code being:
http://www.gnu.org/licenses/gpl-faq.html#LinkingWithGPL

The URL’s where your company, McAfee, admits to using GPL’d source code in your products may be found at:
http://www.theinquirer.net/gb/inquirer/news/2008/01/05/mcafee-throws-fud-gpl

Additionally see:

http://www.crn.com/security/205600714

I await your next message containing the location on the McAfee website where I can freely access the sources. If GPL-licensed code was never modified and the articles above are incorrect, then I apologize in advance.

Thank you very much for accepting my query.

Perhaps Jerry will get to the bottom of this. This hasn’t anything to do with BoycottNovell, but permission was given to post this as an open letter for greater exposure and increased public scrutiny.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New

  1. Links 26/01/2023: GNU poke 3.0 and PipeWire 0.3.65

    Links for the day

  2. IRC Proceedings: Wednesday, January 25, 2023

    IRC logs for Wednesday, January 25, 2023

  3. Companies Would Collapse Upon Abandoning Their Original Goals (That Attracted All the Productive Staff)

    Staff with technical skills won't stick around in companies that reject technical arguments and moreover move to proprietary software in a company that brands itself "Open Source"

  4. [Meme] Listen to Your Workers, Avert Disaster

    Companies that refuse to take input from staff are doomed to fail

  5. The ISO Delusion: When the Employer Doesn’t Understand the Company's Value Proposition (Building Systems) and Rejects Security

    Sirius ‘Open Source’ has failed to sell what it was actually good at; instead it hired unqualified people and outsourced almost everything

  6. Links 25/01/2023: NuTyX 23.01.1 and GNU Guile 3.0.9 Released

    Links for the day

  7. Links 25/01/2023: Stratis 3.5.0 and Many Political Links

    Links for the day

  8. New Record Low: Only One 'Linux' Article in ZDNet in More Than Two Weeks

    Only a few years ago ZDNet published about 3 “Linux” stories per day (mostly FUD pieces); now it’s a ghost town, painted in ‘alien green’; considering ZDNet’s agenda (and sponsors) maybe it’s better this way

  9. Links 25/01/2023: Pale Moon 32.0 and DXVK 2.1

    Links for the day

  10. IRC Proceedings: Tuesday, January 24, 2023

    IRC logs for Tuesday, January 24, 2023

  11. ISO Certification Hardly Tackles Any of the Real Issues

    The real-world threats faced by private companies or non-profit organisations aren't covered by the ISO certification mill; today we publish the last post on this topic before proceeding to some practical examples

  12. [Meme] Medical Data Sovereignty

    What happens when your medical records/data are accessible to a company based abroad after a mysterious NDA with the Gates Foundation? The International Organization for Standardization (ISO) does not mind.

  13. The ISO Delusion: Sirius Open Wash Ltd. and Medical Data/Projects at Risk/Peril

    Sirius ‘Open Source’ was good at gloating about “ISO” as in ISO certification (see our ISO wiki to understand what ISO truly is; ISO certification needs to be more widely condemned and exposed) while signing all sorts of dodgy deals and lying to clients (some, like the Gates Foundation, were never mentioned because of a mysterious NDA); security and privacy were systematically neglected and some qualified as criminal negligence (with fines/penalties likely an applicable liability if caught/reported)

  14. Links 24/01/2023: Wine 8.0 is Ready, FSF Bolsters Copyleft

    Links for the day

  15. Azure Has Layoffs Again, Microsoft Still Cutting

    Even supposed ‘growth’ areas at Microsoft are being culled (this growth is faked, it is a lie)

  16. Links 24/01/2023: Tails 5.9 and ArcoLinux v23.02

    Links for the day

  17. Links 24/01/2023: GStreamer 1.22 and Skrooge Gets New Site

    Links for the day

  18. IRC Proceedings: Monday, January 23, 2023

    IRC logs for Monday, January 23, 2023

  19. The Inside(r) Story of ISO 'Certification' Mills

    Based on my experiences inside Sirius ‘Open Source’ — as I was there for nearly 12 years — I finally tell what I’ve witnessed about ISO certification processes (see ISO wiki for prior experiences)

  20. [Meme] ISO Selling 'Reputation' to Small Businesses (for a Large Fee)

    As we’re hoping to demonstrate throughout the week, ISO certification is, in practice, worse than worthless (just a waste of small businesses’ resources, much like patents); call it the ‘ISO tax’, an artificial barrier to entry that boils down to money

  21. [Meme] ISO Certification for Paying for Certificates on Time

    ISO is a phony authority; it makes business by issuing mostly worthless paperwork that wastes people’s time and accomplishes nothing (except making ISO in rich Switzerland even richer)

  22. The ISO Train Wreck at Sirius 'Open Source'

    Before we proceed to showing how Sirius ‘Open Source’ blatantly ignored security and privacy we wish to show how ISO (see ISO wiki) basically ‘sold’ a certificate to Sirius — this is like a “diploma mill” but something that’s for businesses, not individuals

  23. Sirius Lying About ISO to Justify Giving the Technical Staff Some Classic 'Bullshit Jobs' While Censoring/Covering Up Incompetence

    Sirius ‘Open Source’ has long used “ISO” — and sometimes “GDPR” — as catch-all excuses for all sorts of nonsensical policies; does ISO realise the degree to which it is being misused by incompetent 'box tickers'?

  24. Links 23/01/2023: mozilla.org's 25th Anniversary and IceWM 3.3.1 Released

    Links for the day

  25. Report: The So-called 'Linux' Foundation is Reducing Focus on Linux

    The so-called ‘Linux’ Foundation is reducing its focus on Linux and is instead busy promoting Microsoft, Facebook, and other interests that GNU/Linux users strongly dislike

  26. Links 23/01/2023: Fwupd 1.8.10

    Links for the day

  27. IRC Proceedings: Sunday, January 22, 2023

    IRC logs for Sunday, January 22, 2023

  28. Links 23/01/2023: Many Pgpool-II Releases, risiOS 37 Reviewed

    Links for the day

  29. [Meme] Sirius is Not Open Source and Thugs Took Over the Company

    Despite its name, Sirius ‘Open Source’ actively replaces Open Source with proprietary software, even for its very own infrastructure (while almost all the “managers” use proprietary software)

  30. [Meme] Truth is Not Defamation

    The rogue employers like to frame everything that’s not convenient as “false” or even libelous/defamatory/slanderous; what’s actually libelous/defamatory/slanderous is those employers making such accusations against staff that says the truth (verifiable facts) in an effort to discredit such staff

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts