Re: Mirror Site

Re: Mirror Site

[Howard D. Holm]

I'm uncertain what question "authority" is being asked for here.  Mr.
Johnson's posting didn't contain any questions, just statements.

If I understand the intent, I'll just say that we do not attempt to
prohibit mirrors of the site, although we don't support "official"
mirrors at this time.  Currently our web server seems able to
sufficiently handle the requests, and so we don't see a need to support
mirrors which may become out of date or corrupt.  It is simply easier
for us to maintain one "official" site.

Although the tools provided by Sourceforge are nice, we're hopeful that
the capabilities of our website, and the interaction provided by this
list will meet the needs of anyone who wants to work with the code.
If, as things progress, anyone believes that more support
infrastructure is required, please let us know.  We'll reexamine our
options if and when more is needed.

--
Howard Holm
Information Assurance Research Office
National Security Agency

Benjamin Johnson <bsjohnso@midway.uchicago.edu> wrote:
> Anyone who has authority can answer this.  I run a website, 
> www.codeposting.com, and am trying to find ways of getting more people to 
> use this site.  The point of the site is to have programmers exchange free 
> code under the GPL where people can use the code for whatever they 
> like.  One idea I had was to setup a mirror site for selinux.  The reason I 
> would like to do this is because not only will it increase hits for my 
> site, but I have an interest in Linux as well as places like NSA.  I figure 
> because the code is GPL, even if some bureaucrats or "higher-powers" take 
> down the NSA site, the public will still be able to work with Secure Linux.
> 
> Another idea I had was to not only mirror it, but put up a messageboard / 
> patch update or something of the sort so that people could post whatever 
> they wanted there and not have to make sure it is ok for the NSA's 
> website.  If someone with authority could please e-mail me back at 
> bsjohnso@midway.uchicago.edu or post it to the mailing list so that 
> everyone could see it, I would be most appreciative.  Thank you.

NathanX Dabney <nathanx.dabney@intel.com> responded:
> Last I checked, White River Junction, VT was still under jurisdiction of the
> US gov.  I don't think setting yourself up as a potential haven for runaway
> NSA code is a good place to start on this list.  Be glad you have the code
> and a chance to improve security with it and leave it at that.

> As far as the functionality you want to provide, I suggest having a look at
> the way sourceforge.org does it.  Hosting projects with them is free, simple
> and incredibly useful.  That and their code is GPL as well which would save
> you what looks like 2-3 years of development to catch up.

> Speaking of which, any reason selinux is not hosted on Sourceforge?  Anyone?


You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Mirror Site

[Ben Johnson]

Thanks for the reply.  My mirror would not have to be "official", it would 
just be nice for me to get some more hits.  I guess I'll just settle for 
the discussion on the mailinglist for the time being.

Ben Johnson

At 04:48 PM 12/26/2000 -0500, you wrote:
>I'm uncertain what question "authority" is being asked for here.  Mr.
>Johnson's posting didn't contain any questions, just statements.
>
>If I understand the intent, I'll just say that we do not attempt to
>prohibit mirrors of the site, although we don't support "official"
>mirrors at this time.  Currently our web server seems able to
>sufficiently handle the requests, and so we don't see a need to support
>mirrors which may become out of date or corrupt.  It is simply easier
>for us to maintain one "official" site.
>
>Although the tools provided by Sourceforge are nice, we're hopeful that
>the capabilities of our website, and the interaction provided by this
>list will meet the needs of anyone who wants to work with the code.
>If, as things progress, anyone believes that more support
>infrastructure is required, please let us know.  We'll reexamine our
>options if and when more is needed.
>
>--
>Howard Holm
>Information Assurance Research Office
>National Security Agency
>
>Benjamin Johnson <bsjohnso@midway.uchicago.edu> wrote:
> > Anyone who has authority can answer this.  I run a website,
> > www.codeposting.com, and am trying to find ways of getting more people to
> > use this site.  The point of the site is to have programmers exchange free
> > code under the GPL where people can use the code for whatever they
> > like.  One idea I had was to setup a mirror site for selinux.  The 
> reason I
> > would like to do this is because not only will it increase hits for my
> > site, but I have an interest in Linux as well as places like NSA.  I 
> figure
> > because the code is GPL, even if some bureaucrats or "higher-powers" take
> > down the NSA site, the public will still be able to work with Secure Linux.
> >
> > Another idea I had was to not only mirror it, but put up a messageboard /
> > patch update or something of the sort so that people could post whatever
> > they wanted there and not have to make sure it is ok for the NSA's
> > website.  If someone with authority could please e-mail me back at
> > bsjohnso@midway.uchicago.edu or post it to the mailing list so that
> > everyone could see it, I would be most appreciative.  Thank you.
>
>NathanX Dabney <nathanx.dabney@intel.com> responded:
> > Last I checked, White River Junction, VT was still under jurisdiction 
> of the
> > US gov.  I don't think setting yourself up as a potential haven for runaway
> > NSA code is a good place to start on this list.  Be glad you have the code
> > and a chance to improve security with it and leave it at that.
>
> > As far as the functionality you want to provide, I suggest having a look at
> > the way sourceforge.org does it.  Hosting projects with them is free, 
> simple
> > and incredibly useful.  That and their code is GPL as well which would save
> > you what looks like 2-3 years of development to catch up.
>
> > Speaking of which, any reason selinux is not hosted on 
> Sourceforge?  Anyone?
>
>
>You have received this message because you are subscribed to the selinux list.
>If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
>the words "unsubscribe selinux" without quotes as the message.


You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [selinux] Re: Mirror Site

[Magosányi Árpád]

> Although the tools provided by Sourceforge are nice, we're hopeful that
> the capabilities of our website, and the interaction provided by this
> list will meet the needs of anyone who wants to work with the code.
> If, as things progress, anyone believes that more support
> infrastructure is required, please let us know.  We'll reexamine our
> options if and when more is needed.
> 

Having a project sourceforged is important not for just technical reasons.
If the project is on sourceforge, it more likely attracts more developers
and users, so the critical mass of the project is more easily reached.
BTW, is there any official word (either from Linus or from NSA), when will
flask integrated into the mainstream kernel sources? It is also a major
issue from the "marketing" perspective. (I would be happy to see it in 2.5)

-- 
GNU GPL: csak tiszta forrásból
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Mirror Site

[Grant Bayley]

On Tue, 26 Dec 2000, Howard D. Holm wrote:

> I'm uncertain what question "authority" is being asked for here.  Mr.
> Johnson's posting didn't contain any questions, just statements.
>
> If I understand the intent, I'll just say that we do not attempt to
> prohibit mirrors of the site, although we don't support "official"
> mirrors at this time.  Currently our web server seems able to
> sufficiently handle the requests, and so we don't see a need to support
> mirrors which may become out of date or corrupt.  It is simply easier
> for us to maintain one "official" site.

... And I'm thankful for this ...

By way of an FYI, I'm mirroring the Security Enhanced Linux files in
Australia to cater for the local download crowd. It might seem like a
quaint notion to Americans, but a large number of people "down under"
still pay by the meg for Internet access (business users especially) and
a number of ISPs have a vastly cheaper price for locally sourced content
(AARNet for .edu.au, Optus, Connect.com.au etc).

It's linked from http://www.wiretapped.net/ at:

http://the.wiretapped.net/security/operating-systems/selinux/
ftp://ftp.wiretapped.net/pub/security/operating-systems/

The layout I have here honours the top-level nature of things like the
warranty, contributor list etc and splits the other files into
"documentation", "files" and "papers" - something more like what people
are used to seeing on a mirror site.

Although it'd be somewhat easier to maintain if SE Linux was available
from NSA via FTP (*hint*), I'll be keeping the Wiretapped mirror up to
date with any changes that are made... (as I do with the rest of the
site).

> Although the tools provided by Sourceforge are nice, we're hopeful that
> the capabilities of our website, and the interaction provided by this
> list will meet the needs of anyone who wants to work with the code.
> If, as things progress, anyone believes that more support
> infrastructure is required, please let us know.  We'll reexamine our
> options if and when more is needed.

Understood and agreed.  If there's a need for mirror sites at some point,
please don't hesitate to contact me or do a direct link to Wiretapped.

Grant

-------------------------------------------------------
Grant Bayley                         gbayley@ausmac.net
-Admin @ AusMac Archive, Wiretapped.net, 2600 Australia
 www.ausmac.net   www.wiretapped.net   www.2600.org.au
-------------------------------------------------------

You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [selinux] Re: Mirror Site

[Andi Kleen]

On Wed, Dec 27, 2000 at 12:11:16AM +0100, Magosányi Árpád wrote:
> Having a project sourceforged is important not for just technical reasons.
> If the project is on sourceforge, it more likely attracts more developers
> and users, so the critical mass of the project is more easily reached.
> BTW, is there any official word (either from Linus or from NSA), when will
> flask integrated into the mainstream kernel sources? It is also a major
> issue from the "marketing" perspective. (I would be happy to see it in 2.5)

Flask is clearly labelled as experimental and it does many radical things
compared to traditional Unix security, so it would probably be a good idea to 
do some experiments (collecting experience with it) before considering
to put it into the main kernel.

-Andi
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [selinux] Re: Mirror Site

[richard offer]

* $ from mag@bunuel.tii.matav.hu at "27-Dec:12:11am" | sed "1,$s/^/* /"
*
*
* > Although the tools provided by Sourceforge are nice, we're hopeful that
* > the capabilities of our website, and the interaction provided by this
* > list will meet the needs of anyone who wants to work with the code.
* > If, as things progress, anyone believes that more support
* > infrastructure is required, please let us know.  We'll reexamine our
* > options if and when more is needed.
* >
*
* Having a project sourceforged is important not for just technical reasons.
* If the project is on sourceforge, it more likely attracts more developers
* and users, so the critical mass of the project is more easily reached.
* BTW, is there any official word (either from Linus or from NSA), when will
* flask integrated into the mainstream kernel sources? It is also a major
* issue from the "marketing" perspective. (I would be happy to see it in 2.5)

The continued addition of embryonic features to linux is what has kept 2.4 from
being released. This code has only been out for 2 days and is a research
project prototype at that, and we are already talking about adding it to the
main line ?


[ from the overview ]

  This work is not intended as a complete security solution for Linux.
  ...
  Instead, it is simply an example of how mandatory access controls that can
                           *******
  confine the actions of any process,
  including a superuser process, can be added into Linux. The focus of this
  work has not been on system assurance or other security features such
  as security auditing, although these elements are also important for a
  secure system.

Robert Watson (on the TrustedBSD list) says it best.

  Figuring out how the SELinux implementation fits into the bigger picture will
  be important -- it represents a large step forward in terms of the
  availability of secure open source operating systems.


This is good, interesting code, but that doesn't mean its ready for prime time
distribution yet.


I must be old, I'm getting too conservative....

richard.


-----------------------------------------------------------------------
Richard Offer          Widget FAQ --> http://reality.sgi.com/widgetFAQ/
{X,Motif,Trust} on {Irix,Linux}
__________________________________________http://reality.sgi.com/offer/

You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

sightly offtopic: mainstream

[Magosányi Árpád]

Hi!

> Flask is clearly labelled as experimental and it does many radical things
> compared to traditional Unix security, so it would probably be a good idea to 
> do some experiments (collecting experience with it) before considering
> to put it into the main kernel.

<flame, ignore it>
Linus has a well established reputation of putting experimental garbage into
the kernel just before the release of the stable version:)
</flame>

Hearing the verdict on the boundary conditions necessary to get into mainstream
might be helpful, even if we know that this will take more than one release
cicles.

-- 
GNU GPL: csak tiszta forrásból
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Mirror Site

[RJ Atkinson]

	It would be very helpful if the list administrator
at tycho could PLEASE cease adding the "Reply-To:" line 
that the list system adds to each list message at present.

	Without a Reply-To: line, each subscriber could 
trivially either copy the list or not on a given reply email 
to a list message.  Right now, the presence of that line 
makes it VERY difficult for a subscriber to send a 
private email reply to a given list message.  

	The net result of the current list configuration 
is that there will be a tendency to have a lower signal/noise
ratio on the SE Linux list.  The proposed list configuration
would have no worse SNR and probably would have a visibly
better SNR.

Thanks,

Ran
rja@inet.org

You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.