Linux 2.2.20pre10
Alan Cox
be done. If this tree tests out ok it will be 2.2.20
2.2.20pre11
o Security fixes
| Details censored in accordance with the US DMCA
o Sparc updates (Dave Miller)
o Add escaped usb hot plug config item (Ryan Maple)
o Fix eepro10 driver problems (Aris)
o Make request_module return match 2.4 (David Woodhouse)
o Update SiS900 driver (Hui-Fen Hsu)
o Update ver_linux to match 2.4 (Steven Cole)
o Final isdn fixups for 2.2 (Kai Germaschewski)
o scsi tape fixes from 2.4 (Kai Mäkisara)
o Update credits entry (Henrik Storner)
o Fix scc driver hang case (Jeroen)
o Update credits entry (Dave Jones)
o Update FAT documentation (Hirokazu Nomoto)
o Small net tweaks (Dave Miller)
o Fix cs89xx abuse of skb->len (Kapr Johnik)
2.2.20pre10
o Update the gdth driver (Achim Leubner)
o Fix prelink elf loading in 2.2 (Jakub Jelinek)
o 2.2 lockd fixes when talking to HP/UX (Trond Myklebust)
o 3ware driver update (Adam Radford)
o hysdn driver update (Kai Germaschewski)
o Backport via rhine fixes (Dennis Bjorklund)
o NFS client fixes (Trond Myklebust, Ion Badulescu,
Jim Castleberry, Crag I Hagan.
Adrian Drzewiecki)
o Blacklist TEAC PD-1 to single lun (Wojtek Pilorz)
o Fix null request_mode return (David Woodhouse)
o Update credits entry (Fernando Fuganti)
o Fix sparc build with newer binutils (Andreas Jaeger)
o Starfire update (Ion Badulescu)
o Remove dead USB files (Greg Kroah-Hartmann)
o Fix isdn mppp crash case (Kai Germaschewski)
o Fix eicon driver (Kai Germaschewski)
o More pci idents (Andreas Tobler)
o Typo fix (Eli Carter)
o Remove ^M's from some data files (Greg Kroah-Hartmann)
o 64bit cleanups for isdn (Kai Germaschewski)
o Update isdn certificates (Kai Germaschewski)
o Mac update for sysrq (Ben Herrenschmidt)
2.2.20pre9
o Document ip_always_defrag in proc.txt (Brett Eldrige)
o Update S/390 asm for newer gcc (Ulrich Weigand
o Update S/390 documentation Carsten Otte
o Update s390 dump too and co)
o Update s/390 dasd to match 2.4
o Backport s/390 tape driver from 2.4
o FDDI bits for s/390
o Updates for newer pmac laptops (Tom Rini)
o AMD760MP support (Johannes Erdfelt)
o Fix PPC oops on media change (Tom Rini)
o Fix some weird but valid input combinations (Tom Rini)
on PPC
o Add additional checks to irc dcc masquerade (Juanjo Ciarlante,
Michal Zalewski)
o Update 2.2 ISDN maintainer (Kai Germaschewski)
o Fix 3c505 with > 16Mb of RAM (Paul)
o Bring USB into sync with 2.4.7 (Greg Kroah-Hartmann)
2.2.20pre8
o Merge DRM fixes from 2.4.7 tree (me)
o Merge sbpcd fixes from 2.4.7 tree
o Merge moxa buffer length check
o Merge bttv clip length check
o Merge aha2920 shared irq from 2.4.7 tree
o Merge MTWEOF fix from 2.4.6 tree
o Merge serverworks AGP from 2.4.6 tree
o Merge sbc60xxx watchdog fixes from 2.4.6
o Merge lapbether fixes from 2.4.6
o Merge bpqether fixes from 2.4.6
o Merge scc fixes from 2.4.6
o Merge lmc memory leak fixes from 2.4.6
o Merge sm_wss fixes from 2.4.6
o Resync AGP support with 2.4.6
o Merge epca fixes from 2.4.5
o Merge riscom8 fixes from 2.4.5
o Merge softdog fixes from 2.4.5
o Merge specialix fixes from 2.4.5
o Merge wdt/wdt_pci fixes from 2.4.5
o ISDN cisco hdlc fixes (Kai Germaschewski)
o ISDN timer fixes (Kai Germaschewski)
o isdn minor control change backport (Kai Germaschewski)
o Backport ELCR MP 1.1 config/PCI routing stuff (John William)
o Backport isdn ppp fixes from 2.4 (Kai Germaschewski)
o Backport isdn_tty fixes from 2.4 (Kai Germaschewski)
o eicon cleanups (Armin Schindler)
| Armin can you double check the clashes were ok
o Fix an ntfs oops (Anton Altaparmakov)
o Fix arp null neighbour buglet (Dave Miller)
o Update sparc version strings, pci fixups (Dave Miller)
o Define CONFIG_X86 in 2.2 as well as 2.4 (Herbert Xu)
o Configure.help cleanups (Steven Cole)
o Add MODE_SELECT_10 to qlogic fc table (Jeff Andre)
o Remove dead oldproc variable (Dave Miller)
o Update starfire driver for 2.2 (Ion Badulescu)
o 8139too driver update (Jens David)
o Assorted race fixes for binfmt loaders (Al Viro)
o Update Alpha support for older boxes (Jay Estabrook)
o ISDN bsdcomp/ppp compression fixes (Kai Germaschewski)
2.2.20pre7
o Merge rose buffer management fixes (Jean-Paul Roubelat)
o Configure.help updates (Steven Cole)
o Add Steven Cole to credits (Steven Cole)
o Update kbuild list info (Michael Chastain)
o Fix slab.c doc typo (Piotr Kasprzyk)
o Lengthen parport probe timeout (Jean-Luc Coulon)
o Fix vm86 cleanup (Stas Sergeev)
o Fix 8139too build bug (Jürgen Zimmermann)
o Fix slow 8139too performance (Oleg Makarenko)
o Sparc64 exec fixes (Solar Designer)
2.2.20pre6
o Merge all the pending ISDN updates (Kai Germaschewski)
| These are sizable changes and want a good testing
o Fix sg deadlock bug as per 2.4 (Douglas Gilbert)
o Count socket/pipe in quota inode use (Paul Menage)
o Fix some missing configuration help texts (Steven Cole)
o Fix Rik van Riel's credits entry (Rik van Riel)
o Mark xtime as volatile in extern definition (various people)
o Fix open error return checks (Andries Brouwer)
2.2.20pre5
o Fix a patch generation error, replaces 2.2.20pre4 which is
wrong on ad1848
2.2.20pre4
o Fix small corruption bug in 82596 (Andries Brouwer)
o Fix usb printer probing (Pete Zaitcev)
o Fix swapon/procfs race (Paul Menage)
o Handle ide dma bug in the CS5530 (Mark Lord)
o Backport 2.4 ipv6 neighbour discovery changes (Dave Miller)
o FIx sock_wmalloc error handling (Dave Miller)
o Enter quickack mode for out of window TCP data (Andi Kleen)
o Fix Established v SYN-ACK TCP state error (Alexey Kuznetsov)
o Sparc updates, ptrace changes etc (Dave Miller)
o Fix wrong printk in vdolive masq (Keitaro Yosimura)
o Fix core dump handling bugs in 2.2 (Al Viro)
o Update hdlc and synclink drivers (Paul Fulghum)
o Update netlink help texts (Magnus Damm)
o Fix rtl8139 keeping files open (Andrew Morton)
o Further sk98 driver updates. fix wrong license (Mirko Lindner)
text in files
o Jonathan Woithe has moved (Jonathan Woithe)
o Update cpqarray driver (Charles White)
o Update cciss driver (Charles White)
o Don't delete directories on an fs that reports (Ingo Oeser)
then 0 size when doing distclean
o Add support for the 2.4 boot extensions to 2.2 (H Peter Anvin)
o Fix nfs cache locking corruption on SMP (Craig Hagan)
o Add missing check to cdrom readaudio ioctl (Jani Jaakkola)
o Fix refclock build with newer gcc (Jari Ruusu)
o koi8-r fixes (Andy Rysin)
o Spelling fixes for documentation (Andries Brouwer)
2.2.20pre3
o FPU/ptrace corruption fixes (Victor Zandy)
o Resync belkin usb serial with 2.4 (Greg Kroah-Hartmann)
o Resync digiport usb serial with 2.4 (Greg Kroah-Hartmann)
o Rsync empeg usb serial with 2.4 (Greg Kroah-Hartmann)
o Resync ftdi_sio against 2.4 (Greg Kroah-Hartmann)
o Bring keyscan usb back into line with 2.4 (Greg Kroah-Hartmann)
o Resync keyspan_pda usb with 2.4 (Greg Kroah-Hartmann)
o Resync omninet usb with 2.4.5 (Greg Kroah-Hartmann)
o Resync usb-serial driver with 2.4.5 (Greg Kroah-Hartmann)
o Resync visor usb driver with 2.4.5 (Greg Kroah-Hartmann)
o Rsync whiteheat driver with 2.4.5 (Greg Kroah-Hartmann)
o Add edgeport USB serial (Greg Kroah-Hartmann)
o Add mct_u232 USB serial (Greg Kroah-Hartmann)
o Update usb storage device list (Stas Bekman, Kaz Sasayma)
o Bring usb acm driver into line with 2.4.5 (Greg Kroah-Hartmann)
o Bring bluetooth driver into line with 2.4.5 (Greg Kroah-Hartmann)
o Bring dabusb driver into line with 2.4.5 (Greg Kroah-Hartmann)
o Bring usb dc2xx driver into line with 2.4.5 (Greg Kroah-Hartmann)
o Bring mdc800 usb driver into line with 2.4.5 (Greg Kroah-Hartmann)
o Bring rio driver into line with 2.4.5 (Greg Kroah-Hartmann)
o Bring USB scanner drivers into line with 2.4.5 (Greg Kroah-Hartmann)
o Update ov511 driver to match 2.4.5 (Greg Kroah-Hartmann)
o Update PCIIOC ioctls (esp for sparc) (Dave Miller)
o General sparc bugfixes (Dave Miller)
o Fix possible oops in fbmem ioctls (Dave Miller)
o Fix reboot/halt bug on "Alcor" Alpha boxes (Tom Vier)
o Update osst driver (Willem Riede)
o Fix syncppp negotiation bug (Bob Dunlop)
o SMBfs bug fixes from 2.4 series (Urban Widmark)
o 3ware IDE raid driver updates (Adam Radford)
o Fix incorrect use of bitops on non long types (Dave Miller)
o Fix reboot/halt bug on 'Miata' Alpha boxes (Tom Vier)
o Update Tim Waugh's contact info (Tim Waugh)
o Add TIOCGSERIAL to sun serial on PCI sparc32 (Lars Kellogg-Stedman)
o ov511 check user data more carefully (Marc McClelland)
o Fix netif_wake_queue compatibility macro (Andi Kleen)
2.2.20pre2
o Fix ip_decrease_ttl as per 2.4 (Dave Miller)
o Fix tcp retransmit state bug (Alexey Kuznetsov)
o Fix a few obscure sparc tree bugs (Dave Miller)
o Fix fb /proc bug and OF fb name size bug (Segher Boessenkool)
o Fix complie with CONFIG_INTEL_RNG=y (Andrzej Krzysztofowicz)
o Fix rio driver when HZ!=100 (Andrzej Krzysztofowicz)
o Stop 3c509 grabbing other EISA boards (Andrzej Krzysztofowicz)
o Remove surplus defines for root= names (Andrzej Krzysztofowicz)
o Revert pre1 APIC change
2.2.20pre1
o Fix SMP deadlock in NFS (Trond Myklebust)
o Fix missing printk in bluesmoke handler (me)
o Fix sparc64 nfs (Dave Miller)
o Update io_apic code to avoid breaking dual (Johannes Erdfelt)
Athlon 760MP
o Fix includes bugs in toshiba driver (Justin Keene,
Greg Kroah-Hartmann)
o Fix wanpipe cross compile (Phil Blundell)
o AGPGART copy_from_user fix (Dawson Engler)
o Fix alpha resource setup error (Allan Frank)
o Eicon driver updates (Armind Schindler)
o PC300 driver update (Daniela Squassoni)
o Show lock owner on flocks (Jim Mintha)
o Update cciss driver to 1.0.3 (Charles White)
o Backport cciss/cpqarray security fixes (me)
o Update i810 random number generator (Jeff Garzik)
o Update sk98 driver (Mirko Lindner)
o Update sis900 ethernet driver (Hui-Fen Hsu)
o Fix checklist glitch in make menuconfig (Moritz Schulte)
o Update synclink driver (Paul Fulghum)
o Update advansys scsi driver (Bob Frey)
o Ver_linux fixes for 2.2 (Steven Cole)
o Bring 2.2 back into line with the master ISDN (Kai Germaschewski)
o Whiteheat usb driver update (Greg Kroah-Hartmann)
o Fix via_rhine byte counters (Adam Lackorzynski)
o Fix modem control on rio serial (Rogier Wolff)
o Add more Iomega Zip to the usb storage list (Wim Coekaerts)
o Add ZF Micro watchdog (Fernando Fuganti)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majo...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Alan Cox
> is still not included?
It didnt seem critical and I wanted to be sure that I got 2.2.20 out.
Its sensible for 2.2.21
bert hubert
> Things took a bit longer than intended with various security fixes needing to
> be done. If this tree tests out ok it will be 2.2.20
>
> 2.2.20pre11
> o Security fixes
> | Details censored in accordance with the US DMCA
Care to elaborate?
Regards,
bert
--
http://www.PowerDNS.com Versatile DNS Software & Services
Trilab The Technology People
Netherlabs BV / Rent-a-Nerd.nl - Nerd Available -
'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet
Andreas Haumer
Alan Cox wrote:
>
> Things took a bit longer than intended with various security fixes needing to
> be done. If this tree tests out ok it will be 2.2.20
>
> 2.2.20pre11
> o Security fixes
> | Details censored in accordance with the US DMCA
> o Sparc updates (Dave Miller)
> o Add escaped usb hot plug config item (Ryan Maple)
> o Fix eepro10 driver problems (Aris)
> o Make request_module return match 2.4 (David Woodhouse)
> o Update SiS900 driver (Hui-Fen Hsu)
> o Update ver_linux to match 2.4 (Steven Cole)
> o Final isdn fixups for 2.2 (Kai Germaschewski)
> o scsi tape fixes from 2.4 (Kai Mäkisara)
> o Update credits entry (Henrik Storner)
> o Fix scc driver hang case (Jeroen)
> o Update credits entry (Dave Jones)
> o Update FAT documentation (Hirokazu Nomoto)
> o Small net tweaks (Dave Miller)
> o Fix cs89xx abuse of skb->len (Kapr Johnik)
Any reason for my one-liner patch to linux/net/sunrpc/sched.c
is still not included?
andreas@ws1:~/cvsdir {625} % cvs diff -C5 -rR_2-2-19~11 -rR_2-2-19~12
linux/net/sunrpc/sched.c
Index: linux/net/sunrpc/sched.c
===================================================================
RCS file:
/raid5/cvs/repository/distribution/Base/linux/net/sunrpc/sched.c,v
retrieving revision 1.1.1.6
retrieving revision 1.12
diff -C5 -r1.1.1.6 -r1.12
*** linux/net/sunrpc/sched.c 2001/03/25 16:37:42 1.1.1.6
--- linux/net/sunrpc/sched.c 2001/08/17 11:53:48 1.12
***************
*** 1066,1075 ****
--- 1066,1076 ----
rpciod_pid = current->pid;
up(&rpciod_running);
exit_files(current);
exit_mm(current);
+ exit_fs(current);
spin_lock_irq(¤t->sigmask_lock);
siginitsetinv(¤t->blocked, sigmask(SIGKILL));
recalc_sigpending(current);
spin_unlock_irq(¤t->sigmask_lock);
Without this patch, rpciod keeps the initial ramdisk rootfs
busy on our diskless clients, so we cannot umount and free
it...
Regards,
- andreas
--
Andreas Haumer | mailto:and...@xss.co.at
*x Software + Systeme | http://www.xss.co.at/
Karmarschgasse 51/2/20 | Tel: +43-1-6060114-0
A-1100 Vienna, Austria | Fax: +43-1-6060114-71
Alan Cox
> > o Security fixes
> > | Details censored in accordance with the US DMCA
>
On a list that reaches US citizens - no. File permissions and userids may
constitute and be used for rights management.
Alan
bert hubert
> > > o Security fixes
> > > | Details censored in accordance with the US DMCA
> >
> > Care to elaborate?
>
> On a list that reaches US citizens - no. File permissions and userids may
> constitute and be used for rights management.
I may be a bit simple today, but I still don't get it. In what way does the
DMCA (horrible as it is) apply to our own software, which we in know way
'reverse engineered'?
Are you saying that we can't divulge security problems in our own software
anymore for fear of being sued by affected parties?
Regards,
bert
--
http://www.PowerDNS.com Versatile DNS Software & Services
Trilab The Technology People
Netherlabs BV / Rent-a-Nerd.nl - Nerd Available -
'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet
bert hubert
> > Are you saying that we can't divulge security problems in our own software
> > anymore for fear of being sued by affected parties?
>
> and indeed even if their are contractual agreements between parties
> permitting the data to be released..
This is getting daft in a hurry.
> I hope to have the security stuff up on a non US citizen accessible site in
> time for 2.2.20 final
This would then presumably lead to password protected access for US kernel
developers that need to know? And some kind of NDA?
'IANAL', and neither are you, are you sure this sillyness is necessary?
Alan Cox
> anymore for fear of being sued by affected parties?
Not even affected parties - the government can do it too without anyone else
and indeed even if their are contractual agreements between parties
permitting the data to be released..
I hope to have the security stuff up on a non US citizen accessible site in
time for 2.2.20 final
Matthias Andree
> > Are you saying that we can't divulge security problems in our own software
> > anymore for fear of being sued by affected parties?
>
> Not even affected parties - the government can do it too without anyone else
> and indeed even if their are contractual agreements between parties
> permitting the data to be released..
>
> I hope to have the security stuff up on a non US citizen accessible site in
> time for 2.2.20 final
Putting pressure on US people to have them influence their
legislation? Aka. every people have the rulers they deserve? Won't work
out.
Seriously, are you kidding?
--
Matthias Andree
Alan Cox
> developers that need to know? And some kind of NDA?
US kernel developers cannot be told. Period.
> 'IANAL', and neither are you, are you sure this sillyness is necessary?
Its based directly on legal opinion.
Rik van Riel
> On Mon, Oct 22, 2001 at 01:30:00PM +0100, Alan Cox wrote:
> > > This would then presumably lead to password protected access for US kernel
> > > developers that need to know? And some kind of NDA?
> >
> > US kernel developers cannot be told. Period.
> > Its based directly on legal opinion.
>
You suggest we're leaving for The Free World(tm) ? ;)
Btw, does anybody know how to setup HTML click-through
licences ? ;) [mmm, need to learn more non-kernel stuff]
cheers,
Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)
http://www.surriel.com/ http://distro.conectiva.com/
bert hubert
> > This would then presumably lead to password protected access for US kernel
> > developers that need to know? And some kind of NDA?
>
> US kernel developers cannot be told. Period.
(...)
> Its based directly on legal opinion.
Then I suggest we leave this planet.
--
http://www.PowerDNS.com Versatile DNS Software & Services
Trilab The Technology People
Netherlabs BV / Rent-a-Nerd.nl - Nerd Available -
'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet
Alan Cox
> legislation? Aka. every people have the rulers they deserve? Won't work
> out.
"Until they become conscious they will never rebel, and until after
they have rebelled they cannot become conscious."
> Seriously, are you kidding?
The current interpretation of the DMCA is as lunatic as it sounds. With luck
the Sklyarov case will see that overturned on constitutional grounds. Until
then US citizens will have to guess about security issues.
Alan
Roger Gammans
> > This would then presumably lead to password protected access for US kernel
> > developers that need to know? And some kind of NDA?
>
> US kernel developers cannot be told. Period.
Huh, US resident or US citizens?
If US resident , does that mean we can't send security patches to
Linus.
*shakes head*
TTFN
--
Roger.
ashes and diamond,
foe and friend,
we _are_ all equal in the end. -- Pink Floyd
bert hubert
> On Mon, Oct 22, 2001 at 01:30:00PM +0100, Alan Cox wrote:
> > > This would then presumably lead to password protected access for US kernel
> > > developers that need to know? And some kind of NDA?
> >
> > US kernel developers cannot be told. Period.
>
> Huh, US resident or US citizens?
>
> If US resident , does that mean we can't send security patches to
> Linus.
You can send him the patch. It appears you cannot tell him which
vulnerability it fixes.
That is, unless the 'code = speech' people have succeded in setting enough
precedent, in which case even 'code' may become a 'circumvention device'!
I am not a lawyer though, but at this point logic seems so far away that
anything appears possible.
Regards,
bert
--
http://www.PowerDNS.com Versatile DNS Software & Services
Trilab The Technology People
Netherlabs BV / Rent-a-Nerd.nl - Nerd Available -
'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet
Luigi Genoni
cutted out, and cannot give their contrib.
ufff! I tend to belive that politicians make law without a real knoledge
of what they are doing (see Italian law on copyrights)
Luigi
On Mon, 22 Oct 2001, Alan Cox wrote:
> > Putting pressure on US people to have them influence their
> > legislation? Aka. every people have the rulers they deserve? Won't work
> > out.
>
> "Until they become conscious they will never rebel, and until after
> they have rebelled they cannot become conscious."
>
> > Seriously, are you kidding?
>
> The current interpretation of the DMCA is as lunatic as it sounds. With luck
> the Sklyarov case will see that overturned on constitutional grounds. Until
> then US citizens will have to guess about security issues.
>
> Alan
Horst von Brand
> On Mon, Oct 22, 2001 at 01:30:00PM +0100, Alan Cox wrote:
> > > This would then presumably lead to password protected access for US kernel
> > > developers that need to know? And some kind of NDA?
> >
> > US kernel developers cannot be told. Period.
> > Its based directly on legal opinion.
> Then I suggest we leave this planet.
I'd expected an "all the world is USA" delusion from an US citizen, not
from somebody in .nl...
--
Dr. Horst H. von Brand Usuario #22616 counter.li.org
Departamento de Informatica Fono: +56 32 654431
Universidad Tecnica Federico Santa Maria +56 32 654239
Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513
Danny ter Haar
>US kernel developers cannot be told. Period.
Are you looking for non-us webspace ?
I'm willing to letyou have full access to www.bzimage.org if
needed.
Let me know.
Danny
Wayne...@altec.com
Speaking as a US citizen, I hope that someone outside the US will grab that info
as soon as it's available and make it accessible to everyone. (Not that I need
it myself -- I have no interest in 2.2.20 -- but I like to see crap legislation
like the DMCA subverted wherever possible.)
Wayne
Alan Cox <al...@lxorguk.ukuu.org.uk> on 10/22/2001 06:55:12 AM
To: a...@ds9a.nl (bert hubert)
cc: linux-...@vger.kernel.org (bcc: Wayne Brown/Corporate/Altec)
Subject: Re: Linux 2.2.20pre10
> Are you saying that we can't divulge security problems in our own software
> anymore for fear of being sued by affected parties?
Not even affected parties - the government can do it too without anyone else
and indeed even if their are contractual agreements between parties
permitting the data to be released..
I hope to have the security stuff up on a non US citizen accessible site in
time for 2.2.20 final
Nicolas Turro
> If you know any reason this should not be 2.2.20 final now is a very very
> good time to say. I intend to call this patch 2.2.20 in a week or so
> barring any last minute problems. Please save anything but actual bugfixes
> for 2.2.21.
Is 2.2.20 final coming anytime soon (october) or should i use 2.2.20pre10 ?
N. Turro
Tom Sightler
that info
> as soon as it's available and make it accessible to everyone. (Not that I
need
> it myself -- I have no interest in 2.2.20 -- but I like to see crap
legislation
> like the DMCA subverted wherever possible.)
Agreed, and it's exactly what we need to do. Laws like these are much
easier to overturn when they start making criminals out of everyday,
ordinary people for just doing their normal jobs. Suddenly even dumb judges
and, especially, elected officials, get the idea because the pressure gets
put on by everyone.
Of course, I still think this is an extremeist view of the DMCA. I don't
see were it keeps you from posting information about security fixes to your
own code, just not other peoples products.
Later,
Tom
Rik van Riel
> Speaking as a US citizen, I hope that someone outside the US
> will grab that info as soon as it's available and make it
> accessible to everyone. (Not that I need it myself -- I have no
> interest in 2.2.20 -- but I like to see crap legislation like
> the DMCA subverted wherever possible.)
Yeah, lets keep up the status quo so bad laws never get
subverted and people like Dmitry Skylarov are the only
people suffering from bad US laws.
NOT.
Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)
http://www.surriel.com/ http://distro.conectiva.com/
-
Alan Cox
Im not aware of any probl;ems distributing fixed source
> I can't imagine anything worse for the security of this country than not
> allow computer users access to security issues.
As it stands I cannot legally advise the US security services about Linux
security issues. Normally I'd find this excruciatingly funny but in the
current circumstances its rather less humourous.
Alan
Andreas D. Landmark
> And who will be maintaining the world and us-castrated kernel source?
>allow computer users access to security issues.
I'd say the DMCA is a good candidate for being worse for computer security
than no security patches...
--
Andreas D Landmark / noXtension
Real Time, adj.:
Here and now, as opposed to fake time, which only occurs there
and then.
bill davidsen
al...@lxorguk.ukuu.org.uk wrote:
| > This would then presumably lead to password protected access for US kernel
| > developers that need to know? And some kind of NDA?
|
|
|
And who will be maintaining the world and us-castrated kernel source?
I can't imagine anything worse for the security of this country than not
allow computer users access to security issues.
--
bill davidsen <davi...@tmr.com>
His first management concern is not solving the problem, but covering
his ass. If he lived in the middle ages he'd wear his codpiece backward.
Rik van Riel
> And who will be maintaining the world and us-castrated kernel
> source? I can't imagine anything worse for the security of this
> country than not allow computer users access to security issues.
Don't worry, there are more than enough kernel hackers
outside of the US to keep maintaining the kernel.
The worst that could happen is that the US cripples
itself by not allowing the kernel hackers outside the
US to publish security info to people in the US, but
only to the rest of the world.
That's tough, they're a democratic country, they can
change the law if it hurts them too much.
cheers,
Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)
http://www.surriel.com/ http://distro.conectiva.com/
-
Greg Hennessy
Alan Cox <al...@lxorguk.ukuu.org.uk> wrote:
> As it stands I cannot legally advise the US security services about Linux
> security issues. Normally I'd find this excruciatingly funny but in the
> current circumstances its rather less humourous.
Which part of the DMCA do you think prohibits this?
George Garvey
possibly go to jail to fight the law? Will you pay his legal bills? Will
you take over his maintenance duties if necessary? Will you give him a
job when he's done if it comes to that?
That's a personal decision, don't you think? Who can judge another
without knowing their circumstances? Do you understand the situation at
all? Truthfully, I don't.
On Mon, Oct 22, 2001 at 12:21:43PM -0500, Wayne...@altec.com wrote:
> It's highly unlikely that Alan withholding information from a handful
> of US Linux users and developers will have any effect on US laws.
Dan Hollis
> On Mon, Oct 22, 2001 at 01:30:00PM +0100, Alan Cox wrote:
> > > This would then presumably lead to password protected access for US kernel
> > > developers that need to know? And some kind of NDA?
> > US kernel developers cannot be told. Period.
> > Its based directly on legal opinion.
What, Heavens Gate style?
-Dan
--
[-] Omae no subete no kichi wa ore no mono da. [-]
Rob Turk
<Wayne...@altec.com> wrote in message
news:cistron.86256A...@smtpnotes.altec.com...
>
>
> It's highly unlikely that Alan withholding information from a handful of US
> complained already to our elected officials, without results.
Yup, but if large US-based corporations with economic ties into Linux no longer
have access to clear patch descriptions, *they* might have a better chance to
convince your US lawmakers that these laws are hurting US economy.
Rob
Per Jessen
>I never said that Alan, or any particular individual, should risk a lawsuit or
>jail. I simply said that I hoped *someone outside the US* (that is, someone not
>subject to US laws) would make the information available. Surely there are
>places in the world that are beyond the reach of the DMCA. How about those
Alan Cox, living in the UK, may be *somewhat* subject to US legislation.
Ties between the US and the UK are strong, and it is understandable if a UK-
resident person does not feel entirely out of reach of US law enforcement.
IMHO.
regards,
Per Jessen, Zurich
regards,
Per Jessen, Zurich
http://www.enidan.com - home of the J1 serial console.
Windows 2001: "I'm sorry Dave ... I'm afraid I can't do that."
Dominik Kubla
> On Monday 22 October 2001 12:21, Alan Cox wrote:
> > Things took a bit longer than intended with various security fixes needing
> > to be done. If this tree tests out ok it will be 2.2.20
> >
> > 2.2.20pre11
> > o Security fixes
> > | Details censored in accordance with the US DMCA
>
> Why? I didnt think you like it, nor lived in the US?
>
> If v'ger is in the US, I can understand not putting it in the changelog
> there. But why not on the mailing list?
Because the mailing list is hosted in the US of A...
Dominik
--
ScioByte GmbH Zum Schiersteiner Grund 2 55127 Mainz (Germany)
Phone: +49 700 724 629 83 Fax: +49 700 724 629 84
GnuPG: 717F16BB / A384 F5F1 F566 5716 5485 27EF 3B00 C007 717F 16BB
David Lang
case, it's the same info in a different form.
David Lang
On Mon, 22 Oct 2001, Roger Gammans wrote:
> Date: Mon, 22 Oct 2001 14:07:03 +0100
> From: Roger Gammans <ro...@computer-surgery.co.uk>
> Reply-To: rgam...@computer-surgery.co.uk
> To: linux-...@vger.kernel.org
> Subject: Re: Linux 2.2.20pre10
>
> On Mon, Oct 22, 2001 at 01:30:00PM +0100, Alan Cox wrote:
> > > This would then presumably lead to password protected access for US kernel
> > > developers that need to know? And some kind of NDA?
> >
> > US kernel developers cannot be told. Period.
>
> Huh, US resident or US citizens?
>
> If US resident , does that mean we can't send security patches to
> Linus.
>
> *shakes head*
>
> TTFN
> --
> Roger.
> ashes and diamond,
> foe and friend,
> we _are_ all equal in the end. -- Pink Floyd
Rob Turk
news:cistron.20011022...@schroeder.cs.wisc.edu...
> Wayne, everybody..
>
> I hate to belabor this point, but I'm in full agreement. If I really
> believed that Alan's boycott would have *any* positive affect, I'd fully
> support it, but the reality of the situation is that Wayne is right -- nobody
> with any real power will ever know or be able to a difference. I think that
> civil disobiediance is the only sensible action.
>
> -Nick
Alan might have to travel to the US somewhere in the near future. Do you think
he wants to risk being arrested? Making a point is one thing, serving time is
another. If Alan would disclose the details now, he would knowingly be
disobediant. Dimitry Sklyarov was ' unknowingly disobediant', and look what that
got him...
Rob
Wayne...@altec.com
I never said that Alan, or any particular individual, should risk a lawsuit or
jail. I simply said that I hoped *someone outside the US* (that is, someone not
subject to US laws) would make the information available. Surely there are
places in the world that are beyond the reach of the DMCA. How about those
European sites that made strong encryption available to circumvent the US export
restrictions on encryption technology? I never heard of the FBI raiding any of
them.
Wayne
George Garvey <tmwg-l...@inxservices.com> on 10/22/2001 12:35:53 PM
To: Wayne Brown/Corporate/Altec@Altec
cc: linux-...@vger.kernel.org
Subject: Re: Linux 2.2.20pre10
So you want to make the decision for Alan to get into a lawsuit and
possibly go to jail to fight the law? Will you pay his legal bills? Will
you take over his maintenance duties if necessary? Will you give him a
job when he's done if it comes to that?
That's a personal decision, don't you think? Who can judge another
without knowing their circumstances? Do you understand the situation at
all? Truthfully, I don't.
On Mon, Oct 22, 2001 at 12:21:43PM -0500, Wayne...@altec.com wrote:
> It's highly unlikely that Alan withholding information from a handful
> of US Linux users and developers will have any effect on US laws.
Wayne...@altec.com
It's highly unlikely that Alan withholding information from a handful of US
Linux users and developers will have any effect on US laws. Plenty of us have
complained already to our elected officials, without results. The number of
people who would care (or even know) about Alan's security boycott -- even if it
includes the entire US readership of linux-kernel -- is vanishingly small
compared to the general population, and no politician is going to pay attention
to such a small and dilute constituency. All a policy of secrecy will
accomplish is to punish US kernel hackers (who probably disagree with the DMCA
as much as the rest of you) and have no effect on the average citizen who
doesn't have a clue about either the DMCA or Linux. I'm seeing a disturbing
trend here; with all the talk about this topic and about EXPORT_SYMBOL_GPL here
lately, I'm starting to think linux-kernel is more about restricting information
than disseminating it.
I believe the DCMA should be treated like firearms laws or any other bad laws:
Fight them where possible, and disobey them where fighting them is not possible.
Wayne
Rik van Riel <ri...@conectiva.com.br> on 10/22/2001 11:03:53 AM
To: Wayne Brown/Corporate/Altec@Altec
cc: linux-...@vger.kernel.org
Subject: Re: Linux 2.2.20pre10
On Mon, 22 Oct 2001 Wayne...@altec.com wrote:
> Speaking as a US citizen, I hope that someone outside the US
> will grab that info as soon as it's available and make it
> accessible to everyone. (Not that I need it myself -- I have no
> interest in 2.2.20 -- but I like to see crap legislation like
> the DMCA subverted wherever possible.)
Yeah, lets keep up the status quo so bad laws never get
subverted and people like Dmitry Skylarov are the only
people suffering from bad US laws.
NOT.
Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)
http://www.surriel.com/ http://distro.conectiva.com/
-
Rik van Riel
> I never said that Alan, or any particular individual, should
> risk a lawsuit or jail. I simply said that I hoped *someone
> outside the US* (that is, someone not subject to US laws) would
> make the information available.
If you publish to the US, you can be sued under US law.
> Surely there are places in the world that are beyond the reach
> of the DMCA. How about those European sites that made strong
> encryption available to circumvent the US export restrictions on
> encryption technology? I never heard of the FBI raiding any of
> them.
There's a german guy named as one of the defendants in
the DVD lawsuit in California. He has never even been
to California, but could end up being convicted for
doing something which is perfectly legal in Germany.
I don't think I want to take the risk of getting charged
with a crime in the US for something perfectly legal here.
I'd rather lock out the US and leave the legal risks to the
people who elected the folks who put these laws in place...
regards,
Dan Hollis
> bert hubert <a...@ds9a.nl> said:
> > Then I suggest we leave this planet.
> from somebody in .nl...
The MPAA abducted a norwegian child using police armed with assault
weapons. Alan and other non-us citizens certainly have reason to be
concerned.
-Dan
--
[-] Omae no subete no kichi wa ore no mono da. [-]
-
Alexander Viro
On Mon, 22 Oct 2001 Wayne...@altec.com wrote:
> I wonder if there are any Linux hackers in Iraq? It's doubtful the government
> there would honor any legal action attempted by the US on DMCA issues. OTOH, it
> would put me in the rather weird position of agreeing with the Iraqi government,
> which is something I NEVER would have expected... :-)
Oh, come on. Every government is right on some issues. Proof:
For every government X there is at least one government Y such that X
would claim that Y is a bunch of corrupt assholes. Since every government
_is_ a bunch of corrupt assholes, every government is right at least in one
of its claims.
Wayne...@altec.com
I wonder if there are any Linux hackers in Iraq? It's doubtful the government
there would honor any legal action attempted by the US on DMCA issues. OTOH, it
would put me in the rather weird position of agreeing with the Iraqi government,
which is something I NEVER would have expected... :-)
Wayne
"Per Jessen" <p...@computer.org> on 10/22/2001 01:13:42 PM
Please respond to "Per Jessen" <p...@computer.org>
To: "linux-...@vger.kernel.org" <linux-...@vger.kernel.org>
cc: (bcc: Wayne Brown/Corporate/Altec)
Subject: Re: Linux 2.2.20pre10
On Mon, 22 Oct 2001 12:51:53 -0500, Wayne...@altec.com wrote:
>I never said that Alan, or any particular individual, should risk a lawsuit or
>jail. I simply said that I hoped *someone outside the US* (that is, someone
not
>subject to US laws) would make the information available. Surely there are
>places in the world that are beyond the reach of the DMCA. How about those
Alan Cox, living in the UK, may be *somewhat* subject to US legislation.
Ties between the US and the UK are strong, and it is understandable if a UK-
resident person does not feel entirely out of reach of US law enforcement.
IMHO.
regards,
Per Jessen, Zurich
regards,
Per Jessen, Zurich
http://www.enidan.com - home of the J1 serial console.
Windows 2001: "I'm sorry Dave ... I'm afraid I can't do that."
Gavin Baker
> > > 2.2.20pre11
> > > o Security fixes
> > > | Details censored in accordance with the US DMCA
> >
> > Care to elaborate?
>
> On a list that reaches US citizens - no. File permissions and userids may
> constitute and be used for rights management.
Alan, are we to assume any future security related patch details are to
be censored until this DMCA madness is over?
In this case, im not sure if its a good idea for anyone to actually
apply these patches until they have read, and understand the code. If
the person in question is not fluent in C, how do they know what they
are patching, or whether to patch it at all without your explanation of
what it does?
If this is the case, im sure lots of websites will spring up, with
blatent disregard for the DMCA, that will fill in the blanks from the
changelogs. People will make a public stand against this insanity.
On the other hand, if the actual code for these security fixes is not
classed as "Details", i dont know what is.
2.5.8 changelog...
o Security Fixes
| None applied for fear of the code upsetting the US DMCA
o VM updates (Rik)
o Some other updates
| applied, but authors kept anonymous for fear of the DMCA
| seeing the updates as security issues, also details censored
| just in case.
o etc.
madness.
--
Gavin Baker - UK
Joel Jaeggli
On Mon, 22 Oct 2001 Wayne...@altec.com wrote:
>
>
> I never said that Alan, or any particular individual, should risk a lawsuit or
> jail. I simply said that I hoped *someone outside the US* (that is, someone not
> subject to US laws) would make the information available.
tell that to dimitri skylarov, I'm sure he'd love to here it.
> Surely there are
> places in the world that are beyond the reach of the DMCA. How about those
> European sites that made strong encryption available to circumvent the US export
> restrictions on encryption technology? I never heard of the FBI raiding any of
> them.
>
> Wayne
>
>
>
>
> George Garvey <tmwg-l...@inxservices.com> on 10/22/2001 12:35:53 PM
>
> To: Wayne Brown/Corporate/Altec@Altec
> cc: linux-...@vger.kernel.org
>
> Subject: Re: Linux 2.2.20pre10
>
>
>
> So you want to make the decision for Alan to get into a lawsuit and
> possibly go to jail to fight the law? Will you pay his legal bills? Will
> you take over his maintenance duties if necessary? Will you give him a
> job when he's done if it comes to that?
> That's a personal decision, don't you think? Who can judge another
> without knowing their circumstances? Do you understand the situation at
> all? Truthfully, I don't.
>
> On Mon, Oct 22, 2001 at 12:21:43PM -0500, Wayne...@altec.com wrote:
> > It's highly unlikely that Alan withholding information from a handful
> > of US Linux users and developers will have any effect on US laws.
>
>
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majo...@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
--
--------------------------------------------------------------------------
Joel Jaeggli joe...@darkwing.uoregon.edu
Academic User Services con...@gladstone.uoregon.edu
PGP Key Fingerprint: 1DE9 8FCA 51FB 4195 B42A 9C32 A30D 121E
--------------------------------------------------------------------------
It is clear that the arm of criticism cannot replace the criticism of
arms. Karl Marx -- Introduction to the critique of Hegel's Philosophy of
the right, 1843.
br...@worldcontrol.com
> > legislation? Aka. every people have the rulers they deserve? Won't
> > work out.
On Mon, Oct 22, 2001 at 01:29:14PM +0100, Alan Cox wrote:
> "Until they become conscious they will never rebel, and until after
> they have rebelled they cannot become conscious."
While I've been generally saddened by Alan Cox's and others
anti-America attitude, I am somewhat surprised to find that
Alan believes the US bombing of Afghanistan is justified and so
is the collateral damage as they call it.
Alan's point being that a population of a State can't be innocent
of the actions of their government, something, by the way, with
which I disagree.
Strange though, while the US has delivered hundreds of millions of US
dollars in aid to Afghanistan both before and after 9/11, Alan would
deny US citizens some of the tools with which to change things at home.
Alan asks us to rebel, but then denies us at least some of the
avenues we might take. Others claiming for him that he doesn't
want to risk jail. What if every aid worker in Afghanistan
and elsewhere around the world had the same attitude?
--
Brian Litzinger <br...@worldcontrol.com>
Copyright (c) 2001 By Brian Litzinger, All Rights Reserved
Wayne...@altec.com
I certainly can't argue with your logic. :-)
Actually, I believe there are some decent, honest, well-meaning people in our
government. It's just that they seldom have much influence on policy. :-(
Wayne
Alexander Viro <vi...@math.psu.edu> on 10/22/2001 01:40:36 PM
To: Wayne Brown/Corporate/Altec@Altec
cc: "linux-...@vger.kernel.org" <linux-...@vger.kernel.org>
Subject: Re: Linux 2.2.20pre10
On Mon, 22 Oct 2001 Wayne...@altec.com wrote:
> I wonder if there are any Linux hackers in Iraq? It's doubtful the government
> there would honor any legal action attempted by the US on DMCA issues. OTOH,
it
> would put me in the rather weird position of agreeing with the Iraqi
government,
> which is something I NEVER would have expected... :-)
Oh, come on. Every government is right on some issues. Proof:
For every government X there is at least one government Y such that X
would claim that Y is a bunch of corrupt assholes. Since every government
_is_ a bunch of corrupt assholes, every government is right at least in one
of its claims.
-
Tudor Bosman
and IANAL. Now...
For reference, here is the full text of the DMCA subsection in question:
(1201(2)):
``(2) No person shall manufacture, import, offer to the public,
provide, or otherwise traffic in any technology, product, service,
device, component, or part thereof, that-
``(A) is primarily designed or produced for the purpose
of circumventing a technological measure that effectively con-
trols access to a work protected under this title;
``(B) has only limited commercially significant purpose or
use other than to circumvent a technological measure that
effectively controls access to a work protected under this title;
or
``(C) is marketed by that person or another acting in concert
with that person with that person's knowledge for use in cir-
cumventing a technological measure that effectively controls
access to a work protected under this title.
I would like to comment on this from two different angles.
1. The subsection mentions "any technology, product, service, device,
component, or part thereof". While this definition is vague, and we
hackers tend to like splitting hairs (see Dave Touretzky's DeCSS
gallery, http://www-2.cs.cmu.edu/~dst/DeCSS/Gallery/index.html), there
is a clear distinction between (constitutionally-protected) speech (in a
non-machine readable) form, and a software product. Other forms of
expression (source code, non-machine readable source code, source code
set to music, etc.) lie on the fine line between the two.
For example, exporting PGP on paper and OCR-ing it (because exporting it
in electronic form was illegal) was a legal absurdity. While this
hair-splitting might have amused a few lawyers and judges here and
there, I believe that a well-versed attorney could have torn that
defense to pieces, because we tried drawing demarcation lines instead of
concentrating on defeating the spirit of the law.
The above-mentioned paragraphs make no reference to "information" or a
"description" of such a circumvention device. A high-level description
(in plain English) of a security hole is not a "technology, product,
service, device, component, or part thereof"; and if it can be construed
as such, surely the realization of such description (the source code
itself) is much closer to the notion of a "product". Is this the end of
full disclosure and open source/free software? Should BUGTRAQ be banned
from US residents?
2. The arguments for/against publishing the description of the security
hole in the DMCA context are the same as the arguments for/against full
disclosure in the security field in general. IF the description were
published, then... (paraphrasing the three DMCA paragraphs I cited)
(A) it would NOT be primarily designed for circumventing a technological
measure that effectively controls access to a protected work- it would
be primarily designed for informing system administrators of their risks
and the importance of the patch, and informing developers of pitfalls to
avoid in writing new code;
(B) it would have a LARGE commercially significant purpose other than to
circumvent a technological measure that effectively controls access to a
protected work- the main purpose would be to urge system administrators
and developers to implement a higher degree of protection (at the very
least, apply the patch), and
(C) it would NOT be marketed by Alan Cox or another acting in concert
with him for use in circumventing a technological measure that
effectively controls access to a protected work- this is a no-brainer, I
don't think there are many people on this list who openly advocate
exploiting security holes for gaining unauthorized access.
In conclusion, I tried to make two points in the above rant:
1. A description of a security hole is constitutionally protected
speech, and as such cannot be construed as violating the sections of the
DMCA. If such description fits the definition of "technology, product,
service, device, component, or part thereof", then we're in big trouble,
because source code itself is much closer to the definition of a
"product" than a description of the source code.
2. A description of a security hole, or unpatched source code, or even
exploit code do not meet the criteria set forward by the DMCA for
illegal circumvention devices.
Best regards,
Tudor.
--
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
- Benjamin Franklin, Historical Review of Pennsylvania, 1759.
Paul Fulghum
> every government _is_ a bunch of corrupt assholes...
Good definition. Instead of arguing about which one
stinks the most, we should probe ways of wiping out
the DMCA without excess inflamation.
Paul Fulghum, pau...@microgate.com
Microgate Corporation, www.microgate.com
D. Stimits
>
> On Mon, Oct 22, 2001 at 01:30:00PM +0100, Alan Cox wrote:
> > > This would then presumably lead to password protected access for US kernel
> > > developers that need to know? And some kind of NDA?
> >
> > US kernel developers cannot be told. Period.
> > Its based directly on legal opinion.
>
If I could leave I would.
FYI, I am one of those USA people that wrote to Senator Hollings and
others about this new SSSCA stuff, asking him why he wanted to destroy
economic interests (e.g., IBM's), along with showing his utter contempt
for the Constitution of the USA. He'll just killfile it, it isn't what
he wants to hear, he's a child with a loaded gun.
http://www.newsforge.com/article.pl?sid=01/10/19/1546246&mode=thread
D. Stimits, sti...@idcomm.com
>
> --
> http://www.PowerDNS.com Versatile DNS Software & Services
> Trilab The Technology People
> Netherlabs BV / Rent-a-Nerd.nl - Nerd Available -
> 'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet
Rik van Riel
> While I've been generally saddened by Alan Cox's and others
> anti-America attitude, I am somewhat surprised to find that
[snip drivel on steroids]
> Others claiming for him that he doesn't want to risk jail.
You seem to have claimed as much for (against?) him as
all the others in this thread together. Lets take this
topic elsewhere, shall we ?
Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)
http://www.surriel.com/ http://distro.conectiva.com/
-
D. Stimits
> > > > This would then presumably lead to password protected access for US kernel
> > > > developers that need to know? And some kind of NDA?
> > >
> > > US kernel developers cannot be told. Period.
> > (...)
> > > Its based directly on legal opinion.
>
> > Then I suggest we leave this planet.
>
> from somebody in .nl...
Racist and prejudiced opinions though are found everywhere. Stereotypes
and arrogance know no boundaries. You mistake being a US citizen with
being a puppet.
D. Stimits, sti...@idcomm.com
> --
> Dr. Horst H. von Brand Usuario #22616 counter.li.org
> Departamento de Informatica Fono: +56 32 654431
> Universidad Tecnica Federico Santa Maria +56 32 654239
> Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513
D. Stimits
>
> In article <E15veDQ-...@the-village.bc.nu>
> al...@lxorguk.ukuu.org.uk wrote:
> | > This would then presumably lead to password protected access for US kernel
> | > developers that need to know? And some kind of NDA?
> |
> | US kernel developers cannot be told. Period.
> |
> |
>
> I can't imagine anything worse for the security of this country than not
> allow computer users access to security issues.
See:
http://www.newsforge.com/article.pl?sid=01/10/19/1546246&mode=thread
http://www.petitiononline.com/SSSCA/petition.html
http://216.110.42.179/docs/hollings.090701.html
Then complain to Senators Hollings and Stevens; they haven't heard of
the Constitution, maybe someone could remind them.
D. Stimits, sti...@idcomm.com
>
> --
> bill davidsen <davi...@tmr.com>
> His first management concern is not solving the problem, but covering
> his ass. If he lived in the middle ages he'd wear his codpiece backward.
Adrian Bunk
> I never said that Alan, or any particular individual, should risk a lawsuit or
> jail. I simply said that I hoped *someone outside the US* (that is, someone not
> subject to US laws) would make the information available. Surely there are
> places in the world that are beyond the reach of the DMCA. How about those
Where in the world do you find "someone not subject to US laws"? Someone
who develops a program in Russia gets arrested in the USA. And with the
"Hague Convention on Jurisdiction and Foreign Judgments in Civil and
Commercial Matters" [1] it will become much more easy for US companies for
sue people outside the USA...
> European sites that made strong encryption available to circumvent the US export
> restrictions on encryption technology? I never heard of the FBI raiding any of
> them.
That's a completely different thing: It is and it was always legal to use
encryption technology inside the USA and to import it into the USA (read:
downloading it from outside the USA is some kind of import). The only
thing that was (and is still under some circumstances) forbidden is the
export it from the USA. That means that in this case there are _no_ legal
risks for you when you offer encryption technology on a server that is
located outside the USA - and this is quite different from the DMCA
problems.
> Wayne
cu
Adrian
[1] An article in German about it that includes a pdf with the English
text of the proposal is at
http://www.heise.de/newsticker/data/jk-15.10.01-001/
--
Get my GPG key: finger bu...@debian.org | gpg --import
Fingerprint: B29C E71E FE19 6755 5C8A 84D4 99FC EA98 4F12 B400
Mike Fedyk
> 2. A description of a security hole, or unpatched source code, or even
> exploit code do not meet the criteria set forward by the DMCA for
> illegal circumvention devices.
>
I believe the exploit could be logically considered a "product" whos
use is to destroy. Even though it can be used to test to see it the problem
is really fixed on a patched system...
Gregory Ade
Hash: SHA1
On Mon, 22 Oct 2001, Alan Cox wrote:
> > This would then presumably lead to password protected access for US kernel
> > developers that need to know? And some kind of NDA?
>
> US kernel developers cannot be told. Period.
>
> > 'IANAL', and neither are you, are you sure this sillyness is necessary?
>
> Its based directly on legal opinion.
<rantmode>
So, then, just to satisfy my curiosity, how long until users of Linux in
the U.S.A. will no longer be allowed to download new kernels?
After all, all it would really take for one of us to find out what was
fixed is to download this patch and go through it line by line, and
examine the context of the changes.
Or are we no longer allowed to look at the sources either?
I'm really confused by this gesture. You're talking about both sides of
your mouth by telling us that "US kernel developers cannot be told" and at
the same time releasing the source/patch to the world.
Make up your mind.
</rantmode>
I guess I was wrong about the Linux kernel being Open Source and freely
available and distributable.
- --
Gregory K. Ade <gk...@unnerving.org>
http://unnerving.org/~gkade
OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE71HbOeQUEYOr0hEsRAn39AKC7loLShLzNQvH2fbr4fsVz5pxfHACeIiAi
1vzVfy+QQNpSlS6wEbkiWeI=
=X7eo
-----END PGP SIGNATURE-----
D. Stimits
>
> On Monday 22 October 2001 11:34, Rik van Riel wrote:
> > On Mon, 22 Oct 2001, bill davidsen wrote:
> > > And who will be maintaining the world and us-castrated kernel
> > > source? I can't imagine anything worse for the security of this
> > > country than not allow computer users access to security issues.
> >
> > outside of the US to keep maintaining the kernel.
> >
> > The worst that could happen is that the US cripples
> > itself by not allowing the kernel hackers outside the
> > US to publish security info to people in the US, but
> > only to the rest of the world.
> >
> > That's tough, they're a democratic country, they can
> > change the law if it hurts them too much.
>
> Rik...
>
> I *wish* it were that simple. If you don't think that a least some of us
> *try*, you're kidding yourself. The real problem, IMHO, is that the
> electorate of our country no longer has any real power or control over the
> government -- it's the corporations that do. Money talks, so the saying
> goes. He who has the gold makes the rules.
>
> So, please don't punish all of us for the acts of our corrupt system. We
> just try to make it better in whatever ways we can. FWIW, the ACLU, EEF,
> etc. are our best hope for a free society.
In one location, I see senator Hollings listed as party
"Democrat-Disney". Disney is another spot to boycott, they are trying to
have Linux and open source o/s's declared illegal to even touch
copyright media...not as a web server, a home machine, or anything (say
bye to IBM's Linux efforts). I think the vote for this killer SSSCA is
somewhere around the 25th of this month, so you better hurry.
D. Stimits, sti...@idcomm.com
(PS: I always suspected Mickey Mouse was a member of the Taliban)
>
> Thanks
>
> -Nick
D. Stimits
>
> Wayne, everybody..
>
> I hate to belabor this point, but I'm in full agreement. If I really
> believed that Alan's boycott would have *any* positive affect, I'd fully
> support it, but the reality of the situation is that Wayne is right -- nobody
> with any real power will ever know or be able to a difference. I think that
> civil disobiediance is the only sensible action.
I wish I had a vote in Senator Hollings jurisdiction, I'd try to have
him impeached or recalled. It would never work, but it might open some
eyes.
D. Stimits, sti...@idcomm.com
>
> -Nick
>
> On Monday 22 October 2001 12:21, Wayne...@altec.com wrote:
> > It's highly unlikely that Alan withholding information from a handful of US
> > Linux users and developers will have any effect on US laws. Plenty of us
> > have complained already to our elected officials, without results. The
> > number of people who would care (or even know) about Alan's security
> > boycott -- even if it includes the entire US readership of linux-kernel --
> > is vanishingly small compared to the general population, and no politician
> > is going to pay attention to such a small and dilute constituency. All a
> > policy of secrecy will accomplish is to punish US kernel hackers (who
> > probably disagree with the DMCA as much as the rest of you) and have no
> > effect on the average citizen who doesn't have a clue about either the DMCA
> > or Linux. I'm seeing a disturbing trend here; with all the talk about this
> > topic and about EXPORT_SYMBOL_GPL here lately, I'm starting to think
> > linux-kernel is more about restricting information than disseminating it.
> >
> > I believe the DCMA should be treated like firearms laws or any other bad
> > laws: Fight them where possible, and disobey them where fighting them is
> > not possible.
Alan Cox
> with any real power will ever know or be able to a difference. I think that
> civil disobiediance is the only sensible action.
And thats a choice you have - go post the relevant information where you
like at your own risk.
Gregory Ade
Hash: SHA1
On Mon, 22 Oct 2001, Rik van Riel wrote:
> That's tough, they're a democratic country, they can
> change the law if it hurts them too much.
No, it's a Republic. More specifically, a representative democracy, which
means that we're at the mercy of the people we've given license to
represent us. They make all sorts of promises to get in office, and then
go do their own damn thing anyway.
Unfortunately, the people I vote for never make it in to office, but
that's fodder for an entirely off-topic debate (flamewar?) on American
Politics. But, because I at least voted, I reserve the right to bitch
about what the people in office are doing. =)
I've written my representatives and voiced my opinions, but apparently
I'm of such a small minority that I think I'm being ignored.
- --
Gregory K. Ade <gk...@unnerving.org>
http://unnerving.org/~gkade
OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE71HoGeQUEYOr0hEsRAuf1AKCEwe84VvLtomt1KYvSRWMIQCozhQCfZHrM
WjIEixxaffGjwl6aecjHxew=
=wkYl
-----END PGP SIGNATURE-----
Doug McNaught
> In one location, I see senator Hollings listed as party
> "Democrat-Disney". Disney is another spot to boycott, they are trying to
> have Linux and open source o/s's declared illegal to even touch
> copyright media...not as a web server, a home machine, or anything (say
> bye to IBM's Linux efforts). I think the vote for this killer SSSCA is
> somewhere around the 25th of this month, so you better hurry.
Committee hearings, not a vote.
-Doug
--
Let us cross over the river, and rest under the shade of the trees.
--T. J. Jackson, 1863
Alan Cox
> the U.S.A. will no longer be allowed to download new kernels?
Potentially about 12 months after the SSSCA is passed. At which point you may
well find only a binary only OS with enforced copy management is legal in
the USA.
> I guess I was wrong about the Linux kernel being Open Source and freely
> available and distributable.
It is, subject to the law of the various countries concerned.
Alan
Rogier Wolff
> How about those European sites that made strong encryption available
> to circumvent the US export restrictions on encryption technology? I
> never heard of the FBI raiding any of them.
There is one important difference there: Publishing ecryption outside
the US was and is completely legal (apart from stupid local rules).
In the case of the DMCA, it has been shown that someone who publishes
a "circumvention device" outside the US can be arrested once in the
US.
In this case "the bug" could be labelled "circumvention device":
Suppose the bug is a "remote buffer overflow" (*) then if you have
copyrighted info on your server which is programmed so that that
non-paying people can't access the copyrighted material. Someone with
knowledge of the bug will be able to break in an access the
copyrighted material.
Anyone who publishes the bug risks getting arrested if they set foot
in the US.
Roger.
(*) It probably isn't.
--
** R.E....@BitWizard.nl ** http://www.BitWizard.nl/ ** +31-15-2137555 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
* There are old pilots, and there are bold pilots.
* There are also old, bald pilots.
Tom Sightler
>
> 1. A description of a security hole is constitutionally protected
> speech, and as such cannot be construed as violating the sections of the
> DMCA. If such description fits the definition of "technology, product,
> service, device, component, or part thereof", then we're in big trouble,
> because source code itself is much closer to the definition of a
> "product" than a description of the source code.
>
> exploit code do not meet the criteria set forward by the DMCA for
> illegal circumvention devices.
Very good point indeed. I would like for someone, anyone, to explain to me
exactly how disclosing security issues in open code would ever violate the
DMCA. Alan stated that it comes from a legal opinion, I would like to see
this opinion and know who it was from. Partially because I am from South
Carolina, the same state as SSSCA co-author Sen Hollings. I would love to
be able to spell out this "doomsday" can't publish security issues scenario
and hear his response, but I just don't see it in the DMCA. I would love
for someone to enlighten me on how they came to this conclusion with an
intelligent sentance other than "that what the DMCA says." Where does it
say that? How can you interpret that?
Everyone wants to bring up the Sklyarov case, but he didn't just expose the
weakness of the code, his company actively sold a product for financial gain
that circumvented the protection. While I still don't think the Sklyarov
himself should be the target, it has very little similarity to any open
source products like Linux.
To meet the criteria for criminal prosecution under DMCA you must violate
the rules "willfully and for purposes of commercial advantage or private
financial gain." This is the only case in which the government can pursue
you without another parties involvement.
Later,
Tom
bill davidsen
|
|
| I certainly can't argue with your logic. :-)
|
| Actually, I believe there are some decent, honest, well-meaning people in our
| government. It's just that they seldom have much influence on policy. :-(
After watching the VM wars here, how can you doubt that decent,
honest, well-meaning, and at least in the case of VM, competent people
can have very different ideas of how to solve a problem? Do you think
good people don't ever propose very bad solutions to problem? Just look
a release 2.4.11-ohshit.
Write to your politicians, and try to find out who does NSA secure
linux. How happy can they be not to get security fixes? Do they have to
stop publishing? Are people coming in black helicopters to dismantle
CERT, long our line of defense?
Stop trying to demonize politicians and start writing letters. State
the FACTS clearly without coming off as a hothead or worse, and you can
convince a staffer, which is the way in. Local elections are this year,
I bet your local candidate will give you a few minutes and if convinced
would would at least try to get you a five minutes on the phone with a
congressman. Then you need to be cool and informative.
Contact the local VFW and try to get someone interested. Soldiers
know about operating without intelligence information, and they often
have contacts. IBM is spending big bucks on TV ads for Linux, don't
hesitate to mention that trying to get the ear of a politician. Let
them, know this is not a bunch of hackers.
Start using the system instead of whining about it. You don't need
money to rock the boat, just the perception that you are a reasonable
person pointing out a problem.
--
bill davidsen <davi...@tmr.com>
His first management concern is not solving the problem, but covering
his ass. If he lived in the middle ages he'd wear his codpiece backward.
-
Richard B. Johnson
> > > Putting pressure on US people to have them influence their
> > > legislation? Aka. every people have the rulers they deserve? Won't
> > > work out.
>
> On Mon, Oct 22, 2001 at 01:29:14PM +0100, Alan Cox wrote:
> > "Until they become conscious they will never rebel, and until after
> > they have rebelled they cannot become conscious."
>
> While I've been generally saddened by Alan Cox's and others
> anti-America attitude, I am somewhat surprised to find that
> Alan believes the US bombing of Afghanistan is justified and so
> is the collateral damage as they call it.
>
> Alan's point being that a population of a State can't be innocent
> of the actions of their government, something, by the way, with
> which I disagree.
>
[SNIPPED...]
Once the government controls the schools, children learn what the
government wants them to learn. This knowledge becomes "fact" even
though it may be illogical and have no technical basis. Once the
United States government gained a toe-hold in the schools in the
1948 "School Lunch Program", the result was clear and the future
certain. Now we have socialist teachers teaching future socialist
legislators.
I am certain that the same problem exists with all governments,
even the United Kingdom. I don't think Alan is anti-American,
merely having been blinded by his own schooling. The days of
the patriots who declared; "Give me liberty or give me death!"
are long gone everywhere. Now we have, instead, those who declare;
"Give me a job so I can feed my family...". Anything the government
promises, that makes that job easier, or more readily available,
is accepted as the price of liberty when, if fact, there is no
liberty involved whatsoever. I read a quote in one of the IEEE
rags where Alan stated that he was afraid that he'd be arrested
if he entered the United States. I don't think he has too
much to worry about, the United States government didn't even
"provide for the common defense" (preamble to the US Constitution)
as became obvious on 9/11. I'm sure nobody would wake up even if
Alan was a terrorist.
I believe that we should have sent a tactical nuclear cruise
missile to Ben Laden's last known address. We can always apologize
later. This would put future terrorists on notice that if you
tweak the tiger's tail, you get hurt. But, that's why I'm
not a politician. Instead, we've got so-called government leader-
ship that is running around the world kissing ass. I don't need
some government to apologize for my existence. I need a government
to "provide for the common defense..." as required by the United
States Constitution.
Sorry about the off-topic.
Cheers,
Dick Johnson
Penguin : Linux version 2.4.1 on an i686 machine (799.53 BogoMips).
I was going to compile a list of innovations that could be
attributed to Microsoft. Once I realized that Ctrl-Alt-Del
was handled in the BIOS, I found that there aren't any.
Alan Cox
> weakness of the code, his company actively sold a product for financial gain
> that circumvented the protection. While I still don't think the Sklyarov
The Felten case is the more relevant one.
Dan Hollis
> > Everyone wants to bring up the Sklyarov case, but he didn't just expose the
> > weakness of the code, his company actively sold a product for financial gain
> > that circumvented the protection. While I still don't think the Sklyarov
> The Felten case is the more relevant one.
decss as well -- strange how people forget that one so easily
-Dan
--
[-] Omae no subete no kichi wa ore no mono da. [-]
Alan Cox
> speech, and as such cannot be construed as violating the sections of the
> DMCA. If such description fits the definition of "technology, product,
> service, device, component, or part thereof", then we're in big trouble,
> because source code itself is much closer to the definition of a
> "product" than a description of the source code.
I firmly believe that if justice prevails in the existing DMCA cases you
will be shown to be right. I've seen people compare the US to Iraq and
I don't buy that.
However until people stop shooting I'd prefer not to be a potential target.
Alan
Rik van Riel
> You're preaching to the choir here. By withholding these
> changes from US citizens, you're not going to pressure any
> politicians.
Pressuring US politicians is a job for US citizens.
Why are you asking Alan to risk prison _and_ pressure
US politicians? That's something you, as a resident
of the USA, should be doing yourself.
Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)
http://www.surriel.com/ http://distro.conectiva.com/
PinkFreud
> > > o Security fixes
> > > | Details censored in accordance with the US DMCA
> > > Care to elaborate?
>
> On a list that reaches US citizens - no. File permissions and userids may
> constitute and be used for rights management.
>
> Alan
Why not take that a step further? It would seem to me that your
insane interpretation of that insane law would mean that unix and it's
derivatives (Linux, anyone?) would be illegal to use as well.
You're preaching to the choir here. By withholding these changes from US
citizens, you're not going to pressure any politicians. I doubt there are
many politicians who count on this issue reading this list. I think most
of the US citizens reading this list, though, are enlightened enough to
know the harm the DMCA causes.
Please don't tell me you woke up this morning and had a sudden attack of
conscience that you were violating US law. You've posted such changes
here since the DMCA was put into effect, not to mention that lists like
Bugtraq are still operating in the US - and I think many of us managed to
read about the symlink and ptrace holes in kernels <= 2.2.19.
Mike Edwards
Brainbench certified Master Linux Administrator
http://www.brainbench.com/transcript.jsp?pid=158188
-----------------------------------
Unsolicited advertisments to this address are not welcome.
Alan Cox
> 1948 "School Lunch Program", the result was clear and the future
> certain. Now we have socialist teachers teaching future socialist
> legislators.
I think that you need to learn the difference between socialism and
stalinist statism - what you are describing is the USSR, which was of
course the other major state that imprisoned people for wanting to make
copies as part of free speech, and which controlled copying devices with
laws.
Alan
Tommy Reynolds
> Gregory Ade ranted, and I couldn't resist replying:
>
> > So, then, just to satisfy my curiosity, how long until users
> > of Linux in
> > the U.S.A. will no longer be allowed to download new kernels?
>
> If (hopefully not when!) the SSSCA passes. Personally, I'm making
> plans to get out of the US if that happens.
Ah, but would you be allowed to leave if you possess any security knowlege?
---------------------------------------------+-----------------------------
Tommy Reynolds | mailto: <reyn...@redhat.com>
Red Hat, Inc., Embedded Development Services | Phone: +1.256.704.9286
307 Wynn Drive NW, Huntsville, AL 35805 USA | FAX: +1.236.837.3839
Senior Software Developer | Mobile: +1.919.641.2923
PinkFreud
> Date: Mon, 22 Oct 2001 18:30:38 -0200 (BRST)
> From: Rik van Riel <ri...@conectiva.com.br>
> To: PinkFreud <pf-k...@mirkwood.net>
> Cc: linux-...@vger.kernel.org
> Subject: Re: Linux 2.2.20pre10
>
> On Mon, 22 Oct 2001, PinkFreud wrote:
>
> > You're preaching to the choir here. By withholding these
> > changes from US citizens, you're not going to pressure any
> > politicians.
>
> Pressuring US politicians is a job for US citizens.
Yep. I agree.
> Why are you asking Alan to risk prison _and_ pressure
> US politicians? That's something you, as a resident
> of the USA, should be doing yourself.
I never said that. I merely pointed out that most US citizens on this
list know what the DMCA really stands for, and are, in all likelyhood
doing something, no matter how small, about it. Why pressure us, when
most of us are undoubtedly aware of the problem?
As for risking jail, I point out again that the DMCA has never stopped him
before. I recognize that the Skylarov case has him scared - and I don't
blame him. Howver, Alan has already announced his intentions not to enter
the US until the DMCA is repealed. What do you think is going to happen -
Bush sends the military out to bomb his house?
Sorry, that was in bad taste, I know. But I am trying to make a point
here. There's not much the US can do without him entering the country,
and he doesn't plan on doing so. What annoys me, however, is suppressing
security information from US citizens just because a few moronic
politicians have their heads permanently shoved up their asses.
Seems to me Alan is just adding to the problem.
> Rik
> --
Mike Edwards
Brainbench certified Master Linux Administrator
http://www.brainbench.com/transcript.jsp?pid=158188
-----------------------------------
Unsolicited advertisments to this address are not welcome.
-
Steve Brueggeman
If the goverment can't get 'em with a frontal attack, then sneak up
from behind when they're not looking.
Has anyone heard if Bill Gates has left the country yet????
Sorry, but if no-one else can stop themselves from posting off topic,
why should I???
Personally, I disagree with Alan's position, but what can I do... I
didn't vote for him. Maybe a letter or two of protest is in order...
Let's see, how much does it cost to ship a hundred or so letters from
the states to the UK???
On Mon, 22 Oct 2001 21:58:58 +0200 (MEST), you wrote:
>
>
>> How about those European sites that made strong encryption available
>> to circumvent the US export restrictions on encryption technology? I
>> never heard of the FBI raiding any of them.
>
>
>There is one important difference there: Publishing ecryption outside
>the US was and is completely legal (apart from stupid local rules).
>
>In the case of the DMCA, it has been shown that someone who publishes
>a "circumvention device" outside the US can be arrested once in the
>US.
>
>In this case "the bug" could be labelled "circumvention device":
>Suppose the bug is a "remote buffer overflow" (*) then if you have
>copyrighted info on your server which is programmed so that that
>non-paying people can't access the copyrighted material. Someone with
>knowledge of the bug will be able to break in an access the
>copyrighted material.
>
>Anyone who publishes the bug risks getting arrested if they set foot
>in the US.
>
> Roger.
>
>(*) It probably isn't.
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
Alan Cox
> > "Until they become conscious they will never rebel, and until after
> > they have rebelled they cannot become conscious."
>
> While I've been generally saddened by Alan Cox's and others
> anti-America attitude, I am somewhat surprised to find that
> Alan believes the US bombing of Afghanistan is justified and so
> is the collateral damage as they call it.
That quote is rather older than the US bombing of Afghanistan. You read
totally inappropriate things into it.
Richard B. Johnson
> > United States government gained a toe-hold in the schools in the
> > 1948 "School Lunch Program", the result was clear and the future
> > certain. Now we have socialist teachers teaching future socialist
> > legislators.
>
> I think that you need to learn the difference between socialism and
> stalinist statism - what you are describing is the USSR, which was of
> course the other major state that imprisoned people for wanting to make
> copies as part of free speech, and which controlled copying devices with
> laws.
>
Sorry. I got confused. With the government reading everything we
type, I tend to get the countries mixed.
Cheers,
Dick Johnson
Penguin : Linux version 2.4.1 on an i686 machine (799.53 BogoMips).
I was going to compile a list of innovations that could be
attributed to Microsoft. Once I realized that Ctrl-Alt-Del
was handled in the BIOS, I found that there aren't any.
Torrey Hoffman
> So, then, just to satisfy my curiosity, how long until users
> of Linux in
> the U.S.A. will no longer be allowed to download new kernels?
If (hopefully not when!) the SSSCA passes. Personally, I'm making
plans to get out of the US if that happens.
> After all, all it would really take for one of us to find out what was
> fixed is to download this patch and go through it line by line, and
> examine the context of the changes.
> Or are we no longer allowed to look at the sources either?
Of course you can look at the sources. So ** YOU ** can go through
the patches, figure out exactly what the security flaws were, create
a detailed description, and post it on a web page or on this list.
Then ** YOU ** are the one who might get sued under the DMCA.
Why should Alan take the risk?
> I'm really confused by this gesture. You're talking about
I don't think it is primarily a gesture. Obviously Alan is taking
a somewhat extreme position, probably (partly) to make a point, but
there are REAL issues here. (IANAL either, of course.)
To spell it out:
1. The security flaws were in userid and other kernel subsystems.
2. These kernel systems could be used to protect copyrighted data -
for example, perhaps some on-line music company uses Linux
servers to store the music.
3. Instructions on how to check for (i.e. exploit) the flaw may
constitute an illegal copy control circumvention device.
Why? Well, perhaps if you know the details, you could use
them to hack on-line music servers, and download music for
free, or without the DRM locks on it. It really isn't
difficult to come up with a plausible example.
4. Presenting detailed information like this, together with sample
code, is basically what Dimitri Skylarov was arrested for.
4b. You are not safe even if you never visit the US.
5. Dimitry is still awaiting trial and faces (at worst) ~20 years
in jail and tens of thousands of dollars in fines, merely for
explaining how lousy the security is on some software intended
to protect copyrighted content.
6. Therefore, as I see it, Alan wisely is avoiding even coming
close to that.
Do you really have a problem with that? I think it's very prudent.
The source code or patch itself is a FIX, it cannot be construed
as a circumvention device. (compare to information about the holes,
which includes shell script for sample exploits, etc.)
> I guess I was wrong about the Linux kernel being Open Source
> and freely available and distributable.
Calm down, you are getting your knickers in a knot over something
that is not Alan's fault.
Torrey Hoffman
Jussi Laako
>
> The worst that could happen is that the US cripples
> itself by not allowing the kernel hackers outside the
> US to publish security info to people in the US, but
> only to the rest of the world.
Unless they pressure foreign governments to make similar laws as we have
seen with Wassenaar arrangement and few other cases...
- Jussi Laako
--
PGP key fingerprint: 161D 6FED 6A92 39E2 EB5B 39DD A4DE 63EB C216 1E4B
Available at PGP keyservers
Tom Sightler
the
> > weakness of the code, his company actively sold a product for financial
gain
> > that circumvented the protection. While I still don't think the
Sklyarov
>
> The Felten case is the more relevant one.
OK, I need even more help here. Isn't it Felten the one doing the suing in
that case. I need more clarification. I've tried to read both the EFF
pages as well as other sources and I don't even see where he has been sued
under the DMCA (although it does look like he was theatened with legal
action from the RIAA). Has there been a recent ruling that I've been too
busy to see lately.
Thanks,
Tom
Wayne...@altec.com
As the person who first brought Iraq into this thread, I have to say this: If
you think I was comparing the US to Iraq then you're mistaken. I was merely
pointing out Iraq (semi-jokingly) as an example of a country that would not care
about enforcing US laws.
Wayne
Alan Cox <al...@lxorguk.ukuu.org.uk> on 10/22/2001 03:28:38 PM
To: tud...@pikka.net (Tudor Bosman)
cc: linux-...@vger.kernel.org (linux-...@vger.kernel.org) (bcc: Wayne
Brown/Corporate/Altec)
Subject: Re: Linux 2.2.20pre10
> 1. A description of a security hole is constitutionally protected
> speech, and as such cannot be construed as violating the sections of the
> DMCA. If such description fits the definition of "technology, product,
> service, device, component, or part thereof", then we're in big trouble,
> because source code itself is much closer to the definition of a
> "product" than a description of the source code.
I firmly believe that if justice prevails in the existing DMCA cases you
will be shown to be right. I've seen people compare the US to Iraq and
I don't buy that.
However until people stop shooting I'd prefer not to be a potential target.
Alan
Rik van Riel
> However, I think it's fair to say that the production and distribution
> of complete changelogs, such that all users have access to them, is an
> important part of the job of being the official maintainer for a
> project, especially such an important project as the stable branch of
> the Linux kernel.
Maybe Alan will allow publishing of the changelogs on
http://thefreeworld.net/ ?
> From the statistics I've seen in the past, a high percentage of
> Linux users are US residents.
If they're unhappy with the consequences of US law, they
should move.
> Perhaps you should step down.
Alan is doing an absolutely fantastic job of maintaining
the kernel, I see absolutely no reason why he should stop
doing that.
If you want the changelogs for the kernel published in
the US, why don't you publish them, under your name and
your full responsability ?
regards,
Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)
http://www.surriel.com/ http://distro.conectiva.com/
-
Tom Sightler
> > > Everyone wants to bring up the Sklyarov case, but he didn't just
expose the
> > > weakness of the code, his company actively sold a product for
financial gain
> > > that circumvented the protection. While I still don't think the
Sklyarov
> > The Felten case is the more relevant one.
>
Not forgotten, just trying to understand relevance. How do these cases,
which all revolve around breaking commercial products and cause damage to
the corporations that push them, apply to security in the open source Linux
kernel to which the public is given all rights.
BTW, I'm not for the DMCA either, I understand the harm it causes, what I
don't understand is how people are twisting it to apply to Linux source code
and security issue. Is Microsoft also in violation of the DMCA? In some
cases they release security details on the issues their updates address. If
so perhaps we should all sue Microsoft for damages and by tomorrow the law
will be repealed.
Later,
Tom
Craig Dickson
> However until people stop shooting I'd prefer not to be a potential
> target.
Mr. Cox,
I understand your concern for your own safety, though I disagree with
your evaluation of the danger in this case.
However, I think it's fair to say that the production and distribution
of complete changelogs, such that all users have access to them, is an
important part of the job of being the official maintainer for a
project, especially such an important project as the stable branch of
the Linux kernel.
So it sounds to me like what you're really saying is that you are
unwilling to take the risks that, under the current circumstances, you
perceive as an unavoidable part of the task of maintaining the kernel.
I don't buy the argument you seem to be implying, that you can fulfil
your responsibilities as kernel maintainer by making this information
available in such a way that US residents cannot obtain it. From the
statistics I've seen in the past, a high percentage of Linux users are
US residents. It is surely unreasonable to suggest that withholding
information from all those people is compatible with being the official
kernel maintainer.
You are aware, no doubt, that Linus Torvalds is currently resident in
the US. If you are unable to give him complete changelogs and
explanations of the patches you submit to him, I can't imagine how you
could continue to perform effectively as a Linux kernel developer.
Perhaps you should step down. This would not only be the honest and
honorable thing to do, if you truly believe that distributing changelogs
to the US would place you in legal jeopardy, but it would also be a far
more dramatic act of protest than merely censoring changelogs.
Respectfully,
Craig Dickson
D. Stimits
>
> "D. Stimits" <sti...@idcomm.com> writes:
>
> > In one location, I see senator Hollings listed as party
> > "Democrat-Disney". Disney is another spot to boycott, they are trying to
> > have Linux and open source o/s's declared illegal to even touch
> > copyright media...not as a web server, a home machine, or anything (say
> > bye to IBM's Linux efforts). I think the vote for this killer SSSCA is
> > somewhere around the 25th of this month, so you better hurry.
>
> Committee hearings, not a vote.
Even better...as much influence against Disney and politicians that
support SSSCA should be put in as soon as possible. Would you rather
have your input a few days before a final vote, or while minds could
still be open? SSSCA is more dangerous than the Taliban, all the Taliban
can kill are people...SSSCA can kill more than that.
D. Stimits, sti...@idcomm.com
>
> -Doug
> --
> Let us cross over the river, and rest under the shade of the trees.
> --T. J. Jackson, 1863
D. Stimits
>
> On Mon, 22 Oct 2001, PinkFreud wrote:
>
> > You're preaching to the choir here. By withholding these
> > changes from US citizens, you're not going to pressure any
> > politicians.
>
> Pressuring US politicians is a job for US citizens.
NO! US citizens should provide the most pressure, but thinking that
nations which the USA trades with and is partners with have no influence
is plain wrong. To state only citizens of USA can help means that you
truly believe the USA is an island untouched by the world around it. You
can't fight this from jail, but you don't have to be a USA citizen to
bring to light the shear stupidity of some US law. Sometimes a foreign
country has more influence in shouting about the wrong doings than do US
citizens...the political point of information input is different, all
angles are required. You don't have to be responsible for a problem in
order to be able to help solve it.
D. Stimits, sti...@idcomm.com
>
> Why are you asking Alan to risk prison _and_ pressure
> US politicians? That's something you, as a resident
> of the USA, should be doing yourself.
>
> Rik
> --
> DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)
>
> http://www.surriel.com/ http://distro.conectiva.com/
>
Dan Hollis
> If so perhaps we should all sue Microsoft for damages and by tomorrow the law
> will be repealed.
You cant sue microsoft -- you waive all rights to damages with the
shrinkwrap licenses.
-Dan
--
[-] Omae no subete no kichi wa ore no mono da. [-]
-
Gerhard Mack
> > So, then, just to satisfy my curiosity, how long until users of Linux in
> > the U.S.A. will no longer be allowed to download new kernels?
>
> Potentially about 12 months after the SSSCA is passed. At which point you may
> well find only a binary only OS with enforced copy management is legal in
> the USA.
>
> > I guess I was wrong about the Linux kernel being Open Source and freely
> > available and distributable.
>
> It is, subject to the law of the various countries concerned.
>
> Alan
Has it become time for a non-us.vger.kernel.org ??
--
Gerhard Mack
<>< As a computer I find your faith in technology amusing.
ogd...@mail.usask.ca
I usually try not to speak unless I have something relevant to say but I
must say I am growing tired of the "United States is the center of the
world" doctrine. Linux is free for you to change so sit down and publish
your own changelogs if you can. Either that or shut up.
Ognen
On Mon, 22 Oct 2001, Craig Dickson wrote:
> Alan Cox wrote:
>
> > However until people stop shooting I'd prefer not to be a potential
> > target.
>
> Mr. Cox,
>
> I understand your concern for your own safety, though I disagree with
> your evaluation of the danger in this case.
>
[a lot of unnecessary crap snipped]
> Respectfully,
>
> Craig Dickson
Craig Dickson
> I usually try not to speak unless I have something relevant to say
Well, nobody's perfect.
> but I
> must say I am growing tired of the "United States is the center of the
> world" doctrine.
Nothing I've said reflects or, to a sensible person, suggests such a
doctrine. The US may not be the center of the world, or the most
important country in it, but it's no less important than any other
nation.
> Linux is free for you to change so sit down and publish
> your own changelogs if you can. Either that or shut up.
I'll try to pretend we're having a rational discussion here, despite
your last sentence.
So are you saying that you don't agree that publishing complete
changelogs should be considered an essential duty of the kernel
maintainer?
Craig
Tom Sightler
> > Linux users are US residents.
>
> should move.
Laws don't get changed by people moving, they get changed working to get
them changed.
> > Perhaps you should step down.
>
> Alan is doing an absolutely fantastic job of maintaining
> the kernel, I see absolutely no reason why he should stop
> doing that.
I agree with that, I wouldn't want to see this happen either.
> If you want the changelogs for the kernel published in
> the US, why don't you publish them, under your name and
> your full responsability ?
I would gladly publish them on my site, however, I'm unsure how I could get
them, and I unfortunately don't have the skill to completely understand them
from only the source. If someone can help me with this I'll be glad to
provide the space.
Also, shouldn't some company with Linux interest be willing to take on this
risk? Say, Redhat or IBM.
Later,
Tom
Bob Glamm
> > of complete changelogs, such that all users have access to them, is an
> > important part of the job of being the official maintainer for a
> > project, especially such an important project as the stable branch of
> > the Linux kernel.
>
> > Linux users are US residents.
>
> If they're unhappy with the consequences of US law, they
> should move.
From the comments I've seen, there are a number of people considering
just this option should those laws be passed & stand up in the Supreme
Court. I know I'm one of them.
Perhaps that could be used as a point of pressure against those
proposing these laws: that a significant number of smart people that
generate the intellectual property (and hence revenue) of a variety of
companies will leave the US and generate IP & revenue for foreign
(read: competing) firms ;)
-Bob
Rik van Riel
>
> > Maybe Alan will allow publishing of the changelogs on
> > http://thefreeworld.net/ ?
>
> US citizens couldn't get at them. That's simply not acceptable.
It's perfectly fine with me ;)
> Now, if he backs off to simply not including them in email, but
> publishing them on a non-US website that is freely accessible to
> Americans, that might be a reasonable compromise.
We're working on implementing access control for
thefreeworld.net so the classified content won't
be available for citizens and inhabitants of the
USA.
This is done so we won't be liable for publishing
things to the USA which would be illegal there.
> Alan has done a great many wonderful things for the kernel, and
> it would indeed be very sad if he could not continue to do so.
> However, if he's unwilling to do the job completely, making
> changelogs and all other public information available without
> restrictions, then he is no longer doing a very important part
> of his job, and someone else should take over.
So if the SSSCA gets approved and open source is outlawed
(because only software with 'approved security measures'
is allowed) Linux should stop entirely ?
I don't agree that one US law, which hurts US citizens,
should also hurt the rest of the world. It's your country,
it's your law, it should only hurt you...
regards,
Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)
http://www.surriel.com/ http://distro.conectiva.com/
-
Craig Dickson
> Maybe Alan will allow publishing of the changelogs on
> http://thefreeworld.net/ ?
Earlier today he said he wanted to put them online in a way that US
citizens couldn't get at them. That's simply not acceptable. Now, if he
backs off to simply not including them in email, but publishing them on
a non-US website that is freely accessible to Americans, that might be a
reasonable compromise.
> > From the statistics I've seen in the past, a high percentage of
> > Linux users are US residents.
>
> If they're unhappy with the consequences of US law, they
> should move.
That sort of remark doesn't merit a response. Particularly since, in
this case, the argument rests on a delusional reading of the DMCA, as
has been argued elsewhere in this thread. I don't defend the DMCA at
all, but let's stick to reality here. It's silly to suggest that Alan
is at any risk of prosecution by publishing a changelog.
> > Perhaps you should step down.
>
> Alan is doing an absolutely fantastic job of maintaining
> the kernel, I see absolutely no reason why he should stop
> doing that.
Alan has done a great many wonderful things for the kernel, and it would
indeed be very sad if he could not continue to do so. However, if he's
unwilling to do the job completely, making changelogs and all other
public information available without restrictions, then he is no longer
doing a very important part of his job, and someone else should take
over.
Again, remember that Linus himself is living in the US. How can Alan
submit security-related patches to Linus, and explain why they're needed,
without (as Alan sees it) risking prosecution under the DMCA?
> If you want the changelogs for the kernel published in
> the US, why don't you publish them, under your name and
> your full responsability ?
If Alan isn't allowing US residents access to the changelogs, then it's
quite impossible for me to do as you suggest; I can't publish what I
don't have.
Craig
Bill Davidsen
> On Mon, 22 Oct 2001, bill davidsen wrote:
>
> > And who will be maintaining the world and us-castrated kernel
> > source? I can't imagine anything worse for the security of this
> > country than not allow computer users access to security issues.
>
> Don't worry, there are more than enough kernel hackers
> outside of the US to keep maintaining the kernel.
Last I heard Linus was in the USA, his not being able to participate in
security discussions worries me very much. Ditto Redhat and IBM.
--
bill davidsen <davi...@tmr.com>
CTO, TMR Associates, Inc
Doing interesting things with little computers since 1979.
Sam Varshavchik
> Why not take that a step further? It would seem to me that your
> insane interpretation of that insane law would mean that unix and it's
> derivatives (Linux, anyone?) would be illegal to use as well.
Only partially correct. Linux will certainly be illegal under SSSCA.
Read it. UNIX is not. And there's nothing insane about it. That's what
the proposed bill says.
> Please don't tell me you woke up this morning and had a sudden attack of
> conscience that you were violating US law. You've posted such changes
Perhaps a sudden realization, would be more like it.
--
Sam
Rik van Riel
> So are you saying that you don't agree that publishing complete
> changelogs should be considered an essential duty of the kernel
> maintainer?
OK, I'll bite.
If publishing changelogs would be illegal in, say, the USA,
should Linux development be stopped ?
Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)
http://www.surriel.com/ http://distro.conectiva.com/
-
Dan Hollis
> Last I heard Linus was in the USA, his not being able to participate in
> security discussions worries me very much. Ditto Redhat and IBM.
I wonder if Linus has an exit-usa plan in case the SSSCA passes.
If the SSSCA does pass, Linus would be in extreme danger.
-Dan
--
[-] Omae no subete no kichi wa ore no mono da. [-]
-
Rik van Riel
> > If publishing changelogs would be illegal in, say, the USA, should Linux
> > development be stopped ?
>
> If the SSSCA gets passed that's not an impossible scenario... (more
> likely it'll just become unavailable in the US).
Oh, I'm absolutely certain that Linux development will continue
but Linux just won't be available to people in the US any more.
If people are truly uncomfortable with it, they should prevent
the SSSCA from becoming a law.
regards,
Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)
http://www.surriel.com/ http://distro.conectiva.com/
-
og...@gene.pbi.nrc.ca
> doctrine. The US may not be the center of the world, or the most
> important country in it, but it's no less important than any other
> nation.
...or all nations except it?
Most of what you said implied exactly that. You even indicated some
statistics.
> So are you saying that you don't agree that publishing complete
> changelogs should be considered an essential duty of the kernel
> maintainer?
I am saying that if the laws of your country are to blame for you not
being able to obtain something, the maintainer cant help it. But he sure
doesnt have to step down especially since he has been doing a great job.
Ognen
Craig Dickson
> So if the SSSCA gets approved and open source is outlawed
> (because only software with 'approved security measures'
> is allowed) Linux should stop entirely ?
Nobody's suggesting that. But as long as the source code is available in
the US, changelogs should also be available. I mean, let's be serious
here. Kernel changelogs are NOT cookbooks for security exploits.
Problems generally aren't described in anywhere near enough detail that
anyone less than a kernel wizard could even figure out the exploit based
on the changelog's description of the fix. So it's nonsensical to
suggest that the source code is distributable without fear of
prosecution, but somehow the changelog isn't.
If the source code itself somehow becomes illegal, or if Alan can talk
Linus into placing a geographical restriction on the distribution of
Linux (which, as the trademark and copyright owner, would be within his
rights), then the changelog issue will be moot.
I really would like to see Linus comment on this. As a US resident, as
the owner of the Linux trademark, and as the development-branch leader
of kernel development, he's taking every "risk" Alan is, and more,
because he's here where the FBI could arrest him if it wanted to, while
Alan is thousands of miles away. So far, Linus has shown no indication,
AFAIK, that he intends to censor his changelogs. Why not? Is he truly
heedless of his own safety, or is he just too sensible to freak out
over such an implausible scenario?
Craig
D. Stimits
>
> > > However, I think it's fair to say that the production and distribution
> > > of complete changelogs, such that all users have access to them, is an
> > > important part of the job of being the official maintainer for a
> > > project, especially such an important project as the stable branch of
> > > the Linux kernel.
> >
> > > Linux users are US residents.
> >
> > If they're unhappy with the consequences of US law, they
> > should move.
>
> just this option should those laws be passed & stand up in the Supreme
> Court. I know I'm one of them.
Too bad the option only applies to people with enough money to relocate.
D. Stimits, sti...@idcomm.com
>
> Perhaps that could be used as a point of pressure against those
> proposing these laws: that a significant number of smart people that
> generate the intellectual property (and hence revenue) of a variety of
> companies will leave the US and generate IP & revenue for foreign
> (read: competing) firms ;)
>
> -Bob
Kilobug
>>I never said that Alan, or any particular individual, should
>>risk a lawsuit or jail. I simply said that I hoped *someone
>>outside the US* (that is, someone not subject to US laws) would
>>make the information available.
>>
>
> If you publish to the US, you can be sued under US law.
>
Ok, so mail me the security-related informations at
kil...@club-internet.fr, it's in France so you can, and I'll forward them.
I don't plan to go to the US a day or another (I won't go to any country
that use death penalty, for moral and political reasons), and so I don't
fear their DMCA.
--
** Gael Le Mignot, Ing3 EPITA, Coder of The Kilobug Team **
Home Mail : kil...@freesurf.fr Work Mail : le-m...@epita.fr
GSM : 06.71.47.18.22 (in France) ICQ UIN : 7299959
Web : http://kilobug.freesurf.fr or http://drizzt.dyndns.org
"Software is like sex it's better when it's free.", Linus Torvalds