Sorry, read this one: Re: SELinux Dumb Questions

Sorry, read this one: Re: SELinux Dumb Questions

[JW]

Sorry about that last empty message, I accidently hit ^[ENTER] when I meant 
hit shift...
-------------------

Something is really amiss with this and needs to be brought to a reasonable 
conclusion soon. Read on for details...

On Monday, 03 June Admissions Office wrote:
> > Folks this may seem like a dumb question given the Open Source and
> > postings on the site. Its just that we want to be sure....
> >
> > Is there any reason why a Colo company cannot offer SELinux as a standard
> > product offering they would install on clients servers?

And on Monday 03 June Russell Coker replied:
> As Mark stated there are no license or legal issues preventing such use.

BUT;
On Monday 03 June Tom Haigh wrote:

> SELinux includes Type Enforcement technology developed and patented by the
> Secure Computing Corporation, who still holds rights to all commercial use
> of the technology.  Before a colo company, or anyone else uses the
> technology commercially, it will be necessary to negotiate a license with
> Secure Computing.  If anyone wants to do so, I can help get the ball
> rolling with our Legal and BD folks.
>
> --Tom
>
> Dr. Tom Haigh, CTO
> Secure Computing Corp.
> 2675 Long Lake Road
> Roseville, MN 55113
>
> 651-628-2738 (V)
> 651-628-2701 (F)
>
> haigh@securecomputing.com


There is some severe misunderstanding here. 

IANAL, but it is my understanding that you cannot restrict the use or 
distribution of GPLd Free Software. It simply does not work that way, no 
exceptions, no excuses. Once code is GPLd it is free for all to use. You can 
change the license on future versions of the code, but you cannot go back and 
restrict GPL's code "after the fact"

Either:

 1. Someone (at the NSA?) affixed the GPL to code they didn't have a right to 
do so on, or

2. (More likely) Secure Computing did not understand under what terms they 
were developing Type Enforcment for the NSA under.

I've got the flu right now so I'm too tried to reason it all through, but 
_someone_ needs to very soon.

Just a few implications that come to the top of my head if Secure COmputing 
is right:

1. SELinux patches cannot legally be applied to GPLd software or the Linux 
kernel, because that would break the GPL itself (GPL forbids making non-free 
changes to GPL'd code -- i.e., if you modify GPL'd code, the modifications 
must be made available under the terms of the GPL).

2. It will need to be removed from Debian's tree -- at least moved to 
non-free, yet as I said before, if Secure Computing is correct, SE-Linux is 
not legal to use with GPL'd software anyway (at least the way I see it).

You'd better bet that GNU and other people who's code is being modified to 
work with SE-Linux will have ten purple cows on anyone who mixes non-free 
code with their GPLd code.

Perhaps I'm totally misunderstanding something while I'm half-delirious with 
the flu, but this needs to be clarified _soon_.

	JW

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Sorry, read this one: Re: SELinux Dumb Questions

[Admissions Office]

Ok, Tom & I are going to be speaking soon.  So we will talk, thats just
great business. And we will all see how this plays out.....





> Sorry about that last empty message, I accidently hit ^[ENTER] when I
meant
> hit shift...
> -------------------
>
> Something is really amiss with this and needs to be brought to a
reasonable
> conclusion soon. Read on for details...
>
> On Monday, 03 June Admissions Office wrote:
> > > Folks this may seem like a dumb question given the Open Source and
> > > postings on the site. Its just that we want to be sure....
> > >
> > > Is there any reason why a Colo company cannot offer SELinux as a
standard
> > > product offering they would install on clients servers?
>
> And on Monday 03 June Russell Coker replied:
> > As Mark stated there are no license or legal issues preventing such use.
>
> BUT;
> On Monday 03 June Tom Haigh wrote:
>
> > SELinux includes Type Enforcement technology developed and patented by
the
> > Secure Computing Corporation, who still holds rights to all commercial
use
> > of the technology.  Before a colo company, or anyone else uses the
> > technology commercially, it will be necessary to negotiate a license
with
> > Secure Computing.  If anyone wants to do so, I can help get the ball
> > rolling with our Legal and BD folks.
> >
> > --Tom
> >
> > Dr. Tom Haigh, CTO
> > Secure Computing Corp.
> > 2675 Long Lake Road
> > Roseville, MN 55113
> >
> > 651-628-2738 (V)
> > 651-628-2701 (F)
> >
> > haigh@securecomputing.com
>
>
> There is some severe misunderstanding here.
>
> IANAL, but it is my understanding that you cannot restrict the use or
> distribution of GPLd Free Software. It simply does not work that way, no
> exceptions, no excuses. Once code is GPLd it is free for all to use. You
can
> change the license on future versions of the code, but you cannot go back
and
> restrict GPL's code "after the fact"
>
> Either:
>
>  1. Someone (at the NSA?) affixed the GPL to code they didn't have a right
to
> do so on, or
>
> 2. (More likely) Secure Computing did not understand under what terms they
> were developing Type Enforcment for the NSA under.
>
> I've got the flu right now so I'm too tried to reason it all through, but
> _someone_ needs to very soon.
>
> Just a few implications that come to the top of my head if Secure
COmputing
> is right:
>
> 1. SELinux patches cannot legally be applied to GPLd software or the Linux
> kernel, because that would break the GPL itself (GPL forbids making
non-free
> changes to GPL'd code -- i.e., if you modify GPL'd code, the modifications
> must be made available under the terms of the GPL).
>
> 2. It will need to be removed from Debian's tree -- at least moved to
> non-free, yet as I said before, if Secure Computing is correct, SE-Linux
is
> not legal to use with GPL'd software anyway (at least the way I see it).
>
> You'd better bet that GNU and other people who's code is being modified to
> work with SE-Linux will have ten purple cows on anyone who mixes non-free
> code with their GPLd code.
>
> Perhaps I'm totally misunderstanding something while I'm half-delirious
with
> the flu, but this needs to be clarified _soon_.
>
> JW
>


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Sorry, read this one: Re: SELinux Dumb Questions

[Russell Coker]

On Tue, 4 Jun 2002 23:49, JW wrote:
> Sorry about that last empty message, I accidently hit ^[ENTER] when I meant
> hit shift...

You had written enough to clarify the issue (I don't know how I missed Tom's 
message the first time).

> IANAL, but it is my understanding that you cannot restrict the use or
> distribution of GPLd Free Software. It simply does not work that way, no
> exceptions, no excuses. Once code is GPLd it is free for all to use. You
> can change the license on future versions of the code, but you cannot go
> back and restrict GPL's code "after the fact"

Yes.  Unless of course they claim that they didn't GPL it, or that the GPL 
only covers the code not the patent.

> 2. It will need to be removed from Debian's tree -- at least moved to
> non-free, yet as I said before, if Secure Computing is correct, SE-Linux is
> not legal to use with GPL'd software anyway (at least the way I see it).

Stuff that.  I'm not putting this much work into non-free stuff!  If the 
license gets changed to anything other than the GPL then I'll immediately 
cease work and file critical bug reports against ftp.debian.org asking for 
the packages to be removed.  If Secure Computing want me to work on material 
that's patented by them then they'll have to pay me at my usual consulting 
rates, plus back-pay for the last 6 months.

> You'd better bet that GNU and other people who's code is being modified to
> work with SE-Linux will have ten purple cows on anyone who mixes non-free
> code with their GPLd code.

The code can be still released as patches, but the problems of having them 
becoming obsolete and not matching the version your OS uses will remain.

Basically I think that SE Linux is as good as dead for anything other than 
research use if this patent gets enforced.

-- 
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: Sorry, read this one: Re: SELinux Dumb Questions

[McFadden, Ken]

Tom,
You need to get with the NSA to remove the download from their web
page then, but as long as we download from NSA and per their license
agreement http://www.nsa.gov/selinux/license.html it is free and you
can't put any restrictions on it.......



-----Original Message-----
From: JW [mailto:jw@centraltexasit.com]
Sent: Tuesday, June 04, 2002 3:49 PM
To: SE Linux
Cc: Haigh, Tom; 'Admissions Office'; Carsten Grohmann; Russell Coker
Subject: Sorry, read this one: Re: SELinux Dumb Questions


Sorry about that last empty message, I accidently hit ^[ENTER] when I meant 
hit shift...
-------------------

Something is really amiss with this and needs to be brought to a reasonable 
conclusion soon. Read on for details...

On Monday, 03 June Admissions Office wrote:
> > Folks this may seem like a dumb question given the Open Source and
> > postings on the site. Its just that we want to be sure....
> >
> > Is there any reason why a Colo company cannot offer SELinux as a
standard
> > product offering they would install on clients servers?

And on Monday 03 June Russell Coker replied:
> As Mark stated there are no license or legal issues preventing such use.

BUT;
On Monday 03 June Tom Haigh wrote:

> SELinux includes Type Enforcement technology developed and patented by the
> Secure Computing Corporation, who still holds rights to all commercial use
> of the technology.  Before a colo company, or anyone else uses the
> technology commercially, it will be necessary to negotiate a license with
> Secure Computing.  If anyone wants to do so, I can help get the ball
> rolling with our Legal and BD folks.
>
> --Tom
>
> Dr. Tom Haigh, CTO
> Secure Computing Corp.
> 2675 Long Lake Road
> Roseville, MN 55113
>
> 651-628-2738 (V)
> 651-628-2701 (F)
>
> haigh@securecomputing.com


There is some severe misunderstanding here. 

IANAL, but it is my understanding that you cannot restrict the use or 
distribution of GPLd Free Software. It simply does not work that way, no 
exceptions, no excuses. Once code is GPLd it is free for all to use. You can

change the license on future versions of the code, but you cannot go back
and 
restrict GPL's code "after the fact"

Either:

 1. Someone (at the NSA?) affixed the GPL to code they didn't have a right
to 
do so on, or

2. (More likely) Secure Computing did not understand under what terms they 
were developing Type Enforcment for the NSA under.

I've got the flu right now so I'm too tried to reason it all through, but 
_someone_ needs to very soon.

Just a few implications that come to the top of my head if Secure COmputing 
is right:

1. SELinux patches cannot legally be applied to GPLd software or the Linux 
kernel, because that would break the GPL itself (GPL forbids making non-free

changes to GPL'd code -- i.e., if you modify GPL'd code, the modifications 
must be made available under the terms of the GPL).

2. It will need to be removed from Debian's tree -- at least moved to 
non-free, yet as I said before, if Secure Computing is correct, SE-Linux is 
not legal to use with GPL'd software anyway (at least the way I see it).

You'd better bet that GNU and other people who's code is being modified to 
work with SE-Linux will have ten purple cows on anyone who mixes non-free 
code with their GPLd code.

Perhaps I'm totally misunderstanding something while I'm half-delirious with

the flu, but this needs to be clarified _soon_.

	JW

--
You have received this message because you are subscribed to the selinux
list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
with
the words "unsubscribe selinux" without quotes as the message.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: Sorry, read this one: Re: SELinux Dumb Questions

[McFadden, Ken]

Once again, We are doing this for NSA and GNU NOT SECURE COMPUTING!!!!!!!
If Tom has a problem then they need to address it with the NSA and the 
NSA can go forth and remove their crap or deem it as being GNU.....As I
see it SELinux will go on and if someone would like to use it then all
they would need to do is keep the original GNU licensing with it.....
Other words this is not our problem to work out but Tom's and NSA's........
Until then I would treat it as GNU per NSA's web page!!!!!!!




-----Original Message-----
From: Russell Coker [mailto:russell@coker.com.au]
Sent: Tuesday, June 04, 2002 4:12 PM
To: JW; SE Linux
Cc: Haigh, Tom; 'Admissions Office'; Carsten Grohmann
Subject: Re: Sorry, read this one: Re: SELinux Dumb Questions


On Tue, 4 Jun 2002 23:49, JW wrote:
> Sorry about that last empty message, I accidently hit ^[ENTER] when I
meant
> hit shift...

You had written enough to clarify the issue (I don't know how I missed Tom's

message the first time).

> IANAL, but it is my understanding that you cannot restrict the use or
> distribution of GPLd Free Software. It simply does not work that way, no
> exceptions, no excuses. Once code is GPLd it is free for all to use. You
> can change the license on future versions of the code, but you cannot go
> back and restrict GPL's code "after the fact"

Yes.  Unless of course they claim that they didn't GPL it, or that the GPL 
only covers the code not the patent.

> 2. It will need to be removed from Debian's tree -- at least moved to
> non-free, yet as I said before, if Secure Computing is correct, SE-Linux
is
> not legal to use with GPL'd software anyway (at least the way I see it).

Stuff that.  I'm not putting this much work into non-free stuff!  If the 
license gets changed to anything other than the GPL then I'll immediately 
cease work and file critical bug reports against ftp.debian.org asking for 
the packages to be removed.  If Secure Computing want me to work on material

that's patented by them then they'll have to pay me at my usual consulting 
rates, plus back-pay for the last 6 months.

> You'd better bet that GNU and other people who's code is being modified to
> work with SE-Linux will have ten purple cows on anyone who mixes non-free
> code with their GPLd code.

The code can be still released as patches, but the problems of having them 
becoming obsolete and not matching the version your OS uses will remain.

Basically I think that SE Linux is as good as dead for anything other than 
research use if this patent gets enforced.

-- 
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.

--
You have received this message because you are subscribed to the selinux
list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
with
the words "unsubscribe selinux" without quotes as the message.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Sorry, read this one: Re: SELinux Dumb Questions

[Admissions Office]

Ok but, lets not let emotions rule the day. The NSA has done us all a
service and we them. So in the true spirit of the internet lets work this
out.  Tom & I are playing phone tag but, we will speak.... And I bet we will
have something to report back. No big deal !
Really.


----- Original Message -----
From: "McFadden, Ken" <ken.mcfadden@lmco.com>
To: "'Russell Coker'" <russell@coker.com.au>; "JW" <jw@centraltexasit.com>;
"SE Linux" <selinux@tycho.nsa.gov>
Cc: "Haigh, Tom" <tom_haigh@securecomputing.com>; "'Admissions Office'"
<admissions@internet.edu.nf>; "Carsten Grohmann"
<carsten.grohmann@dr-baldeweg.de>
Sent: Tuesday, June 04, 2002 16:28
Subject: RE: Sorry, read this one: Re: SELinux Dumb Questions


> Once again, We are doing this for NSA and GNU NOT SECURE COMPUTING!!!!!!!
> If Tom has a problem then they need to address it with the NSA and the
> NSA can go forth and remove their crap or deem it as being GNU.....As I
> see it SELinux will go on and if someone would like to use it then all
> they would need to do is keep the original GNU licensing with it.....
> Other words this is not our problem to work out but Tom's and
NSA's........
> Until then I would treat it as GNU per NSA's web page!!!!!!!
>
>
>
>
> -----Original Message-----
> From: Russell Coker [mailto:russell@coker.com.au]
> Sent: Tuesday, June 04, 2002 4:12 PM
> To: JW; SE Linux
> Cc: Haigh, Tom; 'Admissions Office'; Carsten Grohmann
> Subject: Re: Sorry, read this one: Re: SELinux Dumb Questions
>
>
> On Tue, 4 Jun 2002 23:49, JW wrote:
> > Sorry about that last empty message, I accidently hit ^[ENTER] when I
> meant
> > hit shift...
>
> You had written enough to clarify the issue (I don't know how I missed
Tom's
>
> message the first time).
>
> > IANAL, but it is my understanding that you cannot restrict the use or
> > distribution of GPLd Free Software. It simply does not work that way, no
> > exceptions, no excuses. Once code is GPLd it is free for all to use. You
> > can change the license on future versions of the code, but you cannot go
> > back and restrict GPL's code "after the fact"
>
> Yes.  Unless of course they claim that they didn't GPL it, or that the GPL
> only covers the code not the patent.
>
> > 2. It will need to be removed from Debian's tree -- at least moved to
> > non-free, yet as I said before, if Secure Computing is correct, SE-Linux
> is
> > not legal to use with GPL'd software anyway (at least the way I see it).
>
> Stuff that.  I'm not putting this much work into non-free stuff!  If the
> license gets changed to anything other than the GPL then I'll immediately
> cease work and file critical bug reports against ftp.debian.org asking for
> the packages to be removed.  If Secure Computing want me to work on
material
>
> that's patented by them then they'll have to pay me at my usual consulting
> rates, plus back-pay for the last 6 months.
>
> > You'd better bet that GNU and other people who's code is being modified
to
> > work with SE-Linux will have ten purple cows on anyone who mixes
non-free
> > code with their GPLd code.
>
> The code can be still released as patches, but the problems of having them
> becoming obsolete and not matching the version your OS uses will remain.
>
> Basically I think that SE Linux is as good as dead for anything other than
> research use if this patent gets enforced.
>
> --
> I do not get viruses because I do not use MS software.
> If you use Outlook then please do not put my email address in your
> address-book so that WHEN you get a virus it won't use my address in the
> >From field.
>
> --
> You have received this message because you are subscribed to the selinux
> list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
> with
> the words "unsubscribe selinux" without quotes as the message.
>
> --
> You have received this message because you are subscribed to the selinux
list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
with
> the words "unsubscribe selinux" without quotes as the message.
>


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Sorry, read this one: Re: SELinux Dumb Questions

[Russell Coker]

On Wed, 5 Jun 2002 03:34, Admissions Office wrote:
> Ok but, lets not let emotions rule the day. The NSA has done us all a
> service and we them. So in the true spirit of the internet lets work this
> out.  Tom & I are playing phone tag but, we will speak.... And I bet we
> will have something to report back. No big deal !
> Really.

You don't understand the issues.  The fact that you even have to make a 
single phone call in unacceptable to me, to the Debian project, and to the 
FSF.

This is a big deal.  Really.

-- 
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Sorry, read this one: Re: SELinux Dumb Questions

[Admissions Office]

> You don't understand the issues.  The fact that you even have to make a
> single phone call in unacceptable to me, to the Debian project, and to the
> FSF.
>
> This is a big deal.  Really.I do understand the "issues" and if they need
to be talked about - Great. In the many emails I see daily I have not seen
something talked about that really matter in over 5 years. I think that you
are all willing to talk shows just how much thought and consideration goes
into this. Its not about Linux or the NSA or any Open Source issues. At the
end of the day its about people. My intentions were to ask what I considered
to be a simple question. You people all impress me. Its good to be a part of
it all.


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Sorry, read this one: Re: SELinux Dumb Questions

[Tom]

On Wed, Jun 05, 2002 at 12:12:24AM +0200, Russell Coker wrote:
> Yes.  Unless of course they claim that they didn't GPL it, or that the GPL 
> only covers the code not the patent.

The GPL has a couple of things to say about patents on GPL software,
the main point being:

"[...] If you cannot distribute so as to satisfy simultaneously your 
obligations under this License and any other pertinent obligations, then 
as a consequence you may not distribute the Program at all. For example, 
if a patent license would not permit royalty-free redistribution of the 
Program by all those who receive copies directly or indirectly through 
you, then the only way you could satisfy both it and this License would 
be to refrain entirely from distribution of the Program."


In short: If this patent is intended to be enforced, even selectively
(*especially* selectively), then distribution of SELinux just died.


I, too, have had plans to use SELinux commercially, but I'd rather
write cobol software on VMS than support software patents.


-- 
New GPG Key issued (old key expired):
http://web.lemuria.org/pubkey.html
pub  1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org>
     Key fingerprint = C731 64D1 4BCF 4C20 48A4  29B2 BF01 9FA1 2D7A 04F5

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Sorry, read this one: Re: SELinux Dumb Questions

[Tom]

On Tue, Jun 04, 2002 at 04:28:27PM -0600, McFadden, Ken wrote:
> Once again, We are doing this for NSA and GNU NOT SECURE COMPUTING!!!!!!!
> If Tom has a problem then they need to address it with the NSA and the 
> NSA can go forth and remove their crap or deem it as being GNU.....As I
> see it SELinux will go on and if someone would like to use it then all
> they would need to do is keep the original GNU licensing with it.....
> Other words this is not our problem to work out but Tom's and NSA's........
> Until then I would treat it as GNU per NSA's web page!!!!!!!

you should only do that if you live in a country free of software
patents. I'm fairly certain that a US court won't even listen to the
license argument if the suit is brought as a patent infringement suit.



(I'm the OTHER Tom :) )


-- 
New GPG Key issued (old key expired):
http://web.lemuria.org/pubkey.html
pub  1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org>
     Key fingerprint = C731 64D1 4BCF 4C20 48A4  29B2 BF01 9FA1 2D7A 04F5

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Sorry, read this one: Re: SELinux Dumb Questions

[John Summerfield]

admissions@internet.edu.nf said:
> Ok, Tom & I are going to be speaking soon.  So we will talk, thats
> just great business. And we will all see how this plays out.....


It's not that simple, and here is a reason why.

You and I can take any GPL software and supply it to anyone at all for them to 
use as they wish. For commercial or non-commercial purposes, no different.

The GPL licence means there are no licence fees to pay. You and I are entitled 
to charge for the process of supplying it, and we can bundle support services if 
we wish.

The restrictions that apply are these:
We must provide source code if asked, on terms not too different from those 
applying to the binaries.

If we make source-code changes and publish the resultant binaries then we must 
also publish the source changes.

You and I are entitled to rely on that, and there is no need to ask for 
permission.

I don't know about you, but if I had done so (and it is in my mind that I should 
offer some form of hardening), I'd be cheesed off if someone came along later 
and said I and my customers hat to pay licence fees.

Very cheesed off indeed.


Imagine the fracas if Red Hat had shipped this in Red Hat Linux 7.3. If the code 
is GPL then it was entitled to.


It's a bad scene for us all.



-- 
Cheers
John Summerfield

Microsoft's most solid OS: http://www.geocities.com/rcwoolley/

Note: mail delivered to me is deemed to be intended for me, for my disposition.

==============================
If you don't like being told you're wrong,
	be right!




--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: Sorry, read this one: Re: SELinux Dumb Questions

[McFadden, Ken]

I agree, and I agree with allot of the emails I've been reading....But
the bottom line is if there is an infringement then the NSA will pull 
SELinux off their web site and be replaced with a version without SCC
source.....We will continue with a GPL version of SELinux along with
adding what SCC removed to the to-do list.....I don't see this as the
end of the world where I would stop everything.....I agree with that
we should see what pans out and hope some of these people doing the
panning keeps us informed....Worst scenario would be another line item
on the to-do list.....But I still feel it is up to SCC and NSA to 
figure out if the work was done as GPL or not and not us......

Tom (@SCC),
>From seeing the level you hold with SCC, I hope you also see the
negative affect your company is having on the corporate community.
>From seeing where some of the responses are coming from (i.e. companies)
I can also see it having a negative affect on your company.  Basically, 
if there is something in SELinux that should not be there, then
I would hope you will get with the NSA and get it removed, but on
the same note replace it with working code that isn't proprietary.
Your company has deceived a bunch of people, including the NSA per
their web page, and I will hope you will make it right.....

Ken




-----Original Message-----
From: Tom [mailto:tom@lemuria.org]
Sent: Wednesday, June 05, 2002 1:26 AM
To: SE Linux
Subject: Re: Sorry, read this one: Re: SELinux Dumb Questions


On Tue, Jun 04, 2002 at 04:28:27PM -0600, McFadden, Ken wrote:
> Once again, We are doing this for NSA and GNU NOT SECURE COMPUTING!!!!!!!
> If Tom has a problem then they need to address it with the NSA and the 
> NSA can go forth and remove their crap or deem it as being GNU.....As I
> see it SELinux will go on and if someone would like to use it then all
> they would need to do is keep the original GNU licensing with it.....
> Other words this is not our problem to work out but Tom's and
NSA's........
> Until then I would treat it as GNU per NSA's web page!!!!!!!

you should only do that if you live in a country free of software
patents. I'm fairly certain that a US court won't even listen to the
license argument if the suit is brought as a patent infringement suit.



(I'm the OTHER Tom :) )


-- 
New GPG Key issued (old key expired):
http://web.lemuria.org/pubkey.html
pub  1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org>
     Key fingerprint = C731 64D1 4BCF 4C20 48A4  29B2 BF01 9FA1 2D7A 04F5

--
You have received this message because you are subscribed to the selinux
list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
with
the words "unsubscribe selinux" without quotes as the message.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

re:Open Question to the NSA & The List

[Admissions Office]

There has been alot of talk over the mention that a Colo company (ours)
would like to install the SELinux on clients servers. My question to the
Powers In Charge here is: Can we use this software at no charge? People ask
for it daily, we have users that installed themselves. Its just we are being
asked to do it as part of a total service to clients.  If someone from the
NSA, as well as the other interested parties on this list could answer this
it would be great. And yes, I understand that the NSA does not reply on many
things. I do not see how a simple answer would hurt as its on a U.S.
Government server that is property of the NSA.

Thank You.

Pamela Patterson


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Sorry, read this one: Re: SELinux Dumb Questions

[Tom]

On Wed, Jun 05, 2002 at 10:51:53AM -0600, McFadden, Ken wrote:
> I agree, and I agree with allot of the emails I've been reading....But
> the bottom line is if there is an infringement then the NSA will pull 
> SELinux off their web site and be replaced with a version without SCC
> source.....We will continue with a GPL version of SELinux along with
> adding what SCC removed to the to-do list.....

We can't. See, if they'd merely hold the copyright to some code, we
could just rewrite that part. However, patents do explicitly extend to
indepentent implementations since they cover an IDEA, not as copyright
does an EXPRESSION.

That's the true evil of software patents. He who lives closer to the
patent office wins.

-- 
New GPG Key issued (old key expired):
http://web.lemuria.org/pubkey.html
pub  1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org>
     Key fingerprint = C731 64D1 4BCF 4C20 48A4  29B2 BF01 9FA1 2D7A 04F5

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: Sorry, read this one: Re: SELinux Dumb Questions

[Justin Smith]

On Wed, 2002-06-05 at 12:51, McFadden, Ken wrote:
> I agree, and I agree with allot of the emails I've been reading....But
> the bottom line is if there is an infringement then the NSA will pull 
> SELinux off their web site and be replaced with a version without SCC
> source.....We will continue with a GPL version of SELinux along with
> adding what SCC removed to the to-do list.....I don't see this as the

It seems to me that it isn't a specific block of code that is at issue,
but a general approach to system security (Type Enforcement). 
-- 


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: Sorry, read this one: Re: SELinux Dumb Questions

[McFadden, Ken]

TE, TIS, and DTE may be patented but the idea of security or encryption
is not....Sun, SGI, HP, etc... all have trusted OS's that use different
types or way's of doing things.....So we might not be able to use TE, TIS
or DTE, but we would still be able to replace those modules....Wouldn't
we???
Thanks,
Ken


-----Original Message-----
From: Tom [mailto:tom@lemuria.org]
Sent: Wednesday, June 05, 2002 11:24 AM
To: SE Linux
Subject: Re: Sorry, read this one: Re: SELinux Dumb Questions


On Wed, Jun 05, 2002 at 10:51:53AM -0600, McFadden, Ken wrote:
> I agree, and I agree with allot of the emails I've been reading....But
> the bottom line is if there is an infringement then the NSA will pull 
> SELinux off their web site and be replaced with a version without SCC
> source.....We will continue with a GPL version of SELinux along with
> adding what SCC removed to the to-do list.....

We can't. See, if they'd merely hold the copyright to some code, we
could just rewrite that part. However, patents do explicitly extend to
indepentent implementations since they cover an IDEA, not as copyright
does an EXPRESSION.

That's the true evil of software patents. He who lives closer to the
patent office wins.

-- 
New GPG Key issued (old key expired):
http://web.lemuria.org/pubkey.html
pub  1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org>
     Key fingerprint = C731 64D1 4BCF 4C20 48A4  29B2 BF01 9FA1 2D7A 04F5

--
You have received this message because you are subscribed to the selinux
list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
with
the words "unsubscribe selinux" without quotes as the message.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Open Question to the NSA & The List

[Dale Amon]

On Wed, Jun 05, 2002 at 10:56:34AM -0600, Admissions Office wrote:
> There has been alot of talk over the mention that a Colo company (ours)
> would like to install the SELinux on clients servers. My question to the
> Powers In Charge here is: Can we use this software at no charge? People ask
> for it daily, we have users that installed themselves. Its just we are being
> asked to do it as part of a total service to clients.  If someone from the
> NSA, as well as the other interested parties on this list could answer this
> it would be great. And yes, I understand that the NSA does not reply on many
> things. I do not see how a simple answer would hurt as its on a U.S.
> Government server that is property of the NSA.
> 
> Thank You.
> 
> Pamela Patterson

I think the answer is the parties who really are involved are
probably talking right now and when it is all ironed out, 
they will report to this list.

I personally expect it will be sorted out and that everything
will indeed be GPL. But that is for those who are *actually*
in the responsible positions to sort.

I'm sure we'll hear something soon.


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: Sorry, read this one: Re: SELinux Dumb Questions

[McFadden, Ken]

Opps, just sent one but as put in it if that is the case then Sun, SGI,
and HP would also be in violation......I can't believe that the IDEA of
system security would be patented, even though Microsoft thinks they should
own the patent on all OS's that run on PC's.....I think the patent is on
a concept of implementation of system security.....Why can't we change that
implementation if need be (of which I would think it would be a couple of
modules)?????  Would someone at SCC please identify what pieces of SELinux
are in violation of their patent????
Thanks,
Ken




-----Original Message-----
From: Justin Smith [mailto:jsmith@mcs.drexel.edu]
Sent: Wednesday, June 05, 2002 11:34 AM
To: selinux@tycho.nsa.gov
Subject: RE: Sorry, read this one: Re: SELinux Dumb Questions


On Wed, 2002-06-05 at 12:51, McFadden, Ken wrote:
> I agree, and I agree with allot of the emails I've been reading....But
> the bottom line is if there is an infringement then the NSA will pull 
> SELinux off their web site and be replaced with a version without SCC
> source.....We will continue with a GPL version of SELinux along with
> adding what SCC removed to the to-do list.....I don't see this as the

It seems to me that it isn't a specific block of code that is at issue,
but a general approach to system security (Type Enforcement). 
-- 


--
You have received this message because you are subscribed to the selinux
list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
with
the words "unsubscribe selinux" without quotes as the message.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Open Question to the NSA & The List

[Admissions Office]

 We agree as well.....



> I think the answer is the parties who really are involved are
> probably talking right now and when it is all ironed out, 
> they will report to this list.
> 
> I personally expect it will be sorted out and that everything
> will indeed be GPL. But that is for those who are *actually*
> in the responsible positions to sort.
> 
> I'm sure we'll hear something soon.
> 

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Sorry, read this one: Re: SELinux Dumb Questions

[Ben McGinnes]

[-- Attachment #1: Type: text/plain, Size: 1090 bytes --]

Tom(tom@lemuria.org)@Wed, Jun 05, 2002 at 07:24:01PM +0200:
> 
> We can't. See, if they'd merely hold the copyright to some code, we
> could just rewrite that part. However, patents do explicitly extend to
> indepentent implementations since they cover an IDEA, not as copyright
> does an EXPRESSION.
> 
> That's the true evil of software patents. He who lives closer to the
> patent office wins.

Hmmm ...

This then begs the question (which is *very* rhetorical and I do not
expect an answer from the official channels): would the NSA be willing
to purchase that patent from Secure Computing, assuming the latter
were willing to sell?

That, of course, is assuming that Secure Computing's intention is to
enforce their patent to the detriment of SE Linux development under
the GPL.

BTW, has anyone here actually looked at the patent itself and seen
exactly what it refers to?  Has anyone from Secure Computing mentioned
any references with the relevant patent authorities so that the rest
of us can see precisely what they're patent controls?


Regards,
Ben

[-- Attachment #2: Type: application/pgp-signature, Size: 174 bytes --]

Re: Open Question to the NSA & The List

[John Summerfield]

> There has been alot of talk over the mention that a Colo company (ours)
> would like to install the SELinux on clients servers. My question to the
> Powers In Charge here is: Can we use this software at no charge? People ask
> for it daily, we have users that installed themselves. Its just we are being
> asked to do it as part of a total service to clients.  If someone from the
> NSA, as well as the other interested parties on this list could answer this
> it would be great. And yes, I understand that the NSA does not reply on many
> things. I do not see how a simple answer would hurt as its on a U.S.
> Government server that is property of the NSA.


I would not do so at present, and I would explain that there is a patent issue 
inder discussion right now.

It seems clear to me that if that is not resolved to the satisfaction of some of 
the authors here then they will withdraw their code.



-- 
Cheers
John Summerfield

Microsoft's most solid OS: http://www.geocities.com/rcwoolley/

Note: mail delivered to me is deemed to be intended for me, for my disposition.

==============================
If you don't like being told you're wrong,
	be right!




--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: Sorry, read this one: Re: SELinux Dumb Questions

[David Caplan]

Has anyone determined which patent(s) is/are relevant?  The closest thing
I've found is a Linux Journal article written by Earl Boebert,
http://www.linuxjournal.com/article.php?sid=4963, entitled "Some Thoughts on
the Occasion of the NSA Linux Release".  He writes that "The NSA release
incorporates an idea called Type Enforcement (TE) that was cooked up by Dick
Kain and [himself] over 15 years ago" (this article is dated Jan. 24, 2001).
There is no mention of a patent, but a search at the US PTO web site,
http://patft.uspto.gov/netahtml/search-bool.html, shows three granted in the
mid eighties to Mr. Boebert, et. al, #4621321, #4701840, and #4713753.  I'm
not sure if any of these are the relevant ones or not, though, after a quick
glance, they appear to be.

There is another Linux Journal article,
http://www.linuxjournal.com/article.php?sid=5105, entitled "Secure Computing
to Develop Type Enforced Tux", dated Feb 23, 2000, which refers to SCC's
"patented security solution for the Linux kernel".  At the end it refers to
the "lingering question" of "the origins of the Type Enforcement
technology."  I'm not sure why this is a "question", but it notes that SCC
used the University of Utah/NSA Flask system/modified kernel "for the
current Type Enforcement/Secure Linux project", and that the origins of Type
Enforcement "may go back as far as the 1970s" referring to PSOS.

David

> -----Original Message-----
> From: owner-selinux@tycho.nsa.gov [mailto:owner-selinux@tycho.nsa.gov]On
> Behalf Of Ben McGinnes
> Sent: Wednesday, June 05, 2002 4:08 PM
> To: selinux@tycho.nsa.gov
> Subject: Re: Sorry, read this one: Re: SELinux Dumb Questions
>
[stuff cut]
>
> BTW, has anyone here actually looked at the patent itself and seen
> exactly what it refers to?  Has anyone from Secure Computing mentioned
> any references with the relevant patent authorities so that the rest
> of us can see precisely what they're patent controls?
>
>
> Regards,
> Ben
>


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.