Re: SELinux Dumb Questions

From: Nick Bellinger (nickbat_private)
Date: Tue Jun 04 2002 - 18:14:13 PDT

  • Next message: Chris Wright: "[ANNOUNCE] LSM Website Overhaul"

    
     ('K' encoding is not supported, stored as-is)
    On Tue, 2002-06-04 at 15:59, Russell Coker wrote:
    > >
    > > On Monday 03 June 2002 04:13 pm, Haigh, Tom wrote:
    > > > SELinux includes Type Enforcement technology developed and patented by
    > > > the Secure Computing Corporation, who still holds rights to all
    > > > commercial use of the technology.  Before a colo company, or anyone else
    > > > uses the technology commercially, it will be necessary to negotiate a
    > > > license with Secure Computing.  If anyone wants to do so, I can help get
    > > > the ball rolling with our Legal and BD folks.
    > 
    > Let's look at the following URL:
    > http://www.securecomputing.com/archive/press/2000/nsa_faq_secure_linux.html
    > 
    > > Question 6: Will SCC use its patent on Type Enforcement TM to restrict use,
    > > future development, derivative work, or release of the source code of the
    > > system? 
    > >
    > > There will be no restrictions on the use of TE by the Linux open source
    > > community. We believe that leveraging the resources of the Linux community
    > > is the best way to develop robust security for Linux.
    > 
    > That seems like a clear statement that we can do what we like with it!
    > 
    > But Tom, if your company does want to go ahead with this patent plan then 
    > please do the following:
    > 
    > 1)  Change that misleading web page.
    > 
    > 2)  Let me know so I can remove all SE Linux code from Debian, remove it from 
    > my client's machines, and start work on a competing product.
    > 
    > 3)  Make formal statements as to limitations of distribution etc, also 
    > clarify to what extent you want SE Linux code removed from the world.  Should 
    > I get the upstream maintainer of stat to remove the SE Linux code too?  Also 
    > you'll have to get it removed from LSM which is under the GPL, and you had 
    > better hope that the problems with building as a module are fixed quickly - 
    > you can't ship code that links with the kernel unless it's under the GPL.
    > 
    > PS  When does the patent expire?  If it's due to expire in 1 year or less we 
    > can just wait until it's gone...
    > 
    
    I also agree with Russell here,  the ambiguous if not misleading nature
    of the statements on the stance that SCC will take on commerical use
    patents involved with SELinux is particularly troubling.  From what I
    understand one of the goals of the SELinux project is to make fine
    grained access controls available on a mainstream OS, and hence the
    licensing decision to accept the terms of the GPL.  Now enforcing a
    patent on a commerical _product_ derieved from SELinux or involving the
    TE patent I can understand (but not agree with), but requiring that any
    commerical _use_ of SELinux or involving the TE patent requires a
    license with SCC is indeed deeply troubling.  
    
    Not to state the obvious but:
    
    "Question 5: What is the project’s position with respect to the GPL and
    open source requirements for Linux?
    
    We plan to provide the security enhancements made to Linux under this
    project to the community without restriction in full compliance with the
    letter and spirit of the GPL."
    
    Clairifications please?
    
    Thanks,
    	Nicholas A. Bellinger
    
    
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Tue Jun 04 2002 - 19:20:33 PDT