GitHub Posted Replacement Rules defining policies regarding the placement of exploits and the results of a malicious study Software, as well as Compliance with In the US Act on copyright law into a digital era (DMCA). Changes are still in a Chernivik state available for discussion within 30 days.
In the rules of compliance with DMCA, in addition to the previously present prohibition of distribution and ensuring installation or delivery of active malware and exploits, Added The following conditions:
- An obvious ban of premises in the technology repository to bypass the technical means of copyright protection, including licensed keys, as well as programs for generating keys, bypassing key checks and extending a free period of work.
- An application for submission to remove such code is entered. From the application for deletion requires the provision of technical details, with a declared intention to transfer this application for examination before blocking.
- When blocking the repository, promise to provide an opportunity to export ISSUE and PR-s, and offer legal services.
Changes included in the rules relating to the exploits and malicious software, take into account the criticism that sounded after Removing Microsoft Prototype Exploit for Microsoft Exchange used to make attacks. The new rules attempted to an explicit branch of the content providing the danger and used to perform active attacks and code accompanying security research. Changes made:
- It is forbidden not only to attack users of GitHub by placing content on it with exploits or use GitHub as a means of delivery of exploits, as it was before, but also accommodation for malicious code and exploits associated with active attacks. In general, it is not forbidden to place examples of exploits prepared during safety research and affecting already corrected vulnerabilities, but everything will depend on how to interpret the term “active attacks”.
For example, published in any form of the JavaScript code source texts, The attackering browser falls under this criterion – an attacker does not prevent anything prevents the source code into the victim’s browser fetch, to automatically populate if the exploit prototype is published in an inoperative form and execute. Similarly, with any other code, for example, C ++ – nothing prevents it from compiling it on an attacked machine, and execute. When the repository is detected with a similar code, it is planned to be not deleted, but to close access to it.
- moved above in the text section prohibiting “spam”, cheats, participation in the cheating market, programs for violating the rules of any sites, phishing and its attempt.