Sorry, read this one: Re: SELinux Dumb Questions

Sorry, read this one: Re: SELinux Dumb Questions

[JW]

Sorry about that last empty message, I accidently hit ^[ENTER] when I meant 
hit shift...
-------------------

Something is really amiss with this and needs to be brought to a reasonable 
conclusion soon. Read on for details...

On Monday, 03 June Admissions Office wrote:
> > Folks this may seem like a dumb question given the Open Source and
> > postings on the site. Its just that we want to be sure....
> >
> > Is there any reason why a Colo company cannot offer SELinux as a standard
> > product offering they would install on clients servers?

And on Monday 03 June Russell Coker replied:
> As Mark stated there are no license or legal issues preventing such use.

BUT;
On Monday 03 June Tom Haigh wrote:

> SELinux includes Type Enforcement technology developed and patented by the
> Secure Computing Corporation, who still holds rights to all commercial use
> of the technology.  Before a colo company, or anyone else uses the
> technology commercially, it will be necessary to negotiate a license with
> Secure Computing.  If anyone wants to do so, I can help get the ball
> rolling with our Legal and BD folks.
>
> --Tom
>
> Dr. Tom Haigh, CTO
> Secure Computing Corp.
> 2675 Long Lake Road
> Roseville, MN 55113
>
> 651-628-2738 (V)
> 651-628-2701 (F)
>
> haigh@securecomputing.com


There is some severe misunderstanding here. 

IANAL, but it is my understanding that you cannot restrict the use or 
distribution of GPLd Free Software. It simply does not work that way, no 
exceptions, no excuses. Once code is GPLd it is free for all to use. You can 
change the license on future versions of the code, but you cannot go back and 
restrict GPL's code "after the fact"

Either:

 1. Someone (at the NSA?) affixed the GPL to code they didn't have a right to 
do so on, or

2. (More likely) Secure Computing did not understand under what terms they 
were developing Type Enforcment for the NSA under.

I've got the flu right now so I'm too tried to reason it all through, but 
_someone_ needs to very soon.

Just a few implications that come to the top of my head if Secure COmputing 
is right:

1. SELinux patches cannot legally be applied to GPLd software or the Linux 
kernel, because that would break the GPL itself (GPL forbids making non-free 
changes to GPL'd code -- i.e., if you modify GPL'd code, the modifications 
must be made available under the terms of the GPL).

2. It will need to be removed from Debian's tree -- at least moved to 
non-free, yet as I said before, if Secure Computing is correct, SE-Linux is 
not legal to use with GPL'd software anyway (at least the way I see it).

You'd better bet that GNU and other people who's code is being modified to 
work with SE-Linux will have ten purple cows on anyone who mixes non-free 
code with their GPLd code.

Perhaps I'm totally misunderstanding something while I'm half-delirious with 
the flu, but this needs to be clarified _soon_.

	JW

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Sorry, read this one: Re: SELinux Dumb Questions

[Admissions Office]

Ok, Tom & I are going to be speaking soon.  So we will talk, thats just
great business. And we will all see how this plays out.....





> Sorry about that last empty message, I accidently hit ^[ENTER] when I
meant
> hit shift...
> -------------------
>
> Something is really amiss with this and needs to be brought to a
reasonable
> conclusion soon. Read on for details...
>
> On Monday, 03 June Admissions Office wrote:
> > > Folks this may seem like a dumb question given the Open Source and
> > > postings on the site. Its just that we want to be sure....
> > >
> > > Is there any reason why a Colo company cannot offer SELinux as a
standard
> > > product offering they would install on clients servers?
>
> And on Monday 03 June Russell Coker replied:
> > As Mark stated there are no license or legal issues preventing such use.
>
> BUT;
> On Monday 03 June Tom Haigh wrote:
>
> > SELinux includes Type Enforcement technology developed and patented by
the
> > Secure Computing Corporation, who still holds rights to all commercial
use
> > of the technology.  Before a colo company, or anyone else uses the
> > technology commercially, it will be necessary to negotiate a license
with
> > Secure Computing.  If anyone wants to do so, I can help get the ball
> > rolling with our Legal and BD folks.
> >
> > --Tom
> >
> > Dr. Tom Haigh, CTO
> > Secure Computing Corp.
> > 2675 Long Lake Road
> > Roseville, MN 55113
> >
> > 651-628-2738 (V)
> > 651-628-2701 (F)
> >
> > haigh@securecomputing.com
>
>
> There is some severe misunderstanding here.
>
> IANAL, but it is my understanding that you cannot restrict the use or
> distribution of GPLd Free Software. It simply does not work that way, no
> exceptions, no excuses. Once code is GPLd it is free for all to use. You
can
> change the license on future versions of the code, but you cannot go back
and
> restrict GPL's code "after the fact"
>
> Either:
>
>  1. Someone (at the NSA?) affixed the GPL to code they didn't have a right
to
> do so on, or
>
> 2. (More likely) Secure Computing did not understand under what terms they
> were developing Type Enforcment for the NSA under.
>
> I've got the flu right now so I'm too tried to reason it all through, but
> _someone_ needs to very soon.
>
> Just a few implications that come to the top of my head if Secure
COmputing
> is right:
>
> 1. SELinux patches cannot legally be applied to GPLd software or the Linux
> kernel, because that would break the GPL itself (GPL forbids making
non-free
> changes to GPL'd code -- i.e., if you modify GPL'd code, the modifications
> must be made available under the terms of the GPL).
>
> 2. It will need to be removed from Debian's tree -- at least moved to
> non-free, yet as I said before, if Secure Computing is correct, SE-Linux
is
> not legal to use with GPL'd software anyway (at least the way I see it).
>
> You'd better bet that GNU and other people who's code is being modified to
> work with SE-Linux will have ten purple cows on anyone who mixes non-free
> code with their GPLd code.
>
> Perhaps I'm totally misunderstanding something while I'm half-delirious
with
> the flu, but this needs to be clarified _soon_.
>
> JW
>


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Sorry, read this one: Re: SELinux Dumb Questions

[Russell Coker]

On Tue, 4 Jun 2002 23:49, JW wrote:
> Sorry about that last empty message, I accidently hit ^[ENTER] when I meant
> hit shift...

You had written enough to clarify the issue (I don't know how I missed Tom's 
message the first time).

> IANAL, but it is my understanding that you cannot restrict the use or
> distribution of GPLd Free Software. It simply does not work that way, no
> exceptions, no excuses. Once code is GPLd it is free for all to use. You
> can change the license on future versions of the code, but you cannot go
> back and restrict GPL's code "after the fact"

Yes.  Unless of course they claim that they didn't GPL it, or that the GPL 
only covers the code not the patent.

> 2. It will need to be removed from Debian's tree -- at least moved to
> non-free, yet as I said before, if Secure Computing is correct, SE-Linux is
> not legal to use with GPL'd software anyway (at least the way I see it).

Stuff that.  I'm not putting this much work into non-free stuff!  If the 
license gets changed to anything other than the GPL then I'll immediately 
cease work and file critical bug reports against ftp.debian.org asking for 
the packages to be removed.  If Secure Computing want me to work on material 
that's patented by them then they'll have to pay me at my usual consulting 
rates, plus back-pay for the last 6 months.

> You'd better bet that GNU and other people who's code is being modified to
> work with SE-Linux will have ten purple cows on anyone who mixes non-free
> code with their GPLd code.

The code can be still released as patches, but the problems of having them 
becoming obsolete and not matching the version your OS uses will remain.

Basically I think that SE Linux is as good as dead for anything other than 
research use if this patent gets enforced.

-- 
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: Sorry, read this one: Re: SELinux Dumb Questions

[McFadden, Ken]

Tom,
You need to get with the NSA to remove the download from their web
page then, but as long as we download from NSA and per their license
agreement http://www.nsa.gov/selinux/license.html it is free and you
can't put any restrictions on it.......



-----Original Message-----
From: JW [mailto:jw@centraltexasit.com]
Sent: Tuesday, June 04, 2002 3:49 PM
To: SE Linux
Cc: Haigh, Tom; 'Admissions Office'; Carsten Grohmann; Russell Coker
Subject: Sorry, read this one: Re: SELinux Dumb Questions


Sorry about that last empty message, I accidently hit ^[ENTER] when I meant 
hit shift...
-------------------

Something is really amiss with this and needs to be brought to a reasonable 
conclusion soon. Read on for details...

On Monday, 03 June Admissions Office wrote:
> > Folks this may seem like a dumb question given the Open Source and
> > postings on the site. Its just that we want to be sure....
> >
> > Is there any reason why a Colo company cannot offer SELinux as a
standard
> > product offering they would install on clients servers?

And on Monday 03 June Russell Coker replied:
> As Mark stated there are no license or legal issues preventing such use.

BUT;
On Monday 03 June Tom Haigh wrote:

> SELinux includes Type Enforcement technology developed and patented by the
> Secure Computing Corporation, who still holds rights to all commercial use
> of the technology.  Before a colo company, or anyone else uses the
> technology commercially, it will be necessary to negotiate a license with
> Secure Computing.  If anyone wants to do so, I can help get the ball
> rolling with our Legal and BD folks.
>
> --Tom
>
> Dr. Tom Haigh, CTO
> Secure Computing Corp.
> 2675 Long Lake Road
> Roseville, MN 55113
>
> 651-628-2738 (V)
> 651-628-2701 (F)
>
> haigh@securecomputing.com


There is some severe misunderstanding here. 

IANAL, but it is my understanding that you cannot restrict the use or 
distribution of GPLd Free Software. It simply does not work that way, no 
exceptions, no excuses. Once code is GPLd it is free for all to use. You can

change the license on future versions of the code, but you cannot go back
and 
restrict GPL's code "after the fact"

Either:

 1. Someone (at the NSA?) affixed the GPL to code they didn't have a right
to 
do so on, or

2. (More likely) Secure Computing did not understand under what terms they 
were developing Type Enforcment for the NSA under.

I've got the flu right now so I'm too tried to reason it all through, but 
_someone_ needs to very soon.

Just a few implications that come to the top of my head if Secure COmputing 
is right:

1. SELinux patches cannot legally be applied to GPLd software or the Linux 
kernel, because that would break the GPL itself (GPL forbids making non-free

changes to GPL'd code -- i.e., if you modify GPL'd code, the modifications 
must be made available under the terms of the GPL).

2. It will need to be removed from Debian's tree -- at least moved to 
non-free, yet as I said before, if Secure Computing is correct, SE-Linux is 
not legal to use with GPL'd software anyway (at least the way I see it).

You'd better bet that GNU and other people who's code is being modified to 
work with SE-Linux will have ten purple cows on anyone who mixes non-free 
code with their GPLd code.

Perhaps I'm totally misunderstanding something while I'm half-delirious with

the flu, but this needs to be clarified _soon_.

	JW

--
You have received this message because you are subscribed to the selinux
list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
with
the words "unsubscribe selinux" without quotes as the message.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: Sorry, read this one: Re: SELinux Dumb Questions

[McFadden, Ken]

Once again, We are doing this for NSA and GNU NOT SECURE COMPUTING!!!!!!!
If Tom has a problem then they need to address it with the NSA and the 
NSA can go forth and remove their crap or deem it as being GNU.....As I
see it SELinux will go on and if someone would like to use it then all
they would need to do is keep the original GNU licensing with it.....
Other words this is not our problem to work out but Tom's and NSA's........
Until then I would treat it as GNU per NSA's web page!!!!!!!




-----Original Message-----
From: Russell Coker [mailto:russell@coker.com.au]
Sent: Tuesday, June 04, 2002 4:12 PM
To: JW; SE Linux
Cc: Haigh, Tom; 'Admissions Office'; Carsten Grohmann
Subject: Re: Sorry, read this one: Re: SELinux Dumb Questions


On Tue, 4 Jun 2002 23:49, JW wrote:
> Sorry about that last empty message, I accidently hit ^[ENTER] when I
meant
> hit shift...

You had written enough to clarify the issue (I don't know how I missed Tom's

message the first time).

> IANAL, but it is my understanding that you cannot restrict the use or
> distribution of GPLd Free Software. It simply does not work that way, no
> exceptions, no excuses. Once code is GPLd it is free for all to use. You
> can change the license on future versions of the code, but you cannot go
> back and restrict GPL's code "after the fact"

Yes.  Unless of course they claim that they didn't GPL it, or that the GPL 
only covers the code not the patent.

> 2. It will need to be removed from Debian's tree -- at least moved to
> non-free, yet as I said before, if Secure Computing is correct, SE-Linux
is
> not legal to use with GPL'd software anyway (at least the way I see it).

Stuff that.  I'm not putting this much work into non-free stuff!  If the 
license gets changed to anything other than the GPL then I'll immediately 
cease work and file critical bug reports against ftp.debian.org asking for 
the packages to be removed.  If Secure Computing want me to work on material

that's patented by them then they'll have to pay me at my usual consulting 
rates, plus back-pay for the last 6 months.

> You'd better bet that GNU and other people who's code is being modified to
> work with SE-Linux will have ten purple cows on anyone who mixes non-free
> code with their GPLd code.

The code can be still released as patches, but the problems of having them 
becoming obsolete and not matching the version your OS uses will remain.

Basically I think that SE Linux is as good as dead for anything other than 
research use if this patent gets enforced.

-- 
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.

--
You have received this message because you are subscribed to the selinux
list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
with
the words "unsubscribe selinux" without quotes as the message.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Sorry, read this one: Re: SELinux Dumb Questions

[Admissions Office]

Ok but, lets not let emotions rule the day. The NSA has done us all a
service and we them. So in the true spirit of the internet lets work this
out.  Tom & I are playing phone tag but, we will speak.... And I bet we will
have something to report back. No big deal !
Really.


----- Original Message -----
From: "McFadden, Ken" <ken.mcfadden@lmco.com>
To: "'Russell Coker'" <russell@coker.com.au>; "JW" <jw@centraltexasit.com>;
"SE Linux" <selinux@tycho.nsa.gov>
Cc: "Haigh, Tom" <tom_haigh@securecomputing.com>; "'Admissions Office'"
<admissions@internet.edu.nf>; "Carsten Grohmann"
<carsten.grohmann@dr-baldeweg.de>
Sent: Tuesday, June 04, 2002 16:28
Subject: RE: Sorry, read this one: Re: SELinux Dumb Questions


> Once again, We are doing this for NSA and GNU NOT SECURE COMPUTING!!!!!!!
> If Tom has a problem then they need to address it with the NSA and the
> NSA can go forth and remove their crap or deem it as being GNU.....As I
> see it SELinux will go on and if someone would like to use it then all
> they would need to do is keep the original GNU licensing with it.....
> Other words this is not our problem to work out but Tom's and
NSA's........
> Until then I would treat it as GNU per NSA's web page!!!!!!!
>
>
>
>
> -----Original Message-----
> From: Russell Coker [mailto:russell@coker.com.au]
> Sent: Tuesday, June 04, 2002 4:12 PM
> To: JW; SE Linux
> Cc: Haigh, Tom; 'Admissions Office'; Carsten Grohmann
> Subject: Re: Sorry, read this one: Re: SELinux Dumb Questions
>
>
> On Tue, 4 Jun 2002 23:49, JW wrote:
> > Sorry about that last empty message, I accidently hit ^[ENTER] when I
> meant
> > hit shift...
>
> You had written enough to clarify the issue (I don't know how I missed
Tom's
>
> message the first time).
>
> > IANAL, but it is my understanding that you cannot restrict the use or
> > distribution of GPLd Free Software. It simply does not work that way, no
> > exceptions, no excuses. Once code is GPLd it is free for all to use. You
> > can change the license on future versions of the code, but you cannot go
> > back and restrict GPL's code "after the fact"
>
> Yes.  Unless of course they claim that they didn't GPL it, or that the GPL
> only covers the code not the patent.
>
> > 2. It will need to be removed from Debian's tree -- at least moved to
> > non-free, yet as I said before, if Secure Computing is correct, SE-Linux
> is
> > not legal to use with GPL'd software anyway (at least the way I see it).
>
> Stuff that.  I'm not putting this much work into non-free stuff!  If the
> license gets changed to anything other than the GPL then I'll immediately
> cease work and file critical bug reports against ftp.debian.org asking for
> the packages to be removed.  If Secure Computing want me to work on
material
>
> that's patented by them then they'll have to pay me at my usual consulting
> rates, plus back-pay for the last 6 months.
>
> > You'd better bet that GNU and other people who's code is being modified
to
> > work with SE-Linux will have ten purple cows on anyone who mixes
non-free
> > code with their GPLd code.
>
> The code can be still released as patches, but the problems of having them
> becoming obsolete and not matching the version your OS uses will remain.
>
> Basically I think that SE Linux is as good as dead for anything other than
> research use if this patent gets enforced.
>
> --
> I do not get viruses because I do not use MS software.
> If you use Outlook then please do not put my email address in your
> address-book so that WHEN you get a virus it won't use my address in the
> >From field.
>
> --
> You have received this message because you are subscribed to the selinux
> list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
> with
> the words "unsubscribe selinux" without quotes as the message.
>
> --
> You have received this message because you are subscribed to the selinux
list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
with
> the words "unsubscribe selinux" without quotes as the message.
>


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Outside observer comments

[Paul Wolfson]

Hello,

I recently added myself to the SELinux listserver because of genuine shared
concerns about securing open source computing.  NSA is correct to be doing
this initiative and linux in its evolution will be better for it.

Now, from the few dozen emails that have come across my screen are any
indication, bickering is counter-productive.  It resembles government
procurement at its worst.  In that atmosphere I am afraid that there is
little that I will be able to contribute.  My company, is relatively new,
but has principal engineers who hold or have held DoD clearance at TS and
higher and would be interested in contributing to this effort.  If someone
on this list is a good POC let me know and perhaps we will be in a position
to help.

Perhaps this isn't the best forum to post such a blast as this, but its
intent at least is well meant.

Paul Wolfson, Ph.D.
Principal and President
Process and System Integration, Inc.
PO Box 118524
Carrollton, TX 75011-8524

----- Original Message -----
From: "McFadden, Ken" <ken.mcfadden@lmco.com>
To: "'Russell Coker'" <russell@coker.com.au>; "JW" <jw@centraltexasit.com>;
"SE Linux" <selinux@tycho.nsa.gov>
Cc: "Haigh, Tom" <tom_haigh@securecomputing.com>; "'Admissions Office'"
<admissions@internet.edu.nf>; "Carsten Grohmann"
<carsten.grohmann@dr-baldeweg.de>
Sent: Tuesday, June 04, 2002 5:28 PM
Subject: RE: Sorry, read this one: Re: SELinux Dumb Questions


> Once again, We are doing this for NSA and GNU NOT SECURE COMPUTING!!!!!!!
> If Tom has a problem <<snip>> treat it as GNU per NSA's web page!!!!!!!
>



--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Sorry, read this one: Re: SELinux Dumb Questions

[Russell Coker]

On Wed, 5 Jun 2002 03:34, Admissions Office wrote:
> Ok but, lets not let emotions rule the day. The NSA has done us all a
> service and we them. So in the true spirit of the internet lets work this
> out.  Tom & I are playing phone tag but, we will speak.... And I bet we
> will have something to report back. No big deal !
> Really.

You don't understand the issues.  The fact that you even have to make a 
single phone call in unacceptable to me, to the Debian project, and to the 
FSF.

This is a big deal.  Really.

-- 
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Outside observer comments

[Russell Coker]

On Wed, 5 Jun 2002 04:43, Paul Wolfson wrote:
> I recently added myself to the SELinux listserver because of genuine shared
> concerns about securing open source computing.  NSA is correct to be doing
> this initiative and linux in its evolution will be better for it.
>
> Now, from the few dozen emails that have come across my screen are any
> indication, bickering is counter-productive.  It resembles government

This is not bickering.  This is about a commercial organization threatening 
action which would permanently prevent me from doing any SE Linux work.  This 
is not a minor issue.

> procurement at its worst.  In that atmosphere I am afraid that there is
> little that I will be able to contribute.  My company, is relatively new,
> but has principal engineers who hold or have held DoD clearance at TS and
> higher and would be interested in contributing to this effort.  If someone
> on this list is a good POC let me know and perhaps we will be in a position
> to help.
>
> Perhaps this isn't the best forum to post such a blast as this, but its
> intent at least is well meant.

It's probably best to read more than a dozen messages before making 
judgements.  The last time there was any serious debate on this list was when 
we were discussing /usr/local last year.

> ----- Original Message -----
> From: "McFadden, Ken" <ken.mcfadden@lmco.com>
> To: "'Russell Coker'" <russell@coker.com.au>; "JW" <jw@centraltexasit.com>;
> "SE Linux" <selinux@tycho.nsa.gov>
> Cc: "Haigh, Tom" <tom_haigh@securecomputing.com>; "'Admissions Office'"
> <admissions@internet.edu.nf>; "Carsten Grohmann"
> <carsten.grohmann@dr-baldeweg.de>
> Sent: Tuesday, June 04, 2002 5:28 PM
> Subject: RE: Sorry, read this one: Re: SELinux Dumb Questions
>
> > Once again, We are doing this for NSA and GNU NOT SECURE COMPUTING!!!!!!!
> > If Tom has a problem <<snip>> treat it as GNU per NSA's web page!!!!!!!

-- 
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Sorry, read this one: Re: SELinux Dumb Questions

[Admissions Office]

> You don't understand the issues.  The fact that you even have to make a
> single phone call in unacceptable to me, to the Debian project, and to the
> FSF.
>
> This is a big deal.  Really.I do understand the "issues" and if they need
to be talked about - Great. In the many emails I see daily I have not seen
something talked about that really matter in over 5 years. I think that you
are all willing to talk shows just how much thought and consideration goes
into this. Its not about Linux or the NSA or any Open Source issues. At the
end of the day its about people. My intentions were to ask what I considered
to be a simple question. You people all impress me. Its good to be a part of
it all.


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Outside observer comments

[JW]

On Tuesday 04 June 2002 09:43 pm, you wrote:
> Hello,
>
> I recently added myself to the SELinux listserver because of genuine shared
> concerns about securing open source computing.  

Your very message would suggest that you have no idea what Open Source is all 
about.

I strongly suggest you go read the following:

http://www.opensource.org/docs/definition.html (and all of 
http://www.opensource.org/, really)
http://www.gnu.org/philosophy/free-sw.html
http://www.gnu.org/copyleft/copyleft.html


> NSA is correct to be doing
> this initiative and linux in its evolution will be better for it.

Yes, but that is not the issue. The issue is a third party is claiming patent 
and licensing rights over GPLd code.

> Now, from the few dozen emails that have come across my screen are any
> indication, bickering is counter-productive.  

That is only your opinion; and we are not bikering, we are asking for solid 
clarification of a bad situation. If Secure Computing is correct, then all 
work on SE-Linux to date is actually illegal, because non-Free work was 
mistakenly published under the GPL (if secure computing is correct), and that
is not legal (you cannot publish non-free work under a Free license such as 
the GPL).

Additionally, if Secure Computing is correct, it would suggest that whoever 
put the SE-Linux code under the GPL did not have the legal rights to do so 
(You can't publish as "Free" code/ideas that you are not the author of).

> It resembles government
> procurement at its worst.  

No, it resembles citizens defending themselves against corporate or 
governmental tyranny, and clarification of who's lying and who's not. The NSA 
and Secure Computing are saying 3 different things. Until today, everyone has 
been belive the NSA. Either Secure Computing or the NSA is dead wrong, and we 
need to know which one very soon, as it has serious implications either way. 
I am sure people who have contributed code to SE-Linux under the assumption 
that the NSA was telling the truth when they stated SE-Linux was Free are not 
going to be very happy to find that they have been deceived, and will 
probably want to retract thier contributions, which they have copyright 
ownership over.

> In that atmosphere I am afraid that there is
> little that I will be able to contribute. 

You don't seem to understand what a serious matter this is anyway, 
and contributing to a project without understanding it is a very bad idea. 
For your own sake, it is just as well that you not contribute.

> Perhaps this isn't the best forum to post such a blast as this, but its
> intent at least is well meant.

I appreciate your (no doubt) well-intended yet sadly misinformed message. 
Hopefully you will understand it all better in the future. I really do 
suggest you go read the URLs I mentioned above before attempting to 
contribute to a Free Software project. To do so without understanding what 
you are doing is not wise.

	JW


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Outside observer comments

[Russell Coker]

On Wed, 5 Jun 2002 06:07, JW wrote:
> implications either way. I am sure people who have contributed code to
> SE-Linux under the assumption that the NSA was telling the truth when they
> stated SE-Linux was Free are not going to be very happy to find that they
> have been deceived, and will probably want to retract thier contributions,
> which they have copyright ownership over.

Such contributions can't be retracted.  However contributions to a GPL 
project can't be used in a non-GPL fashion without explicit authorisation, 
such authorisation won't be forthcoming for my work - so it will be used 
under the GPL or not at all.

Also if SE Linux was made non-free and people wrote non-free SE code that 
closely resembled GPL SE code then a copyright infringement suit could 
follow...

> > In that atmosphere I am afraid that there is
> > little that I will be able to contribute.
>
> You don't seem to understand what a serious matter this is anyway,
> and contributing to a project without understanding it is a very bad idea.
> For your own sake, it is just as well that you not contribute.

Let's not get nasty.  Breaching the rule of reading a list well before 
posting is a bad thing, but let's not flame them excessively.

-- 
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Sorry, read this one: Re: SELinux Dumb Questions

[Tom]

On Wed, Jun 05, 2002 at 12:12:24AM +0200, Russell Coker wrote:
> Yes.  Unless of course they claim that they didn't GPL it, or that the GPL 
> only covers the code not the patent.

The GPL has a couple of things to say about patents on GPL software,
the main point being:

"[...] If you cannot distribute so as to satisfy simultaneously your 
obligations under this License and any other pertinent obligations, then 
as a consequence you may not distribute the Program at all. For example, 
if a patent license would not permit royalty-free redistribution of the 
Program by all those who receive copies directly or indirectly through 
you, then the only way you could satisfy both it and this License would 
be to refrain entirely from distribution of the Program."


In short: If this patent is intended to be enforced, even selectively
(*especially* selectively), then distribution of SELinux just died.


I, too, have had plans to use SELinux commercially, but I'd rather
write cobol software on VMS than support software patents.


-- 
New GPG Key issued (old key expired):
http://web.lemuria.org/pubkey.html
pub  1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org>
     Key fingerprint = C731 64D1 4BCF 4C20 48A4  29B2 BF01 9FA1 2D7A 04F5

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Sorry, read this one: Re: SELinux Dumb Questions

[Tom]

On Tue, Jun 04, 2002 at 04:28:27PM -0600, McFadden, Ken wrote:
> Once again, We are doing this for NSA and GNU NOT SECURE COMPUTING!!!!!!!
> If Tom has a problem then they need to address it with the NSA and the 
> NSA can go forth and remove their crap or deem it as being GNU.....As I
> see it SELinux will go on and if someone would like to use it then all
> they would need to do is keep the original GNU licensing with it.....
> Other words this is not our problem to work out but Tom's and NSA's........
> Until then I would treat it as GNU per NSA's web page!!!!!!!

you should only do that if you live in a country free of software
patents. I'm fairly certain that a US court won't even listen to the
license argument if the suit is brought as a patent infringement suit.



(I'm the OTHER Tom :) )


-- 
New GPG Key issued (old key expired):
http://web.lemuria.org/pubkey.html
pub  1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org>
     Key fingerprint = C731 64D1 4BCF 4C20 48A4  29B2 BF01 9FA1 2D7A 04F5

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Outside observer comments

[Tom]

On Tue, Jun 04, 2002 at 09:43:16PM -0500, Paul Wolfson wrote:
> Now, from the few dozen emails that have come across my screen are any
> indication, bickering is counter-productive.

For all the time I've been on this list, this has been a one-time
flare. You probably joined at a bad moment, since everything else on
the list was very productive.

That said, the patent/license issue *is* a serious problem.


-- 
New GPG Key issued (old key expired):
http://web.lemuria.org/pubkey.html
pub  1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org>
     Key fingerprint = C731 64D1 4BCF 4C20 48A4  29B2 BF01 9FA1 2D7A 04F5

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Sorry, read this one: Re: SELinux Dumb Questions

[John Summerfield]

admissions@internet.edu.nf said:
> Ok, Tom & I are going to be speaking soon.  So we will talk, thats
> just great business. And we will all see how this plays out.....


It's not that simple, and here is a reason why.

You and I can take any GPL software and supply it to anyone at all for them to 
use as they wish. For commercial or non-commercial purposes, no different.

The GPL licence means there are no licence fees to pay. You and I are entitled 
to charge for the process of supplying it, and we can bundle support services if 
we wish.

The restrictions that apply are these:
We must provide source code if asked, on terms not too different from those 
applying to the binaries.

If we make source-code changes and publish the resultant binaries then we must 
also publish the source changes.

You and I are entitled to rely on that, and there is no need to ask for 
permission.

I don't know about you, but if I had done so (and it is in my mind that I should 
offer some form of hardening), I'd be cheesed off if someone came along later 
and said I and my customers hat to pay licence fees.

Very cheesed off indeed.


Imagine the fracas if Red Hat had shipped this in Red Hat Linux 7.3. If the code 
is GPL then it was entitled to.


It's a bad scene for us all.



-- 
Cheers
John Summerfield

Microsoft's most solid OS: http://www.geocities.com/rcwoolley/

Note: mail delivered to me is deemed to be intended for me, for my disposition.

==============================
If you don't like being told you're wrong,
	be right!




--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: Sorry, read this one: Re: SELinux Dumb Questions

[McFadden, Ken]

I agree, and I agree with allot of the emails I've been reading....But
the bottom line is if there is an infringement then the NSA will pull 
SELinux off their web site and be replaced with a version without SCC
source.....We will continue with a GPL version of SELinux along with
adding what SCC removed to the to-do list.....I don't see this as the
end of the world where I would stop everything.....I agree with that
we should see what pans out and hope some of these people doing the
panning keeps us informed....Worst scenario would be another line item
on the to-do list.....But I still feel it is up to SCC and NSA to 
figure out if the work was done as GPL or not and not us......

Tom (@SCC),
>From seeing the level you hold with SCC, I hope you also see the
negative affect your company is having on the corporate community.
>From seeing where some of the responses are coming from (i.e. companies)
I can also see it having a negative affect on your company.  Basically, 
if there is something in SELinux that should not be there, then
I would hope you will get with the NSA and get it removed, but on
the same note replace it with working code that isn't proprietary.
Your company has deceived a bunch of people, including the NSA per
their web page, and I will hope you will make it right.....

Ken




-----Original Message-----
From: Tom [mailto:tom@lemuria.org]
Sent: Wednesday, June 05, 2002 1:26 AM
To: SE Linux
Subject: Re: Sorry, read this one: Re: SELinux Dumb Questions


On Tue, Jun 04, 2002 at 04:28:27PM -0600, McFadden, Ken wrote:
> Once again, We are doing this for NSA and GNU NOT SECURE COMPUTING!!!!!!!
> If Tom has a problem then they need to address it with the NSA and the 
> NSA can go forth and remove their crap or deem it as being GNU.....As I
> see it SELinux will go on and if someone would like to use it then all
> they would need to do is keep the original GNU licensing with it.....
> Other words this is not our problem to work out but Tom's and
NSA's........
> Until then I would treat it as GNU per NSA's web page!!!!!!!

you should only do that if you live in a country free of software
patents. I'm fairly certain that a US court won't even listen to the
license argument if the suit is brought as a patent infringement suit.



(I'm the OTHER Tom :) )


-- 
New GPG Key issued (old key expired):
http://web.lemuria.org/pubkey.html
pub  1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org>
     Key fingerprint = C731 64D1 4BCF 4C20 48A4  29B2 BF01 9FA1 2D7A 04F5

--
You have received this message because you are subscribed to the selinux
list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
with
the words "unsubscribe selinux" without quotes as the message.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Sorry, read this one: Re: SELinux Dumb Questions

[Tom]

On Wed, Jun 05, 2002 at 10:51:53AM -0600, McFadden, Ken wrote:
> I agree, and I agree with allot of the emails I've been reading....But
> the bottom line is if there is an infringement then the NSA will pull 
> SELinux off their web site and be replaced with a version without SCC
> source.....We will continue with a GPL version of SELinux along with
> adding what SCC removed to the to-do list.....

We can't. See, if they'd merely hold the copyright to some code, we
could just rewrite that part. However, patents do explicitly extend to
indepentent implementations since they cover an IDEA, not as copyright
does an EXPRESSION.

That's the true evil of software patents. He who lives closer to the
patent office wins.

-- 
New GPG Key issued (old key expired):
http://web.lemuria.org/pubkey.html
pub  1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org>
     Key fingerprint = C731 64D1 4BCF 4C20 48A4  29B2 BF01 9FA1 2D7A 04F5

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: Sorry, read this one: Re: SELinux Dumb Questions

[Justin Smith]

On Wed, 2002-06-05 at 12:51, McFadden, Ken wrote:
> I agree, and I agree with allot of the emails I've been reading....But
> the bottom line is if there is an infringement then the NSA will pull 
> SELinux off their web site and be replaced with a version without SCC
> source.....We will continue with a GPL version of SELinux along with
> adding what SCC removed to the to-do list.....I don't see this as the

It seems to me that it isn't a specific block of code that is at issue,
but a general approach to system security (Type Enforcement). 
-- 


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: Sorry, read this one: Re: SELinux Dumb Questions

[McFadden, Ken]

TE, TIS, and DTE may be patented but the idea of security or encryption
is not....Sun, SGI, HP, etc... all have trusted OS's that use different
types or way's of doing things.....So we might not be able to use TE, TIS
or DTE, but we would still be able to replace those modules....Wouldn't
we???
Thanks,
Ken


-----Original Message-----
From: Tom [mailto:tom@lemuria.org]
Sent: Wednesday, June 05, 2002 11:24 AM
To: SE Linux
Subject: Re: Sorry, read this one: Re: SELinux Dumb Questions


On Wed, Jun 05, 2002 at 10:51:53AM -0600, McFadden, Ken wrote:
> I agree, and I agree with allot of the emails I've been reading....But
> the bottom line is if there is an infringement then the NSA will pull 
> SELinux off their web site and be replaced with a version without SCC
> source.....We will continue with a GPL version of SELinux along with
> adding what SCC removed to the to-do list.....

We can't. See, if they'd merely hold the copyright to some code, we
could just rewrite that part. However, patents do explicitly extend to
indepentent implementations since they cover an IDEA, not as copyright
does an EXPRESSION.

That's the true evil of software patents. He who lives closer to the
patent office wins.

-- 
New GPG Key issued (old key expired):
http://web.lemuria.org/pubkey.html
pub  1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org>
     Key fingerprint = C731 64D1 4BCF 4C20 48A4  29B2 BF01 9FA1 2D7A 04F5

--
You have received this message because you are subscribed to the selinux
list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
with
the words "unsubscribe selinux" without quotes as the message.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: Sorry, read this one: Re: SELinux Dumb Questions

[McFadden, Ken]

Opps, just sent one but as put in it if that is the case then Sun, SGI,
and HP would also be in violation......I can't believe that the IDEA of
system security would be patented, even though Microsoft thinks they should
own the patent on all OS's that run on PC's.....I think the patent is on
a concept of implementation of system security.....Why can't we change that
implementation if need be (of which I would think it would be a couple of
modules)?????  Would someone at SCC please identify what pieces of SELinux
are in violation of their patent????
Thanks,
Ken




-----Original Message-----
From: Justin Smith [mailto:jsmith@mcs.drexel.edu]
Sent: Wednesday, June 05, 2002 11:34 AM
To: selinux@tycho.nsa.gov
Subject: RE: Sorry, read this one: Re: SELinux Dumb Questions


On Wed, 2002-06-05 at 12:51, McFadden, Ken wrote:
> I agree, and I agree with allot of the emails I've been reading....But
> the bottom line is if there is an infringement then the NSA will pull 
> SELinux off their web site and be replaced with a version without SCC
> source.....We will continue with a GPL version of SELinux along with
> adding what SCC removed to the to-do list.....I don't see this as the

It seems to me that it isn't a specific block of code that is at issue,
but a general approach to system security (Type Enforcement). 
-- 


--
You have received this message because you are subscribed to the selinux
list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
with
the words "unsubscribe selinux" without quotes as the message.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Sorry, read this one: Re: SELinux Dumb Questions

[Ben McGinnes]

[-- Attachment #1: Type: text/plain, Size: 1090 bytes --]

Tom(tom@lemuria.org)@Wed, Jun 05, 2002 at 07:24:01PM +0200:
> 
> We can't. See, if they'd merely hold the copyright to some code, we
> could just rewrite that part. However, patents do explicitly extend to
> indepentent implementations since they cover an IDEA, not as copyright
> does an EXPRESSION.
> 
> That's the true evil of software patents. He who lives closer to the
> patent office wins.

Hmmm ...

This then begs the question (which is *very* rhetorical and I do not
expect an answer from the official channels): would the NSA be willing
to purchase that patent from Secure Computing, assuming the latter
were willing to sell?

That, of course, is assuming that Secure Computing's intention is to
enforce their patent to the detriment of SE Linux development under
the GPL.

BTW, has anyone here actually looked at the patent itself and seen
exactly what it refers to?  Has anyone from Secure Computing mentioned
any references with the relevant patent authorities so that the rest
of us can see precisely what they're patent controls?


Regards,
Ben

[-- Attachment #2: Type: application/pgp-signature, Size: 174 bytes --]

RE: Sorry, read this one: Re: SELinux Dumb Questions

[David Caplan]

Has anyone determined which patent(s) is/are relevant?  The closest thing
I've found is a Linux Journal article written by Earl Boebert,
http://www.linuxjournal.com/article.php?sid=4963, entitled "Some Thoughts on
the Occasion of the NSA Linux Release".  He writes that "The NSA release
incorporates an idea called Type Enforcement (TE) that was cooked up by Dick
Kain and [himself] over 15 years ago" (this article is dated Jan. 24, 2001).
There is no mention of a patent, but a search at the US PTO web site,
http://patft.uspto.gov/netahtml/search-bool.html, shows three granted in the
mid eighties to Mr. Boebert, et. al, #4621321, #4701840, and #4713753.  I'm
not sure if any of these are the relevant ones or not, though, after a quick
glance, they appear to be.

There is another Linux Journal article,
http://www.linuxjournal.com/article.php?sid=5105, entitled "Secure Computing
to Develop Type Enforced Tux", dated Feb 23, 2000, which refers to SCC's
"patented security solution for the Linux kernel".  At the end it refers to
the "lingering question" of "the origins of the Type Enforcement
technology."  I'm not sure why this is a "question", but it notes that SCC
used the University of Utah/NSA Flask system/modified kernel "for the
current Type Enforcement/Secure Linux project", and that the origins of Type
Enforcement "may go back as far as the 1970s" referring to PSOS.

David

> -----Original Message-----
> From: owner-selinux@tycho.nsa.gov [mailto:owner-selinux@tycho.nsa.gov]On
> Behalf Of Ben McGinnes
> Sent: Wednesday, June 05, 2002 4:08 PM
> To: selinux@tycho.nsa.gov
> Subject: Re: Sorry, read this one: Re: SELinux Dumb Questions
>
[stuff cut]
>
> BTW, has anyone here actually looked at the patent itself and seen
> exactly what it refers to?  Has anyone from Secure Computing mentioned
> any references with the relevant patent authorities so that the rest
> of us can see precisely what they're patent controls?
>
>
> Regards,
> Ben
>


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: SE Linux & Education

[Russell Coker]

On Fri, 4 Jul 2003 18:51, Ryan Emge wrote:
> In response to the rants lately, I would like to say that I'm devoted to
> doing my part by subscribing to this listserv in order to learning the
> advantages of SE Linux and how it can be utilized in an educational
> environment at our University in Vermont. If there is anyone subscribed to
> this list that has put countless hours in researching and developing
> patches and other documenation that could be to my advantage, I would like
> to hear from you.

I think that my Debian packages will work well in an educational environment. 
One particular advantage of Debian is that any student can become a developer 
and join in the project...

-- 
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

SE Linux & Education

[Ryan Emge]

Hello everyone,

In response to the rants lately, I would like to say that I'm devoted to doing my part by subscribing to this listserv in order to learning the advantages of SE Linux and how it can be utilized in an educational environment at our University in Vermont. If there is anyone subscribed to this list that has put countless hours in researching and developing patches and other documenation that could be to my advantage, I would like to hear from you. I'd especially like to hear from some of the major contributors mentioned on NSA's SE Linux site such as NAI Labs, Secure Computing Corporation and MITRE Corporation.
-- 

Ryan O. Emge

Information Assurance & Security
Norwich University - http://www.norwich.edu
158 Harmon Drive
Northfield, VT 05663

An NSA "Center of Academic Excellence in Information Assurance"

E: emger@norwich.edu

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.