Message from Secure Computing

Message from Secure Computing

[SCC]

[Moderator note: Usually we require addresses be subscribed to the list
before forwarding mail to the list from that address.  We're making an
exception in this case because we believe many list subscribers will be
interested in seeing this as soon as possible.  - Howard Holm, SELinux
mailing list administrator]

Secure Computing has reviewed the concerns expressed by the open source
community about SELinux and certain Secure Computing patents.  We understand
that considerable effort has been invested in SELinux, with the expectation
that SELinux would be available for everyone's use.  On the other hand, it
is the policy of Secure Computing to retain and enforce its rights in all of
its patents and other intellectual property.  In this case, we have decided
to make an exception to that policy, and to support the reasonable
expectations of the open source community.  For this reason, we are
extending an assurance to the open source community that Secure Computing
will not use the patents in question to limit the availability of SELinux.  
Our assurance is subject to certain limitations that we believe are
consistent with the spirit of open source.  We know that we have caused
confusion addressing this issue in the past, so we want to be as clear as
possible in resolving the issue.  We have developed a Statement of Assurance
to provide that clarity.  The Statement of Assurance summarizes the scope of
our assurance to the community, as well as the limits of that assurance.
The Statement of Assurance may be found at
http://www.securecomputing.com/pdf/Statement_of_Assurance.pdf
<http://www.securecomputing.com/pdf/Statement_of_Assurance.pdf>   We hope
you will agree that the Statement of Assurance is both reasonable and clear.

We thank you for your patience while we worked to resolve this issue and
hope you will feel that your patience has been rewarded.

Regards,

Secure Computing Corporation



--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Message from Secure Computing

[Shaun Savage]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In the paragraph

"SELinux Limitation."  ......
However, Secure Computing does not extend the Assurance to software that 
merely interoperates with SELinux, or is merely included with a 
distribution of SELinux.

What does this mean?
That there is only ONE version of SELinux distribution?

Also the paragraph   "Limited Assurance."    

Does this mean that the contract between the open source community and 
SCC, created by earlier written statements has been changed?  

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE9QfIAn6I06Opz+XURAodGAJ9ZhR2CYF6JhXUn2yJPoJDm5NnS8ACeOan8
3sOKgQnOh60NrEnOwMcb8EE=
=zBOb
-----END PGP SIGNATURE-----



--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Message from Secure Computing

[Russell Coker]

On Sat, 27 Jul 2002 03:06, Shaun Savage wrote:
> In the paragraph
>
> "SELinux Limitation."  ......
> However, Secure Computing does not extend the Assurance to software that
> merely interoperates with SELinux, or is merely included with a
> distribution of SELinux.
>
> What does this mean?
> That there is only ONE version of SELinux distribution?

I interpret that to mean that you can't have another LSM module which uses 
the same patents stacked on top of SE Linux and claim patent exclusion for 
that module too.  That part seems reasonable to me.

> Also the paragraph   "Limited Assurance."
>
> Does this mean that the contract between the open source community and
> SCC, created by earlier written statements has been changed?

Yes, the section "Secure Computing disclaims all othjer promises, commitments 
or assurances of any kind, whether express or implied, including but not 
limited to any assurance that SELinux DOES NOT INFRINGE ANY PATENT OR OTHER 
INTELLECTUAL PROPERTY RIGHT OWNED OR ENFORCEABLE BY SECURE COMPUTING or any 
other party or person" does seem to say that they aren't even guaranteeing 
that it doesn't infringe their own patents.

It seems that this assurance is essentially free of any content.


Russell Coker

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Message from Secure Computing

[Shaun Savage]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

One of the thing that conserns me is that if this "Assurance" is not 
legally challanged NOW.  That later action would be voided because it 
was not filed in a timely manner.   The contract that many people worked 
under, is that  SELinux code  IS GPLed and can be used in ANY  way, 
within the GPLed framework.   I see this "Assurance" issue as breach of 
contract for ANY body that has worked on SELinux without pay from SCC, 
for the good of the linux community and their self.

To me the "Assurance" is basicly worthless and I don't accept the new 
contract SCC is offering to the linux community.  Also I reserve the 
right to exersize my rights under the old contract, the use SELinux code 
in ANY GPL compliant project.

I have been unemployed for over a year. I have work on SELinux, for that 
year, to help the linux community by offering a RBAC os the the linux 
comunity. I also I want to use it in a commercial project that is 
released within the GPL framework.  By changing the contract, SCC have 
deprived me of the opertunity to offer a commercial product, released 
with in the GPL framework.  

Shaun Savage
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - savages@savages.net

iD8DBQE9Qp6in6I06Opz+XURAugmAKCxaP7wbpZdAAKi8MniZbf8YlExHwCgkiyQ
CSIhGJsepsAhfQ2hODmKY/o=
=iqst
-----END PGP SIGNATURE-----



--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Message from Secure Computing

[Russell Coker]

On Sat, 27 Jul 2002 15:22, Shaun Savage wrote:
> To me the "Assurance" is basicly worthless and I don't accept the new
> contract SCC is offering to the linux community.  Also I reserve the
> right to exersize my rights under the old contract, the use SELinux code
> in ANY GPL compliant project.

I reject the assertion that SCC has any rights to a patent claim against me 
or anyone who uses my SE Linux code.

I entered into an implicit contractual agreement with the NSA and with the 
world at large when I started working on SE Linux under the GPL.  I consider 
no agreements other than the GPL to be binding on me or on anyone who uses my 
work.

If SCC consider that the NSA did the wrong thing by releasing the code under 
the GPL then they can sue the NSA for damages.  It has nothing to do with us.


Russell Coker


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Message from Secure Computing

[Dale Amon]

On Sat, Jul 27, 2002 at 04:20:08PM +0200, Russell Coker wrote:
> On Sat, 27 Jul 2002 15:22, Shaun Savage wrote:
> > To me the "Assurance" is basicly worthless and I don't accept the new
> > contract SCC is offering to the linux community.  Also I reserve the
> > right to exersize my rights under the old contract, the use SELinux code
> > in ANY GPL compliant project.
> 
> I reject the assertion that SCC has any rights to a patent claim against me 
> or anyone who uses my SE Linux code.
> 
> I entered into an implicit contractual agreement with the NSA and with the 
> world at large when I started working on SE Linux under the GPL.  I consider 
> no agreements other than the GPL to be binding on me or on anyone who uses my 
> work.
> 
> If SCC consider that the NSA did the wrong thing by releasing the code under 
> the GPL then they can sue the NSA for damages.  It has nothing to do with us.

> Russell Coker


Likewise. Insofar as I am concerned, SELinux code is under the full terms of
the GPL and that supersedes any and all other claims. I will use the code
under those terms and totally and utterly reject any claims to the contrary.

In other words, their lawyers can stuff it.


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Message from Secure Computing

[Dale Amon]

AFter a few deep breaths...

I fully understand they wish to retain rights to do *OTHER* things
with their IP.

However *this* particular usage must be conceded to be totally,
utterly and without reservation under the terms of the GPL. Once
code is under GPL, it is under GPL forever. Period.


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Message from Secure Computing

[david kelman]

to: Secure Computing
>>>>>a big thank you! :o) your decision not to enforce your patents on SEL is a HUGE benefit
to open source community, the US govt and the NSA,
and all Americans. 
>>>>>gratefully, capybara=david in san diego
-- 
Get your free email from www.linuxmail.org 


Powered by Outblaze

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Message from Secure Computing

[Russell Coker]

On Sun, 28 Jul 2002 00:54, Dale Amon wrote:
> AFter a few deep breaths...

;)

I am surprised by two things about this, firstly they sent the message out at 
3PM on a Friday.  Anyone who's been involved in sys-admin work knows that you 
don't make a serious change on a Friday afternoon!  This means that they get 
flamed for an entire weekend without being able to respond.  The second thing 
is that they didn't run it by some of the regulars here first.  If they had 
privately asked  me what my reaction would be if they released such a PDF 
file then I'd have told them that my response (and that of many other people) 
would be and they could have fixed the document instead of releasing it and 
getting flamed everywhere.

I'm also surprised that they apparently aren't responding to anyone.  On the 
ISN list I've flamed quite a number of people.  Some of them flame me back 
(which is OK, I don't mind an arguement).  Some use a form letter approach of 
"we will take your views into consideration in regard to future work" 
(translation - I read what you wrote, won't take much notice, but will 
acknowledge it to make you feel you achieved something so you don't feel the 
need to keep flaming me).  Occasionally someone wants to discuss the matter 
and reach some sort of compromise.  But just ignoring people who flame them, 
and discussions between people that generally end up as positive-feedback 
loops generating more flames is really unusual.  If they desired bad 
publicity then they couldn't do much better than this!

Now they are listed on /. for this, which probably gets them hundreds of 
flames, and lots of people running nessus against their network.

> However *this* particular usage must be conceded to be totally,
> utterly and without reservation under the terms of the GPL. Once
> code is under GPL, it is under GPL forever. Period.

Provided that the person or organization that released it under the GPL had 
the authority to do so.  I interpret SCC's actions to imply that they believe 
that the NSA has acted improperly/illegally in releasing the code under the 
GPL.  If SCC can prove that the NSA release of the code under the GPL was in 
breach of the relevant contracts between the NSA and SCC then they could get 
it un-GPL'd.

I believe that the NSA employees are smart enough not to make such a mistake 
(it would have severe consequences for some NSA people if they did). 
Therefore I believe the NSA statements that SE Linux is legally released 
under the GPL (and all that implies).


Russell Coker

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: Message from Secure Computing

[Westerman, Mark]

On  7/27/02 1:57 AM Russell Coker


On Sat, 27 Jul 2002 03:06, Shaun Savage wrote:
>> In the paragraph
>>
>> "SELinux Limitation."  ......
>> However, Secure Computing does not extend the Assurance to software
>>that
>> merely interoperates with SELinux, or is merely included with a
>> distribution of SELinux.
>>
> What does this mean?
>> That there is only ONE version of SELinux distribution?

> I interpret that to mean that you can't have another LSM module which
> uses 
> the same patents stacked on top of SE Linux and claim patent exclusion
> for 
> that module too.  That part seems reasonable to me.

The original code was not a module, but actual modification to the kernel.

One thing we need to remember. The NSA contracted SCC to modify the 
Linux kernel (is now and was GPL at the time). Under the term of 
the GPL SCC lost any rights to enforce the Patent licensing fees. If 
I remember correctly they were paid over 2M for this work. Under 
the terms of the GPL you cannot later enforce licensing rights. It 
was not the NSA or any other company that made the changes, but SCC. 
So to Secure Computing you lost any right to enforce patent licensing when
YOU did the work and sold that work to the NSA under the terms of 
the GPL.


Mark Westerman

I reject Secure Computing  STATEMENT OF ASSURANCE.


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Message from Secure Computing

[Brian May]

On Sat, Jul 27, 2002 at 04:20:08PM +0200, Russell Coker wrote:
> I entered into an implicit contractual agreement with the NSA and with the 
> world at large when I started working on SE Linux under the GPL.  I consider 
> no agreements other than the GPL to be binding on me or on anyone who uses my 
> work.
> 
> If SCC consider that the NSA did the wrong thing by releasing the code under 
> the GPL then they can sue the NSA for damages.  It has nothing to do with us.

My understanding, based on Debian's interpretation of the GPL, is
that any software that is derived from or requires the use of, and is
distributed with GPL software[1], it must also be licensed under the GPL
(or compatable license) if it is to be distributed.

Since SE-Linux obviously is derived from Linux and requires Linux, and
Linux is obviously GPL, and the changes appear to be distributed with
Linux, then this must mean SE-Linux must also be licensed under the GPL
(or another license compatable with the GPL).

Even if distributing the patch for Linux by itself was OK (from what I
have read, it wouldn't be OK, for instance, it would contain GPL code),
it would not be OK for third parties to distribute compiled versions of
Linux with the patch applied.

This has come up over and over again on debian-legal before under (IMHO)
less clear circumstances (eg. a program using openssl shared library and
a GPL shared library at the same time cannot be distributed as part of
the one distribution).

Footnote:

[1] The exact wording in the GPL:

The source code for a work means the preferred form of the work for
making modifications to it.  For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable.  However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.

I think it is clear here that this exemption does not apply; as
SE-Linux is normally distributed with Linux (unlike other proprietary
Linux modules).
-- 
Brian May <bam@snoopy.apana.org.au>

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Message from Secure Computing

[Edward J. Huff]

On Sat, 2002-07-27 at 22:11, Westerman, Mark wrote:
> One thing we need to remember. The NSA contracted SCC to modify the 
> Linux kernel (is now and was GPL at the time). Under the term of 
> the GPL SCC lost any rights to enforce the Patent licensing fees. If 
> I remember correctly they were paid over 2M for this work. Under 
> the terms of the GPL you cannot later enforce licensing rights. It 
> was not the NSA or any other company that made the changes, but SCC. 
> So to Secure Computing you lost any right to enforce patent licensing when
> YOU did the work and sold that work to the NSA under the terms of 
> the GPL.

This is not accurate.  Releasing code under the GPL has no impact on
patent rights.  The copyright owner (Linus Torvalds in this case) has
the right to object to distribution of SE Linux if there is no patent
license.  The patent owner (SCC) as always has a license to sue whomever
they want for infringing the patent (I guess without much risk of
citation for frivolous suit).  The NSA might be able to sue SCC for
breach of contract if they did sue someone for infringement, but we
don't know the terms of the contract.

The GPL states 

http://www.gnu.org/copyleft/gpl.html

"For example, if a patent license would not permit royalty-free
redistribution of the Program by all those who receive copies directly
or indirectly through you, then the only way you could satisfy both it
and this License would be to refrain entirely from distribution of the
Program."

This (apparently) means that anyone who has a copy of SE Linux would not
be assured of permission to distribute it if the patent licenses were
revoked.  (But why does it say "royalty-free redistribution" instead of
"royalty-free use"?)

It does appear that at the present time, everyone has a license from SCC
(revocable by any successor of SCC) to use patents 4,621,321, 4,713,753,
and 4,701,840 in the context of SE Linux, so Linus Torvalds would not
have any basis for suing distributors of SE Linux unless and until the
patent license was revoked.  Also, it appears that the "Assurance" would
make it difficult for SCC to win an infringement suit against anyone
using SE Linux, since they have promised not to sue.

Of course, SCC (like anyone else) can sue whomever they want to, but in
this case, I would expect that the FSF and others would provide legal
assistance so that no one would have to capitulate simply because they
couldn't afford to pay a lawyer.

The "Statement of Assurance" has a typographical error:  4,6211,231
should read 4,621,321.

Publication / Filing dates:
US4713753 Dec. 15, 1987 / Feb. 21, 1985
US4621321 Nov. 4, 1986 / Feb. 16, 1984
US4701840 Oct. 20, 1987 / June 20, 1986

It is not entirely clear when these patents expire, but see
http://www.ssjr.com/interact.htm

The expiration dates might be:
US4713753 Feb. 21, 2005
US4621321 Feb. 16, 2004
US4701840 June 20, 2006

Apparently there are not many years left in these patents.  Also two of
them are subject to US Government rights.

I don't have access to the full list of claims.  uspto is down and
delphion wants $3 per patent.  Anyway, patent claims are almost
impossible to decrypt.

-- Ed Huff

-----------------------------------------------------------------
US4713753: Secure data processing system architecture with format
control

Country: US United States of America

Inventor: Boebert, William E.; Minneapolis, MN
Kain, Richard Y.; Minneapolis, MN

Published / Filed: Dec. 15, 1987 / Feb. 21, 1985

Application Number: US1985000703638

Government Interest:
    The present invention was developed in conjunction with the United
States Government Contract No. MDA 904-84-C-6011.

Priority Number:
Feb. 21, 1985  US1985000703638

Abstract: Means and methods of securing protected system files in a data
processing system are disclosed, wherein the information determining
access rights of system users to the protected systems files remains at
all times within a secure processor. Provision is also made for allowing
the display or labeling of protected data files only when markings
consistent with the security level of such files are also displayed or
included in the label. Furthermore, provision is also made for limiting
the access rights of users to protected system files based on a
comparison between the formats associated with said files and the
function or subsystem performing operations on behalf of the users. 

--------------------------------------------------------
US4621321: Secure data processing system architecture

Country: US United States of America

Inventor: Boebert, William E.; Minneapolis, MN
Kain, Richard Y.; Minneapolis, MN

Published / Filed: Nov. 4, 1986 / Feb. 16, 1984

Application Number: US1984000580910

Government Interest:
    The United States Government has rights in this invention pursuant
to the Contract No. MDA-904-82-C-0444.

Priority Number:
Feb. 16, 1984  US1984000580910

Abstract: A data processing system having an architecture for protecting
selected system files. The data processing unit includes a secure
processing unit operating in a manner independent of the operation of
the remainder of the data processing unit for storing and comparing
system file attributes and user entity attributes. The comparison of
attributes is performed in accordance with a table in the secure
processing unit containing the security context. The secure processing
unit alone is able to manipulate special data groups called
distinguished data objects. The secure processing unti also manipulates
a data object identifier that isolates the indentification of the system
files from the actual memory storage locations. Apparatus and method are
also disclosed for providing secure creation of protected system files
that in part eliminates interruption of the data processing system in
the process. The architecture also facilitates secure transfer of files
between data processing systems. 

US4701840: Secure data processing system architecture

Country: US United States of America

Inventor: Boebert, William E.; Hennepin, MN
Kain, Richard Y.; Hennepin, MN

Published / Filed: Oct. 20, 1987 / June 20, 1986

Application Number: US1986000876540

Priority Number:
Feb. 16, 1984  US1984000580910

Abstract: A data processing system having an architecture for protecting
selected system files. The data processing unit includes a secure
processing unit operating in a manner independent of the operation of
the remainder of the data processing unit for storing and comparing
system file attributes and user entity attributes. The comparison of
attributes is performed in accordance with a table in the secure
processing unit containing the security context. The secure processing
unit alone is able to manipulate special data groups called
distinguished data objects. The secure processing unit also manipulates
a data object identifier that isolates the identification of the system
files from the actual memory storage locations. Apparatus and method are
also disclosed for providing secure creation of protected system files
by in part eliminates interruption, the data processing system in the
process. The architecture also facilitates secure transfer of files
between data processing systems. 


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Message from Secure Computing

[Brian May]

On Sun, Jul 28, 2002 at 01:24:06AM -0400, Edward J. Huff wrote:
> patent rights.  The copyright owner (Linus Torvalds in this case) has

find  /usr/src/linux -type f | xargs grep -i copyright

You will see that Linus Torvalds isn't the only copyright holder...

I believe that the license could not be changed without permission of
each and every one of the numerous copyright holders. Unless of course
you get rid of the code in question.

Its not just individuals either, I see a number of references to HP,
IBM, and Silicon Graphics here. That is with only a quick 5 second
glance.
-- 
Brian May <bam@snoopy.apana.org.au>

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Message from Secure Computing

[Edward J. Huff]

On Sun, 2002-07-28 at 03:31, Brian May wrote:
> On Sun, Jul 28, 2002 at 01:24:06AM -0400, Edward J. Huff wrote:
> > patent rights.  The copyright owner (Linus Torvalds in this case) has
> 
> find  /usr/src/linux -type f | xargs grep -i copyright
> 
> You will see that Linus Torvalds isn't the only copyright holder...
> 
> I believe that the license could not be changed without permission of
> each and every one of the numerous copyright holders. Unless of course
> you get rid of the code in question.
> 
> Its not just individuals either, I see a number of references to HP,
> IBM, and Silicon Graphics here. That is with only a quick 5 second
> glance.

Right.  There is no question of changing the license.  The question is
who would sue to enforce the license, and who would be sued.  I guess
any one of those copyright holders could sue.  My point is, SCC is not
one of them.  Neither would SCC be a defendant.  The defendants would
have to be the NSA and you and me.  In any case, SCC would not be a
party to any dispute over the copyrights to SE Linux.

My other point is that so long as SCC says it is OK for people to use SE
Linux (and modified versions of SE Linux, so long as they are
distributed under the GPL), they are granting a revocable license, and
the GPL does not require that patent licenses be irrevocable.  It only
requires that distribution stop should be license be revoked.  Since SCC
isn't distributing SE Linux, SCC doesn't have to stop.  And since there
is a license at present, there is no grounds for copyright action
against people who are distributing SE Linux.

It appears to me that the lawyers at SCC have actually done their job in
writing that document.  It is the PR people who failed, miserably.

And of course, the other people who have failed are your senators and
congressmen.  Write to them about this example of the absurdity of
software patents.  Explain how you were blindsided by the sudden
discovery that the patent license could be revoked at will.  Ask them to
enact a blanket license of all software patents for GPL'ed code.

-- Ed Huff


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: Message from Secure Computing

[Westerman, Mark]

 
On 7/28/02 12:24 AM, Edward J. Huff

>On Sat, 2002-07-27 at 22:11, Westerman, Mark wrote:
>> One thing we need to remember. The NSA contracted SCC to modify the 
>> Linux kernel (is now and was GPL at the time). Under the term of 
>> the GPL SCC lost any rights to enforce the Patent licensing fees. If 
>> I remember correctly they were paid over 2M for this work. Under 
>> the terms of the GPL you cannot later enforce licensing rights. It 
>> was not the NSA or any other company that made the changes, but SCC. 
>> So to Secure Computing you lost any right to enforce 
>> patent licensing when YOU did the work and sold that work to 
>> the NSA under the terms of 
>> the GPL.

> This is not accurate.  Releasing code under the GPL has 
> no impact on patent rights.  The copyright owner 
> (Linus Torvalds in this case) has the right to object to 
> distribution of SE Linux if there is no patent license.  
> The patent owner (SCC) as always has a license to sue 
> whomever they want for infringing the patent (I guess 
> without much risk of citation for frivolous suit).  The 
> NSA might be able to sue SCC for breach of contract if 
> they did sue someone for infringement, but we don't know 
> the terms of the contract.

> The GPL states 

> http://www.gnu.org/copyleft/gpl.html

> "For example, if a patent license would not permit royalty-free
> redistribution of the Program by all those who receive copies directly
> or indirectly through you, then the only way you could satisfy both it
> and this License would be to refrain entirely from distribution of the
> Program."

> This (apparently) means that anyone who has a copy of SE Linux 
> would not be assured of permission to distribute it if the 
> patent licenses were revoked.  (But why does it say 
> "royalty-free redistribution" instead of "royalty-free use"?)

The GPL states 

http://www.gnu.org/copyleft/gpl.html

7. If, as a consequence of a court judgment or 
allegation of patent infringement or for any other reason 
(not limited to patent issues), conditions are imposed on you 
(whether by court order, agreement or otherwise) that 
contradict the conditions of this License, they do not excuse 
you from the conditions of this License. If you cannot 
distribute so as to satisfy simultaneously your obligations 
under this License and any other pertinent obligations, 
then as a consequence you may not distribute the Program 
at all. For example, if a patent license would not permit 
royalty-free redistribution of the Program by all those 
who receive copies directly or indirectly through you, 
then the only way you could satisfy both it and this License 
would be to refrain entirely from distribution of the Program. 


This part of the GPL is quit clear. Since SCC did the orginal
work. The made the changes and distributed to the NSA and was
paid for that work. Then all copies directly or indirectly 
must be able to be distributed royalty-free. In other words
we do not have to pay SCC. The GPL does not revoke SCC patents.
I does mean we can distribite SELinxu and any derivation of
royalty-free


Mark Westerman

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Message from Secure Computing

[Russell Coker]

On Sun, 28 Jul 2002 07:24, Edward J. Huff wrote:
> On Sat, 2002-07-27 at 22:11, Westerman, Mark wrote:
> > One thing we need to remember. The NSA contracted SCC to modify the
> > Linux kernel (is now and was GPL at the time). Under the term of
> > the GPL SCC lost any rights to enforce the Patent licensing fees. If
> > I remember correctly they were paid over 2M for this work. Under
> > the terms of the GPL you cannot later enforce licensing rights. It
> > was not the NSA or any other company that made the changes, but SCC.
> > So to Secure Computing you lost any right to enforce patent licensing
> > when YOU did the work and sold that work to the NSA under the terms of
> > the GPL.
>
> This is not accurate.  Releasing code under the GPL has no impact on
> patent rights.  The copyright owner (Linus Torvalds in this case) has

On the contrary, when you release code under a license that says that it may 
be freely used by anyone without charge then you have removed the option of 
trying to make them pay for it.

> patent license was revoked.  Also, it appears that the "Assurance" would
> make it difficult for SCC to win an infringement suit against anyone
> using SE Linux, since they have promised not to sue.

The SCC could create a new company (for some small accounting cost), transfer 
the patents to it, and then have that company sue.  This is quite easy to do.


However I don't think that this is what SCC desires.  I think that SCC would 
prefer that people avoid using SE Linux for commercial work to allow them to 
sell commercial products that perform similar functions.  SE Linux is gaining 
support in major distributions of Linux which SCC could not match, so in any 
fair comparison of features a proprietary product will lose.  So FUD is what 
is needed to compete.


Russell Coker

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Message from Secure Computing

[Edward J. Huff]

On Sun, 2002-07-28 at 09:18, Russell Coker wrote:
> On Sun, 28 Jul 2002 07:24, Edward J. Huff wrote:
> > This is not accurate.  Releasing code under the GPL has no impact on
> > patent rights.  The copyright owner (Linus Torvalds in this case) has
> 
> On the contrary, when you release code under a license that says that it may 
> be freely used by anyone without charge then you have removed the option of 
> trying to make them pay for it.

Of course, but you do not give up the option of suing them for patent
infringement, which has nothing to do with paying for software.  It just
stops them from using the software.

> However I don't think that this is what SCC desires.  I think that SCC would 
> prefer that people avoid using SE Linux for commercial work to allow them to 
> sell commercial products that perform similar functions.  SE Linux is gaining 
> support in major distributions of Linux which SCC could not match, so in any 
> fair comparison of features a proprietary product will lose.  So FUD is what 
> is needed to compete.

Exactly:

On Sun, 2002-07-28 at 05:38, Edward J. Huff wrote:
> It appears to me that the lawyers at SCC have actually done their
> job in writing that document.  It is the PR people who failed,
> miserably.

I retract the latter conclusion.  The PR people did a brilliant job. 
They want to sow FUD regarding the availability of SE Linux and to
discourage people from working on it.  Can anyone find out for certain
when the patents expire?

-- Ed Huff


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Message from Secure Computing

[Edward J. Huff]

On Sun, 2002-07-28 at 19:35, Edward J. Huff wrote:
> On Sun, 2002-07-28 at 09:18, Russell Coker wrote:
> > On Sun, 28 Jul 2002 07:24, Edward J. Huff wrote:
> > > This is not accurate.  Releasing code under the GPL has no impact on
> > > patent rights.  The copyright owner (Linus Torvalds in this case) has
> > 
> > On the contrary, when you release code under a license that says that it may 
> > be freely used by anyone without charge then you have removed the option of 
> > trying to make them pay for it.
> 
> Of course, but you do not give up the option of suing them for patent
> infringement, which has nothing to do with paying for software.  It just
> stops them from using the software.
> 
Well, there might be a legal theory which interprets release of code
under GPL by the patent owner as a patent license, but it has certainly
never been tested in court.  (If it had, it would have been Big News).

-- Ed Huff


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: Message from Secure Computing

[Shaun Savage]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The concept of who owns what license and patents paid for by who for how 
much is such a tarpit that any legal issues here would be a expensive 
and only guessing at this time.
To me the issue is contract.  NSA released GPL code.  People worked on 
this code with in the GPL framework.  A company, SCC,  wants to change 
the contract.  The people that worked, on SELinux, under the first 
contract has lost value due to the beach of contract.   Simple!  The 
value that was lost is "the linux communities ability to use SELinux 
under the GPL framework."  How much is that?  It is different for 
person. What would be the damages?
Shaun Savage
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - savages@savages.net

iD8DBQE9RK81n6I06Opz+XURAmdVAJ93qQJrTOenDBJmY2BBcZY3cwMglgCgkdDo
9b9f5G0Rb4MFeRFS3aV2bPI=
=mCS4
-----END PGP SIGNATURE-----



--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Message from Secure Computing

[Tom]

On Sat, Jul 27, 2002 at 06:22:54AM -0700, Shaun Savage wrote:
> was not filed in a timely manner.   The contract that many people worked 
> under, is that  SELinux code  IS GPLed and can be used in ANY  way, 
> within the GPLed framework.   

NSA offered SELinux for download under the GPL, right?

GPL states that if there's anything that stops you from fulfilling ALL
the GPL requirements (patents are explicitly mentioned), you may not
release under GPL at all.

therefore, I simply assume that any problems are between SCC and NSA,
and I'll happily await the day that SCC sues NSA for the initial GPL
release.

in addition, I live in a free country without software patents (though
the lobby is working on changing that), so I guess I should prepare an
SELinux mirror just in case.


-- 
http://web.lemuria.org/pubkey.html
pub  1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org>
     Key fingerprint = C731 64D1 4BCF 4C20 48A4  29B2 BF01 9FA1 2D7A 04F5

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.