Re: Secure Computing statement of assurance

• Previous message: Linus Torvalds: "Re: [PATCH] LSM file locking patch is bogus"
• In reply to: SCC: "Secure Computing statement of assurance"
• Next in thread: Westerman, Mark: "RE: Secure Computing statement of assurance"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

SCC wrote:

> Secure Computing has reviewed the concerns expressed by the open 
> source community about SELinux and certain Secure Computing patents.
>
Up-front caveats:

    * I am not a lawyer.
    * I don't speak for anyone but myself.
    * I have no interest in any of these issues

That said, IMHO the crux of this issue has to do with who released what:

    * The various restrictions imposed by SCC in the
      _Statement_of_Assurance_
      <http://www.securecomputing.com/pdf/Statement_of_Assurance.pdf>
      are *not* compatible with the GPL, which says in clause 6 that
      "You may not impose any further restrictions on the recipients'
      exercise of the rights granted herein." So had it been SCC that
      released SELinux, they would be in full violation of the GPL.
    * But it was *not* SCC that released SELinux; it was the NSA and
      NAI. At issue is whether the NSA and NAI had obtained appropriate
      rights to SCC's patents to release SELinux. But since that issue
      involves complex contracts that I was not party to, I refuse to
      discuss it.
    * Therefore, NSA and NAI are within the GPL to release the code, at
      the risk of SCC some day changing their mind about the terms on
      their patent. LSM makes a lovely buffer here: Linus can accept LSM
      without infringing on the patent, and anyone who wants to use the
      module can use it. If SCC later withdraws the public's use of the
      patent, Linus doesn't have to take it out.

This results in an odd conclusion: anyone can distribute SELinux-derived 
works under the terms of the GPL (provided they're willing to risk SCC 
later changing their mind) *except for SCC*. Because SCC's Statement of 
Assurance is in violation of the GPL, SCC is specifically enjoined from 
releasing modified linux kernels based on this restricted use of their 
patent. If SCC ever wants to distribute SELinux based products, they are 
going to have to actually GPL the patent, as opposed to this "assurance" 
document.

Crispin

-- 
Crispin Cowan, Ph.D.
Chief Scientist, WireX                      http://wirex.com/~crispin/
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html



_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Crispin Cowan: "Re: Secure Computing statement of assurance"
• Previous message: Linus Torvalds: "Re: [PATCH] LSM file locking patch is bogus"
• In reply to: SCC: "Secure Computing statement of assurance"
• Next in thread: Westerman, Mark: "RE: Secure Computing statement of assurance"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jul 27 2002 - 22:27:54 PDT