diff options
Diffstat (limited to 'debian/README.source')
| -rw-r--r-- | debian/README.source | 45 |
1 files changed, 44 insertions, 1 deletions
diff --git a/debian/README.source b/debian/README.source index d7c7bbe..6710099 100644 --- a/debian/README.source +++ b/debian/README.source @@ -27,4 +27,47 @@ for this Debian package. USE_DICT_FILE is unset. Calls to ZxcvbnInit() and ZxcvbnUninit() are not required, and README.md has been patched accordingly. - -- Sean Whitton <spwhitton@spwhitton.name>, Sat, 24 Sep 2016 15:24:12 -0700 +debian/missing-sources +---------------------- + +words-female.txt, words-male.txt and words-surname.txt are not in +their preferred format for modification. The raw US census data, and +the script to produce the words-*.txt files, have been included in the +debian/missing-sources directory. + +Some of the other words-*.txt files were generated by scripts from +HTML dumps of Wikipedia and Wiktionary articles. If someone wanted to +modify these word lists, it would be appropriate to modify the +words-*.txt files directly, rather than those HTML dumps. +Consequently, the HTML files and scripts have not been included in +this source package. For the curious, the scripts, and instructions +on how to run them, are available online: + + https://github.com/dropbox/zxcvbn/tree/master/data-scripts + +DFSG repacking +-------------- + +In the 2.0 release of zxcvbn-c, upstream replaced words-10k-pass.txt +with words-passwd.txt. Both files are based on password lists +produced by Mark Burnett. words-passwd.txt is a list of the 47023 +most frequently-occurring passwords in a list of ten million +passwords. The list of ten million passwords was released by Burnett +as an update to his original list of ten thousand passwords. + +While Burnett released words-10k-pass.txt under CC-BY-SA-3.0, his +release of ten million passwords came with the following disclaimer: + + BY DOWNLOADING THIS AUTHENTICATION DATA YOU AGREE NOT TO USE IT IN + ANY MANNER WHICH IS UNLAWFUL, ILLEGAL, FRAUDULENT OR HARMFUL, OR + IN CONNECTION WITH ANY UNLAWFUL, ILLEGAL, FRAUDULENT OR HARMFUL + PURPOSE OR ACTIVITY INCLUDING BUT NOT LIMITED TO FRAUD, IDENTITY + THEFT, OR UNAUTHORIZED COMPUTER SYSTEM ACCESS. THIS DATA IS ONLY + MADE AVAILABLE FOR ACADEMIC AND RESEARCH PURPOSES. + +This violates (at least) DFSG clause 6. In repacking the upstream +source, I have replaced words-passwd.txt with the old +words-10k-pass.txt, and restored references to words-10k-pass.txt in +the code. + + -- Sean Whitton <spwhitton@spwhitton.name>, Tue, 29 Nov 2016 16:07:52 -0700 |