RE: Linux 2.2.20pre10

Leif Sawyer (lsawyer@gci.com)
Mon, 22 Oct 2001 14:20:23 -0800


> Rik van Riel responds to:
> On Mon, 22 Oct 2001, Craig Dickson wrote:
> > Rik van Riel wrote:
> >
> > > Maybe Alan will allow publishing of the changelogs on
> > > http://thefreeworld.net/ ?
> >
> > Earlier today he said he wanted to put them online in a way that
> > US citizens couldn't get at them. That's simply not acceptable.
>
> It's perfectly fine with me ;)
>
> > Now, if he backs off to simply not including them in email, but
> > publishing them on a non-US website that is freely accessible to
> > Americans, that might be a reasonable compromise.
>
> We're working on implementing access control for
> thefreeworld.net so the classified content won't
> be available for citizens and inhabitants of the
> USA.
>
> This is done so we won't be liable for publishing
> things to the USA which would be illegal there.
>
> > Alan has done a great many wonderful things for the kernel, and
> > it would indeed be very sad if he could not continue to do so.
> > However, if he's unwilling to do the job completely, making
> > changelogs and all other public information available without
> > restrictions, then he is no longer doing a very important part
> > of his job, and someone else should take over.
>
> So if the SSSCA gets approved and open source is outlawed
> (because only software with 'approved security measures'
> is allowed) Linux should stop entirely ?
>
> I don't agree that one US law, which hurts US citizens,
> should also hurt the rest of the world. It's your country,
> it's your law, it should only hurt you...

Now i'm completely mystified. Since I'm a member of BugTraq,
I get full disclosure of the bugs that make it there.

Including the recent kernel bugs.

Since I'm in the position to see the problem before the solution,
I'd be happy to repost a summary of security-related changes
to vger, provided of course that I'm able to correlate the changes
with the advisories posted on BugTraq.

Of course, if Alan wanted to cc me on the kernel updates with the full
text of the changes, or if I had access to this new website, I'd still
be willing to repost.

Once a security issue is published to the global internet community
(via BugTraq, vger, or any other method) with regards to the open-source
componant of the linux kernel (i can't speak for non-GPL'd stuff of course)
in a manner consistant with full-disclosure, then I see no legal issue
with posting information that informs users of what fixes are made.

--
Leif Sawyer   --  Pi@4398680
leif@gci.net  ||  lsawyer@gci.com  ||  internic: LS2540 
(907) 868 - 0116   ||  ICQ - 3749190  || http://home.gci.net/~leif
Network & Security Engineer -- General Communication Inc.
PGP Fingerprint: 77 C8 34 B8 FD BC C6 32  5F FE 93 4B AE 6C F7 4E
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GAT d+ s: a C+++(++)$ US++++$ UL++++$ P+++ L++(+++) E---
W+++ N+ o+ K w O- M- V PS+ PE Y+ PGP(+) t+@ 5- X R- tv b++(+++)
DI++++ D++ G+ e(+)* h-- r++ y+ PP++++ HH++++ A19 NT{--}
------END GEEK CODE BLOCK------
Decode it! http://www.ebb.org/ungeek/

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/