Tom, It seem that you post a similar message to the nl.linux.org mailing list in Jan 2000. http://mail.nl.linux.org/securedistros/2000-01/msg00012.html <http://mail.nl.linux.org/securedistros/2000-01/msg00012.html> Quote "When we have figured out just how to handle this, I will post the resolution here." From the selinux mailing list, Jun 2002 Quote "However, we want to avoid creating more confusion, so we are going to take a little time to reflect before we respond." I have clam down since my last post on this subject and I apologize for the Flame. Questions: Did you resolve this issue two years ago? If so, could you please post the results here. Did the contract you accepted from the NSA resolve this issue? If so, could you please post the results here We really need to put this issue to bed. To prevent statements like "Our company will not be using the SELinux for clients because, our management has determined the situation is to confusing and will not place our business at risk. Pamela Patterson OpenDNS Crop " Thanks, Mark Westerman From you post http://mail.nl.linux.org/securedistros/2000-01/msg00012.html <http://mail.nl.linux.org/securedistros/2000-01/msg00012.html> Secure Computing's Plans for Type Enforced Linux To: securedistrosat_private <mailto:securedistrosat_private> Subject: Secure Computing's Plans for Type Enforced Linux From: Tom Haigh < tom_haighat_private <mailto:tom_haighat_private> > Date: Fri, 21 Jan 2000 10:48:25 -0600 References: < CMM.0.90.4.948178145.neumannat_private <mailto:CMM.0.90.4.948178145.neumannat_private> > < 200001191057.DAA21079at_private <mailto:200001191057.DAA21079at_private> > < 3885FB0D.FC3BFC95at_private <mailto:3885FB0D.FC3BFC95at_private> > < 200001200629.XAA22118at_private <mailto:200001200629.XAA22118at_private> > Reply-To: securedistrosat_private <mailto:securedistrosat_private> Sender: owner-securedistrosat_private <mailto:owner-securedistrosat_private> I just posted the following message to the open-source discussion group at SRI. It belongs here as well. --Tom It is past time for me to jump into this discussion. Secure Computing is commited to being a responsible, contributing member of the open source community. One of the conditions of accepting the contract from NSA was that we be able to make the results of the contract available to the community. I have appended a portion of a FAQ that we released internally on the topic. I will also say that our legal folks are still looking at the best way to do this. Needless to say, we are not excited about other vendors coming up with proprietary versions of type enforcement. We believe that opening up the TE work to the broader community will be a win for all of us. The proposals made by Brian Witten and Richard Stallman are very interesting to us, and I want to explore those more out of band with anyone who is interested. When we have figured out just how to handle this, I will post the resolution here. We appreciate the interest that you all have shown and the good suggestions that have been made. Thanks very much. Tom Haigh, CTO Secure Computing Corp. 2675 Long Lake Road Roseville, MN 55343 651-628-2738 haighat_private <mailto:haighat_private> Question 5: What about the open source licensing? What does this mean for your Type Enforcement technology on Linux? It is our intention to be an active, responsible member of the open source community. We will work with partners to develop new product offerings that will benefit our customers, our partners, and us. Our modifications to Linux will consist of: - strong policy enforcement code which is in the kernel itself, - a flexible policy engine which is structured as a separate module We will open source all the modifications to the kernel as well as deliver a general-purpose security policy engine. We are still defining the exact functionality of this engine, but it will support a broad set of basic applications, it will be functional and it will be complete enough to enable the Linux community to develop other policy engines. We hope that others will choose to enhance this engine and/or develop their own policy engines that are optimized for their purposes. Separately, we will use Linux and develop Linux policy engines for our own products, such as Sidewinder. These policy engines will remain proprietary to Secure Computing. -----Original Message----- From: Haigh, Tom [mailto:tom_haighat_private] Sent: Friday, June 07, 2002 11:14 AM To: linux-security-moduleat_private; 'selinuxat_private' Subject: Regarding the Type Enforcement Licensing Discussion We have been reviewing all the discussion on this topic, and it is obvious that we are dealing with complex issues, which require some careful consideration. We would like to set the record straight with a clear statement, and we will do that soon. However, we want to avoid creating more confusion, so we are going to take a little time to reflect before we respond. My initial response was intended to let people know that the licensing issues have not yet been resolved. I apologize for the confusion it has caused. We want to be sure that our next statement is both clear and definitive. Your insights, concerns and opinions are helpful to us, and they are an important consideration as we think this through. Thanks for your patience and understanding. Tom Haigh _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Jun 17 2002 - 11:11:47 PDT