2001-10-22 10:15:23

by Alan Cox

[permalink] [raw]
Subject: Linux 2.2.20pre10

Things took a bit longer than intended with various security fixes needing to
be done. If this tree tests out ok it will be 2.2.20

2.2.20pre11
o Security fixes
| Details censored in accordance with the US DMCA
o Sparc updates (Dave Miller)
o Add escaped usb hot plug config item (Ryan Maple)
o Fix eepro10 driver problems (Aris)
o Make request_module return match 2.4 (David Woodhouse)
o Update SiS900 driver (Hui-Fen Hsu)
o Update ver_linux to match 2.4 (Steven Cole)
o Final isdn fixups for 2.2 (Kai Germaschewski)
o scsi tape fixes from 2.4 (Kai M?kisara)
o Update credits entry (Henrik Storner)
o Fix scc driver hang case (Jeroen)
o Update credits entry (Dave Jones)
o Update FAT documentation (Hirokazu Nomoto)
o Small net tweaks (Dave Miller)
o Fix cs89xx abuse of skb->len (Kapr Johnik)

2.2.20pre10
o Update the gdth driver (Achim Leubner)
o Fix prelink elf loading in 2.2 (Jakub Jelinek)
o 2.2 lockd fixes when talking to HP/UX (Trond Myklebust)
o 3ware driver update (Adam Radford)
o hysdn driver update (Kai Germaschewski)
o Backport via rhine fixes (Dennis Bjorklund)
o NFS client fixes (Trond Myklebust, Ion Badulescu,
Jim Castleberry, Crag I Hagan.
Adrian Drzewiecki)
o Blacklist TEAC PD-1 to single lun (Wojtek Pilorz)
o Fix null request_mode return (David Woodhouse)
o Update credits entry (Fernando Fuganti)
o Fix sparc build with newer binutils (Andreas Jaeger)
o Starfire update (Ion Badulescu)
o Remove dead USB files (Greg Kroah-Hartmann)
o Fix isdn mppp crash case (Kai Germaschewski)
o Fix eicon driver (Kai Germaschewski)
o More pci idents (Andreas Tobler)
o Typo fix (Eli Carter)
o Remove ^M's from some data files (Greg Kroah-Hartmann)
o 64bit cleanups for isdn (Kai Germaschewski)
o Update isdn certificates (Kai Germaschewski)
o Mac update for sysrq (Ben Herrenschmidt)

2.2.20pre9
o Document ip_always_defrag in proc.txt (Brett Eldrige)
o Update S/390 asm for newer gcc (Ulrich Weigand
o Update S/390 documentation Carsten Otte
o Update s390 dump too and co)
o Update s/390 dasd to match 2.4
o Backport s/390 tape driver from 2.4
o FDDI bits for s/390
o Updates for newer pmac laptops (Tom Rini)
o AMD760MP support (Johannes Erdfelt)
o Fix PPC oops on media change (Tom Rini)
o Fix some weird but valid input combinations (Tom Rini)
on PPC
o Add additional checks to irc dcc masquerade (Juanjo Ciarlante,
Michal Zalewski)
o Update 2.2 ISDN maintainer (Kai Germaschewski)
o Fix 3c505 with > 16Mb of RAM (Paul)
o Bring USB into sync with 2.4.7 (Greg Kroah-Hartmann)

2.2.20pre8
o Merge DRM fixes from 2.4.7 tree (me)
o Merge sbpcd fixes from 2.4.7 tree
o Merge moxa buffer length check
o Merge bttv clip length check
o Merge aha2920 shared irq from 2.4.7 tree
o Merge MTWEOF fix from 2.4.6 tree
o Merge serverworks AGP from 2.4.6 tree
o Merge sbc60xxx watchdog fixes from 2.4.6
o Merge lapbether fixes from 2.4.6
o Merge bpqether fixes from 2.4.6
o Merge scc fixes from 2.4.6
o Merge lmc memory leak fixes from 2.4.6
o Merge sm_wss fixes from 2.4.6
o Resync AGP support with 2.4.6
o Merge epca fixes from 2.4.5
o Merge riscom8 fixes from 2.4.5
o Merge softdog fixes from 2.4.5
o Merge specialix fixes from 2.4.5
o Merge wdt/wdt_pci fixes from 2.4.5
o ISDN cisco hdlc fixes (Kai Germaschewski)
o ISDN timer fixes (Kai Germaschewski)
o isdn minor control change backport (Kai Germaschewski)
o Backport ELCR MP 1.1 config/PCI routing stuff (John William)
o Backport isdn ppp fixes from 2.4 (Kai Germaschewski)
o Backport isdn_tty fixes from 2.4 (Kai Germaschewski)
o eicon cleanups (Armin Schindler)
| Armin can you double check the clashes were ok
o Fix an ntfs oops (Anton Altaparmakov)
o Fix arp null neighbour buglet (Dave Miller)
o Update sparc version strings, pci fixups (Dave Miller)
o Define CONFIG_X86 in 2.2 as well as 2.4 (Herbert Xu)
o Configure.help cleanups (Steven Cole)
o Add MODE_SELECT_10 to qlogic fc table (Jeff Andre)
o Remove dead oldproc variable (Dave Miller)
o Update starfire driver for 2.2 (Ion Badulescu)
o 8139too driver update (Jens David)
o Assorted race fixes for binfmt loaders (Al Viro)
o Update Alpha support for older boxes (Jay Estabrook)
o ISDN bsdcomp/ppp compression fixes (Kai Germaschewski)

2.2.20pre7
o Merge rose buffer management fixes (Jean-Paul Roubelat)
o Configure.help updates (Steven Cole)
o Add Steven Cole to credits (Steven Cole)
o Update kbuild list info (Michael Chastain)
o Fix slab.c doc typo (Piotr Kasprzyk)
o Lengthen parport probe timeout (Jean-Luc Coulon)
o Fix vm86 cleanup (Stas Sergeev)
o Fix 8139too build bug (J?rgen Zimmermann)
o Fix slow 8139too performance (Oleg Makarenko)
o Sparc64 exec fixes (Solar Designer)

2.2.20pre6
o Merge all the pending ISDN updates (Kai Germaschewski)
| These are sizable changes and want a good testing
o Fix sg deadlock bug as per 2.4 (Douglas Gilbert)
o Count socket/pipe in quota inode use (Paul Menage)
o Fix some missing configuration help texts (Steven Cole)
o Fix Rik van Riel's credits entry (Rik van Riel)
o Mark xtime as volatile in extern definition (various people)
o Fix open error return checks (Andries Brouwer)

2.2.20pre5
o Fix a patch generation error, replaces 2.2.20pre4 which is
wrong on ad1848

2.2.20pre4
o Fix small corruption bug in 82596 (Andries Brouwer)
o Fix usb printer probing (Pete Zaitcev)
o Fix swapon/procfs race (Paul Menage)
o Handle ide dma bug in the CS5530 (Mark Lord)
o Backport 2.4 ipv6 neighbour discovery changes (Dave Miller)
o FIx sock_wmalloc error handling (Dave Miller)
o Enter quickack mode for out of window TCP data (Andi Kleen)
o Fix Established v SYN-ACK TCP state error (Alexey Kuznetsov)
o Sparc updates, ptrace changes etc (Dave Miller)
o Fix wrong printk in vdolive masq (Keitaro Yosimura)
o Fix core dump handling bugs in 2.2 (Al Viro)
o Update hdlc and synclink drivers (Paul Fulghum)
o Update netlink help texts (Magnus Damm)
o Fix rtl8139 keeping files open (Andrew Morton)
o Further sk98 driver updates. fix wrong license (Mirko Lindner)
text in files
o Jonathan Woithe has moved (Jonathan Woithe)
o Update cpqarray driver (Charles White)
o Update cciss driver (Charles White)
o Don't delete directories on an fs that reports (Ingo Oeser)
then 0 size when doing distclean
o Add support for the 2.4 boot extensions to 2.2 (H Peter Anvin)
o Fix nfs cache locking corruption on SMP (Craig Hagan)
o Add missing check to cdrom readaudio ioctl (Jani Jaakkola)
o Fix refclock build with newer gcc (Jari Ruusu)
o koi8-r fixes (Andy Rysin)
o Spelling fixes for documentation (Andries Brouwer)

2.2.20pre3
o FPU/ptrace corruption fixes (Victor Zandy)
o Resync belkin usb serial with 2.4 (Greg Kroah-Hartmann)
o Resync digiport usb serial with 2.4 (Greg Kroah-Hartmann)
o Rsync empeg usb serial with 2.4 (Greg Kroah-Hartmann)
o Resync ftdi_sio against 2.4 (Greg Kroah-Hartmann)
o Bring keyscan usb back into line with 2.4 (Greg Kroah-Hartmann)
o Resync keyspan_pda usb with 2.4 (Greg Kroah-Hartmann)
o Resync omninet usb with 2.4.5 (Greg Kroah-Hartmann)
o Resync usb-serial driver with 2.4.5 (Greg Kroah-Hartmann)
o Resync visor usb driver with 2.4.5 (Greg Kroah-Hartmann)
o Rsync whiteheat driver with 2.4.5 (Greg Kroah-Hartmann)
o Add edgeport USB serial (Greg Kroah-Hartmann)
o Add mct_u232 USB serial (Greg Kroah-Hartmann)
o Update usb storage device list (Stas Bekman, Kaz Sasayma)
o Bring usb acm driver into line with 2.4.5 (Greg Kroah-Hartmann)
o Bring bluetooth driver into line with 2.4.5 (Greg Kroah-Hartmann)
o Bring dabusb driver into line with 2.4.5 (Greg Kroah-Hartmann)
o Bring usb dc2xx driver into line with 2.4.5 (Greg Kroah-Hartmann)
o Bring mdc800 usb driver into line with 2.4.5 (Greg Kroah-Hartmann)
o Bring rio driver into line with 2.4.5 (Greg Kroah-Hartmann)
o Bring USB scanner drivers into line with 2.4.5 (Greg Kroah-Hartmann)
o Update ov511 driver to match 2.4.5 (Greg Kroah-Hartmann)
o Update PCIIOC ioctls (esp for sparc) (Dave Miller)
o General sparc bugfixes (Dave Miller)
o Fix possible oops in fbmem ioctls (Dave Miller)
o Fix reboot/halt bug on "Alcor" Alpha boxes (Tom Vier)
o Update osst driver (Willem Riede)
o Fix syncppp negotiation bug (Bob Dunlop)
o SMBfs bug fixes from 2.4 series (Urban Widmark)
o 3ware IDE raid driver updates (Adam Radford)
o Fix incorrect use of bitops on non long types (Dave Miller)
o Fix reboot/halt bug on 'Miata' Alpha boxes (Tom Vier)
o Update Tim Waugh's contact info (Tim Waugh)
o Add TIOCGSERIAL to sun serial on PCI sparc32 (Lars Kellogg-Stedman)
o ov511 check user data more carefully (Marc McClelland)
o Fix netif_wake_queue compatibility macro (Andi Kleen)

2.2.20pre2
o Fix ip_decrease_ttl as per 2.4 (Dave Miller)
o Fix tcp retransmit state bug (Alexey Kuznetsov)
o Fix a few obscure sparc tree bugs (Dave Miller)
o Fix fb /proc bug and OF fb name size bug (Segher Boessenkool)
o Fix complie with CONFIG_INTEL_RNG=y (Andrzej Krzysztofowicz)
o Fix rio driver when HZ!=100 (Andrzej Krzysztofowicz)
o Stop 3c509 grabbing other EISA boards (Andrzej Krzysztofowicz)
o Remove surplus defines for root= names (Andrzej Krzysztofowicz)
o Revert pre1 APIC change

2.2.20pre1
o Fix SMP deadlock in NFS (Trond Myklebust)
o Fix missing printk in bluesmoke handler (me)
o Fix sparc64 nfs (Dave Miller)
o Update io_apic code to avoid breaking dual (Johannes Erdfelt)
Athlon 760MP
o Fix includes bugs in toshiba driver (Justin Keene,
Greg Kroah-Hartmann)
o Fix wanpipe cross compile (Phil Blundell)
o AGPGART copy_from_user fix (Dawson Engler)
o Fix alpha resource setup error (Allan Frank)
o Eicon driver updates (Armind Schindler)
o PC300 driver update (Daniela Squassoni)
o Show lock owner on flocks (Jim Mintha)
o Update cciss driver to 1.0.3 (Charles White)
o Backport cciss/cpqarray security fixes (me)
o Update i810 random number generator (Jeff Garzik)
o Update sk98 driver (Mirko Lindner)
o Update sis900 ethernet driver (Hui-Fen Hsu)
o Fix checklist glitch in make menuconfig (Moritz Schulte)
o Update synclink driver (Paul Fulghum)
o Update advansys scsi driver (Bob Frey)
o Ver_linux fixes for 2.2 (Steven Cole)
o Bring 2.2 back into line with the master ISDN (Kai Germaschewski)
o Whiteheat usb driver update (Greg Kroah-Hartmann)
o Fix via_rhine byte counters (Adam Lackorzynski)
o Fix modem control on rio serial (Rogier Wolff)
o Add more Iomega Zip to the usb storage list (Wim Coekaerts)
o Add ZF Micro watchdog (Fernando Fuganti)


2001-10-22 10:37:24

by bert hubert

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, Oct 22, 2001 at 11:21:49AM +0100, Alan Cox wrote:
> Things took a bit longer than intended with various security fixes needing to
> be done. If this tree tests out ok it will be 2.2.20
>
> 2.2.20pre11
> o Security fixes
> | Details censored in accordance with the US DMCA

Care to elaborate?

Regards,

bert

--
http://www.PowerDNS.com Versatile DNS Software & Services
Trilab The Technology People
Netherlabs BV / Rent-a-Nerd.nl - Nerd Available -
'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet

2001-10-22 10:41:54

by Andreas Haumer

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Hi!

Alan Cox wrote:
>
> Things took a bit longer than intended with various security fixes needing to
> be done. If this tree tests out ok it will be 2.2.20
>
> 2.2.20pre11
> o Security fixes
> | Details censored in accordance with the US DMCA
> o Sparc updates (Dave Miller)
> o Add escaped usb hot plug config item (Ryan Maple)
> o Fix eepro10 driver problems (Aris)
> o Make request_module return match 2.4 (David Woodhouse)
> o Update SiS900 driver (Hui-Fen Hsu)
> o Update ver_linux to match 2.4 (Steven Cole)
> o Final isdn fixups for 2.2 (Kai Germaschewski)
> o scsi tape fixes from 2.4 (Kai M?kisara)
> o Update credits entry (Henrik Storner)
> o Fix scc driver hang case (Jeroen)
> o Update credits entry (Dave Jones)
> o Update FAT documentation (Hirokazu Nomoto)
> o Small net tweaks (Dave Miller)
> o Fix cs89xx abuse of skb->len (Kapr Johnik)

Any reason for my one-liner patch to linux/net/sunrpc/sched.c
is still not included?

andreas@ws1:~/cvsdir {625} % cvs diff -C5 -rR_2-2-19~11 -rR_2-2-19~12
linux/net/sunrpc/sched.c
Index: linux/net/sunrpc/sched.c
===================================================================
RCS file:
/raid5/cvs/repository/distribution/Base/linux/net/sunrpc/sched.c,v
retrieving revision 1.1.1.6
retrieving revision 1.12
diff -C5 -r1.1.1.6 -r1.12
*** linux/net/sunrpc/sched.c 2001/03/25 16:37:42 1.1.1.6
--- linux/net/sunrpc/sched.c 2001/08/17 11:53:48 1.12
***************
*** 1066,1075 ****
--- 1066,1076 ----
rpciod_pid = current->pid;
up(&rpciod_running);

exit_files(current);
exit_mm(current);
+ exit_fs(current);

spin_lock_irq(&current->sigmask_lock);
siginitsetinv(&current->blocked, sigmask(SIGKILL));
recalc_sigpending(current);
spin_unlock_irq(&current->sigmask_lock);

Without this patch, rpciod keeps the initial ramdisk rootfs
busy on our diskless clients, so we cannot umount and free
it...

Regards,

- andreas

--
Andreas Haumer | mailto:[email protected]
*x Software + Systeme | http://www.xss.co.at/
Karmarschgasse 51/2/20 | Tel: +43-1-6060114-0
A-1100 Vienna, Austria | Fax: +43-1-6060114-71

2001-10-22 10:43:35

by Allan Sandfeld

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Monday 22 October 2001 12:21, Alan Cox wrote:
> Things took a bit longer than intended with various security fixes needing
> to be done. If this tree tests out ok it will be 2.2.20
>
> 2.2.20pre11
> o Security fixes
> | Details censored in accordance with the US DMCA

Why? I didnt think you like it, nor lived in the US?

If v'ger is in the US, I can understand not putting it in the changelog
there. But why not on the mailing list?

regards
`Allan

2001-10-22 10:46:34

by Alan

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

> Any reason for my one-liner patch to linux/net/sunrpc/sched.c
> is still not included?

It didnt seem critical and I wanted to be sure that I got 2.2.20 out.
Its sensible for 2.2.21

2001-10-22 11:23:28

by Alan

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

> > 2.2.20pre11
> > o Security fixes
> > | Details censored in accordance with the US DMCA
>
> Care to elaborate?

On a list that reaches US citizens - no. File permissions and userids may
constitute and be used for rights management.

Alan

2001-10-22 11:35:39

by bert hubert

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, Oct 22, 2001 at 12:30:02PM +0100, Alan Cox wrote:

> > > o Security fixes
> > > | Details censored in accordance with the US DMCA
> >
> > Care to elaborate?
>
> On a list that reaches US citizens - no. File permissions and userids may
> constitute and be used for rights management.

I may be a bit simple today, but I still don't get it. In what way does the
DMCA (horrible as it is) apply to our own software, which we in know way
'reverse engineered'?

Are you saying that we can't divulge security problems in our own software
anymore for fear of being sued by affected parties?

Regards,

bert

--
http://www.PowerDNS.com Versatile DNS Software & Services
Trilab The Technology People
Netherlabs BV / Rent-a-Nerd.nl - Nerd Available -
'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet

2001-10-22 11:48:29

by Alan

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

> Are you saying that we can't divulge security problems in our own software
> anymore for fear of being sued by affected parties?

Not even affected parties - the government can do it too without anyone else
and indeed even if their are contractual agreements between parties
permitting the data to be released..

I hope to have the security stuff up on a non US citizen accessible site in
time for 2.2.20 final

2001-10-22 12:06:29

by Matthias Andree

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001, Alan Cox wrote:

> > Are you saying that we can't divulge security problems in our own software
> > anymore for fear of being sued by affected parties?
>
> Not even affected parties - the government can do it too without anyone else
> and indeed even if their are contractual agreements between parties
> permitting the data to be released..
>
> I hope to have the security stuff up on a non US citizen accessible site in
> time for 2.2.20 final

Putting pressure on US people to have them influence their
legislation? Aka. every people have the rulers they deserve? Won't work
out.

Seriously, are you kidding?

--
Matthias Andree

2001-10-22 12:08:29

by bert hubert

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, Oct 22, 2001 at 12:55:12PM +0100, Alan Cox wrote:
> > Are you saying that we can't divulge security problems in our own software
> > anymore for fear of being sued by affected parties?
>
> Not even affected parties - the government can do it too without anyone else
> and indeed even if their are contractual agreements between parties
> permitting the data to be released..

This is getting daft in a hurry.

> I hope to have the security stuff up on a non US citizen accessible site in
> time for 2.2.20 final

This would then presumably lead to password protected access for US kernel
developers that need to know? And some kind of NDA?

'IANAL', and neither are you, are you sure this sillyness is necessary?

Regards,

bert

--
http://www.PowerDNS.com Versatile DNS Software & Services
Trilab The Technology People
Netherlabs BV / Rent-a-Nerd.nl - Nerd Available -
'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet

2001-10-22 12:23:29

by Alan

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

> This would then presumably lead to password protected access for US kernel
> developers that need to know? And some kind of NDA?

US kernel developers cannot be told. Period.

> 'IANAL', and neither are you, are you sure this sillyness is necessary?

Its based directly on legal opinion.

2001-10-22 12:22:39

by Alan

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

> Putting pressure on US people to have them influence their
> legislation? Aka. every people have the rulers they deserve? Won't work
> out.

"Until they become conscious they will never rebel, and until after
they have rebelled they cannot become conscious."

> Seriously, are you kidding?

The current interpretation of the DMCA is as lunatic as it sounds. With luck
the Sklyarov case will see that overturned on constitutional grounds. Until
then US citizens will have to guess about security issues.

Alan

2001-10-22 12:24:49

by bert hubert

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, Oct 22, 2001 at 01:30:00PM +0100, Alan Cox wrote:
> > This would then presumably lead to password protected access for US kernel
> > developers that need to know? And some kind of NDA?
>
> US kernel developers cannot be told. Period.
(...)
> Its based directly on legal opinion.

Then I suggest we leave this planet.

--
http://www.PowerDNS.com Versatile DNS Software & Services
Trilab The Technology People
Netherlabs BV / Rent-a-Nerd.nl - Nerd Available -
'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet

2001-10-22 12:37:19

by Rik van Riel

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001, bert hubert wrote:
> On Mon, Oct 22, 2001 at 01:30:00PM +0100, Alan Cox wrote:
> > > This would then presumably lead to password protected access for US kernel
> > > developers that need to know? And some kind of NDA?
> >
> > US kernel developers cannot be told. Period.
> (...)
> > Its based directly on legal opinion.
>
> Then I suggest we leave this planet.

You suggest we're leaving for The Free World(tm) ? ;)

Btw, does anybody know how to setup HTML click-through
licences ? ;) [mmm, need to learn more non-kernel stuff]

cheers,

Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)

http://www.surriel.com/ http://distro.conectiva.com/

2001-10-22 13:06:51

by Roger Gammans

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, Oct 22, 2001 at 01:30:00PM +0100, Alan Cox wrote:
> > This would then presumably lead to password protected access for US kernel
> > developers that need to know? And some kind of NDA?
>
> US kernel developers cannot be told. Period.

Huh, US resident or US citizens?

If US resident , does that mean we can't send security patches to
Linus.

*shakes head*

TTFN
--
Roger.
ashes and diamond,
foe and friend,
we _are_ all equal in the end. -- Pink Floyd

2001-10-22 13:23:23

by Luigi Genoni

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Reral problem is that there are also good developers that this way are
cutted out, and cannot give their contrib.

ufff! I tend to belive that politicians make law without a real knoledge
of what they are doing (see Italian law on copyrights)

Luigi

On Mon, 22 Oct 2001, Alan Cox wrote:

> > Putting pressure on US people to have them influence their
> > legislation? Aka. every people have the rulers they deserve? Won't work
> > out.
>
> "Until they become conscious they will never rebel, and until after
> they have rebelled they cannot become conscious."
>
> > Seriously, are you kidding?
>
> The current interpretation of the DMCA is as lunatic as it sounds. With luck
> the Sklyarov case will see that overturned on constitutional grounds. Until
> then US citizens will have to guess about security issues.
>
> Alan
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>

2001-10-22 13:30:13

by bert hubert

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, Oct 22, 2001 at 02:07:03PM +0100, Roger Gammans wrote:
> On Mon, Oct 22, 2001 at 01:30:00PM +0100, Alan Cox wrote:
> > > This would then presumably lead to password protected access for US kernel
> > > developers that need to know? And some kind of NDA?
> >
> > US kernel developers cannot be told. Period.
>
> Huh, US resident or US citizens?
>
> If US resident , does that mean we can't send security patches to
> Linus.

You can send him the patch. It appears you cannot tell him which
vulnerability it fixes.

That is, unless the 'code = speech' people have succeded in setting enough
precedent, in which case even 'code' may become a 'circumvention device'!

I am not a lawyer though, but at this point logic seems so far away that
anything appears possible.

Regards,

bert

--
http://www.PowerDNS.com Versatile DNS Software & Services
Trilab The Technology People
Netherlabs BV / Rent-a-Nerd.nl - Nerd Available -
'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet

2001-10-22 13:34:03

by Horst H. von Brand

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

bert hubert <[email protected]> said:
> On Mon, Oct 22, 2001 at 01:30:00PM +0100, Alan Cox wrote:
> > > This would then presumably lead to password protected access for US kernel
> > > developers that need to know? And some kind of NDA?
> >
> > US kernel developers cannot be told. Period.
> (...)
> > Its based directly on legal opinion.

> Then I suggest we leave this planet.

I'd expected an "all the world is USA" delusion from an US citizen, not
from somebody in .nl...
--
Dr. Horst H. von Brand Usuario #22616 counter.li.org
Departamento de Informatica Fono: +56 32 654431
Universidad Tecnica Federico Santa Maria +56 32 654239
Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513

2001-10-22 14:11:04

by dth

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Alan Cox <[email protected]> wrote:
>US kernel developers cannot be told. Period.

Are you looking for non-us webspace ?
I'm willing to letyou have full access to http://www.bzimage.org if
needed.

Let me know.

Danny


2001-10-22 15:04:17

by Nicolas Turro

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Le Mercredi 12 Septembre 2001 01:06, Alan Cox a ?crit :
> If you know any reason this should not be 2.2.20 final now is a very very
> good time to say. I intend to call this patch 2.2.20 in a week or so
> barring any last minute problems. Please save anything but actual bugfixes
> for 2.2.21.

Is 2.2.20 final coming anytime soon (october) or should i use 2.2.20pre10 ?

N. Turro

2001-10-22 15:15:47

by Wayne.Brown

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10



Speaking as a US citizen, I hope that someone outside the US will grab that info
as soon as it's available and make it accessible to everyone. (Not that I need
it myself -- I have no interest in 2.2.20 -- but I like to see crap legislation
like the DMCA subverted wherever possible.)

Wayne




Alan Cox <[email protected]> on 10/22/2001 06:55:12 AM

To: [email protected] (bert hubert)
cc: [email protected] (bcc: Wayne Brown/Corporate/Altec)

Subject: Re: Linux 2.2.20pre10



> Are you saying that we can't divulge security problems in our own software
> anymore for fear of being sued by affected parties?

Not even affected parties - the government can do it too without anyone else
and indeed even if their are contractual agreements between parties
permitting the data to be released..

I hope to have the security stuff up on a non US citizen accessible site in
time for 2.2.20 final

2001-10-22 15:43:51

by Tom Sightler

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

> Speaking as a US citizen, I hope that someone outside the US will grab
that info
> as soon as it's available and make it accessible to everyone. (Not that I
need
> it myself -- I have no interest in 2.2.20 -- but I like to see crap
legislation
> like the DMCA subverted wherever possible.)

Agreed, and it's exactly what we need to do. Laws like these are much
easier to overturn when they start making criminals out of everyday,
ordinary people for just doing their normal jobs. Suddenly even dumb judges
and, especially, elected officials, get the idea because the pressure gets
put on by everyone.

Of course, I still think this is an extremeist view of the DMCA. I don't
see were it keeps you from posting information about security fixes to your
own code, just not other peoples products.

Later,
Tom




2001-10-22 16:03:41

by Rik van Riel

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001 [email protected] wrote:

> Speaking as a US citizen, I hope that someone outside the US
> will grab that info as soon as it's available and make it
> accessible to everyone. (Not that I need it myself -- I have no
> interest in 2.2.20 -- but I like to see crap legislation like
> the DMCA subverted wherever possible.)

Yeah, lets keep up the status quo so bad laws never get
subverted and people like Dmitry Skylarov are the only
people suffering from bad US laws.

NOT.

Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)

http://www.surriel.com/ http://distro.conectiva.com/

2001-10-22 16:20:16

by Bill Davidsen

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

In article <[email protected]>
[email protected] wrote:
| > This would then presumably lead to password protected access for US kernel
| > developers that need to know? And some kind of NDA?
|
| US kernel developers cannot be told. Period.
|
| > 'IANAL', and neither are you, are you sure this sillyness is necessary?
|
| Its based directly on legal opinion.

And who will be maintaining the world and us-castrated kernel source?
I can't imagine anything worse for the security of this country than not
allow computer users access to security issues.

--
bill davidsen <[email protected]>
His first management concern is not solving the problem, but covering
his ass. If he lived in the middle ages he'd wear his codpiece backward.

2001-10-22 16:29:56

by dean gaudet

[permalink] [raw]
Subject: [OT] Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001, bert hubert wrote:

> Then I suggest we leave this planet.

it's unfortunate that the brain drain still brings brains to the US
instead of the other way around. (i'm guilty. i'm a canadian working for
a US company.)

-dean

2001-10-22 16:30:26

by Andreas D. Landmark

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

At 22.10.2001 17:20, bill davidsen wrote:
> And who will be maintaining the world and us-castrated kernel source?
>I can't imagine anything worse for the security of this country than not
>allow computer users access to security issues.

I'd say the DMCA is a good candidate for being worse for computer security
than no security patches...



--
Andreas D Landmark / noXtension
Real Time, adj.:
Here and now, as opposed to fake time, which only occurs there
and then.

2001-10-22 16:39:27

by Rik van Riel

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001, bill davidsen wrote:

> And who will be maintaining the world and us-castrated kernel
> source? I can't imagine anything worse for the security of this
> country than not allow computer users access to security issues.

Don't worry, there are more than enough kernel hackers
outside of the US to keep maintaining the kernel.

The worst that could happen is that the US cripples
itself by not allowing the kernel hackers outside the
US to publish security info to people in the US, but
only to the rest of the world.

That's tough, they're a democratic country, they can
change the law if it hurts them too much.

cheers,

Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)

http://www.surriel.com/ http://distro.conectiva.com/

2001-10-22 16:46:17

by Alan

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

> And who will be maintaining the world and us-castrated kernel source?

Im not aware of any probl;ems distributing fixed source

> I can't imagine anything worse for the security of this country than not
> allow computer users access to security issues.

As it stands I cannot legally advise the US security services about Linux
security issues. Normally I'd find this excruciatingly funny but in the
current circumstances its rather less humourous.

Alan

2001-10-22 17:06:08

by Nick LeRoy

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Monday 22 October 2001 11:34, Rik van Riel wrote:
> On Mon, 22 Oct 2001, bill davidsen wrote:
> > And who will be maintaining the world and us-castrated kernel
> > source? I can't imagine anything worse for the security of this
> > country than not allow computer users access to security issues.
>
> Don't worry, there are more than enough kernel hackers
> outside of the US to keep maintaining the kernel.
>
> The worst that could happen is that the US cripples
> itself by not allowing the kernel hackers outside the
> US to publish security info to people in the US, but
> only to the rest of the world.
>
> That's tough, they're a democratic country, they can
> change the law if it hurts them too much.

Rik...

I *wish* it were that simple. If you don't think that a least some of us
*try*, you're kidding yourself. The real problem, IMHO, is that the
electorate of our country no longer has any real power or control over the
government -- it's the corporations that do. Money talks, so the saying
goes. He who has the gold makes the rules.

So, please don't punish all of us for the acts of our corrupt system. We
just try to make it better in whatever ways we can. FWIW, the ACLU, EEF,
etc. are our best hope for a free society.

Thanks

-Nick

2001-10-22 17:05:08

by Greg KH

[permalink] [raw]
Subject: Re: Linux 2.2.20pre11

On Mon, Oct 22, 2001 at 11:21:49AM +0100, Alan Cox wrote:
>
> 2.2.20pre11
> o Security fixes
> | Details censored in accordance with the US DMCA

http://marc.theaimsgroup.com/?l=bugtraq&m=100343090106914

2001-10-22 17:14:58

by Greg Hennessy

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

In article <[email protected]>,
Alan Cox <[email protected]> wrote:
> As it stands I cannot legally advise the US security services about Linux
> security issues. Normally I'd find this excruciatingly funny but in the
> current circumstances its rather less humourous.

Which part of the DMCA do you think prohibits this?

2001-10-22 17:16:58

by Alan

[permalink] [raw]
Subject: Re: Linux 2.2.20pre11

> On Mon, Oct 22, 2001 at 11:21:49AM +0100, Alan Cox wrote:
> >
> > 2.2.20pre11
> > o Security fixes
> > | Details censored in accordance with the US DMCA
>
> http://marc.theaimsgroup.com/?l=bugtraq&m=100343090106914

There are other security related changes

2001-10-22 17:25:28

by Wayne.Brown

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10



It's highly unlikely that Alan withholding information from a handful of US
Linux users and developers will have any effect on US laws. Plenty of us have
complained already to our elected officials, without results. The number of
people who would care (or even know) about Alan's security boycott -- even if it
includes the entire US readership of linux-kernel -- is vanishingly small
compared to the general population, and no politician is going to pay attention
to such a small and dilute constituency. All a policy of secrecy will
accomplish is to punish US kernel hackers (who probably disagree with the DMCA
as much as the rest of you) and have no effect on the average citizen who
doesn't have a clue about either the DMCA or Linux. I'm seeing a disturbing
trend here; with all the talk about this topic and about EXPORT_SYMBOL_GPL here
lately, I'm starting to think linux-kernel is more about restricting information
than disseminating it.

I believe the DCMA should be treated like firearms laws or any other bad laws:
Fight them where possible, and disobey them where fighting them is not possible.

Wayne




Rik van Riel <[email protected]> on 10/22/2001 11:03:53 AM

To: Wayne Brown/Corporate/Altec@Altec
cc: [email protected]

Subject: Re: Linux 2.2.20pre10



On Mon, 22 Oct 2001 [email protected] wrote:

> Speaking as a US citizen, I hope that someone outside the US
> will grab that info as soon as it's available and make it
> accessible to everyone. (Not that I need it myself -- I have no
> interest in 2.2.20 -- but I like to see crap legislation like
> the DMCA subverted wherever possible.)

Yeah, lets keep up the status quo so bad laws never get
subverted and people like Dmitry Skylarov are the only
people suffering from bad US laws.

NOT.

Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)

http://www.surriel.com/ http://distro.conectiva.com/





2001-10-22 17:30:38

by David Miller

[permalink] [raw]
Subject: Re: Linux 2.2.20pre11

From: Alan Cox <[email protected]>
Date: Mon, 22 Oct 2001 18:23:02 +0100 (BST)

> http://marc.theaimsgroup.com/?l=bugtraq&m=100343090106914

There are other security related changes

So if you:

1) publish a patch (ie. telling us all the changes)
2) describe the set of changes which are not security
related (ie. telling us the non-security related
changes)

By deduction aren't you in fact "telling us what the secutiry related
changes are"? :-)

Franks a lot,
David S. Miller
[email protected]

2001-10-22 17:32:18

by Dominik Kubla

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, Oct 22, 2001 at 12:40:49PM +0200, Allan Sandfeld wrote:
> On Monday 22 October 2001 12:21, Alan Cox wrote:
> > Things took a bit longer than intended with various security fixes needing
> > to be done. If this tree tests out ok it will be 2.2.20
> >
> > 2.2.20pre11
> > o Security fixes
> > | Details censored in accordance with the US DMCA
>
> Why? I didnt think you like it, nor lived in the US?
>
> If v'ger is in the US, I can understand not putting it in the changelog
> there. But why not on the mailing list?

Because the mailing list is hosted in the US of A...

Dominik
--
ScioByte GmbH Zum Schiersteiner Grund 2 55127 Mainz (Germany)
Phone: +49 700 724 629 83 Fax: +49 700 724 629 84

GnuPG: 717F16BB / A384 F5F1 F566 5716 5485 27EF 3B00 C007 717F 16BB

2001-10-22 17:34:40

by David Lang

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

and how can you dare send the source code or patches to the US in that
case, it's the same info in a different form.

David Lang

On Mon, 22 Oct 2001, Roger Gammans wrote:

> Date: Mon, 22 Oct 2001 14:07:03 +0100
> From: Roger Gammans <[email protected]>
> Reply-To: [email protected]
> To: [email protected]
> Subject: Re: Linux 2.2.20pre10
>
> On Mon, Oct 22, 2001 at 01:30:00PM +0100, Alan Cox wrote:
> > > This would then presumably lead to password protected access for US kernel
> > > developers that need to know? And some kind of NDA?
> >
> > US kernel developers cannot be told. Period.
>
> Huh, US resident or US citizens?
>
> If US resident , does that mean we can't send security patches to
> Linus.
>
> *shakes head*
>
> TTFN
> --
> Roger.
> ashes and diamond,
> foe and friend,
> we _are_ all equal in the end. -- Pink Floyd
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>

2001-10-22 17:38:38

by Alan

[permalink] [raw]
Subject: Re: Linux 2.2.20pre11

> 1) publish a patch (ie. telling us all the changes)
> 2) describe the set of changes which are not security
> related (ie. telling us the non-security related
> changes)
>
> By deduction aren't you in fact "telling us what the secutiry related
> changes are"? :-)

Not directly, and if you have enough skill to work through the code you
could do so anyway. Whether reading the source code for that purpose is
legal I don't know.

Have fun

Alan

2001-10-22 17:40:00

by George Garvey

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

So you want to make the decision for Alan to get into a lawsuit and
possibly go to jail to fight the law? Will you pay his legal bills? Will
you take over his maintenance duties if necessary? Will you give him a
job when he's done if it comes to that?
That's a personal decision, don't you think? Who can judge another
without knowing their circumstances? Do you understand the situation at
all? Truthfully, I don't.

On Mon, Oct 22, 2001 at 12:21:43PM -0500, [email protected] wrote:
> It's highly unlikely that Alan withholding information from a handful
> of US Linux users and developers will have any effect on US laws.

2001-10-22 17:45:48

by Nick LeRoy

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Wayne, everybody..

I hate to belabor this point, but I'm in full agreement. If I really
believed that Alan's boycott would have *any* positive affect, I'd fully
support it, but the reality of the situation is that Wayne is right -- nobody
with any real power will ever know or be able to a difference. I think that
civil disobiediance is the only sensible action.

-Nick

On Monday 22 October 2001 12:21, [email protected] wrote:
> It's highly unlikely that Alan withholding information from a handful of US
> Linux users and developers will have any effect on US laws. Plenty of us
> have complained already to our elected officials, without results. The
> number of people who would care (or even know) about Alan's security
> boycott -- even if it includes the entire US readership of linux-kernel --
> is vanishingly small compared to the general population, and no politician
> is going to pay attention to such a small and dilute constituency. All a
> policy of secrecy will accomplish is to punish US kernel hackers (who
> probably disagree with the DMCA as much as the rest of you) and have no
> effect on the average citizen who doesn't have a clue about either the DMCA
> or Linux. I'm seeing a disturbing trend here; with all the talk about this
> topic and about EXPORT_SYMBOL_GPL here lately, I'm starting to think
> linux-kernel is more about restricting information than disseminating it.
>
> I believe the DCMA should be treated like firearms laws or any other bad
> laws: Fight them where possible, and disobey them where fighting them is
> not possible.

2001-10-22 17:52:18

by Eli Carter

[permalink] [raw]
Subject: Re: Linux 2.2.20pre11

Alan Cox wrote:
>
> > On Mon, Oct 22, 2001 at 11:21:49AM +0100, Alan Cox wrote:
> > >
> > > 2.2.20pre11
> > > o Security fixes
> > > | Details censored in accordance with the US DMCA
> >
> > http://marc.theaimsgroup.com/?l=bugtraq&m=100343090106914
>
> There are other security related changes

It just hit /. I wondered how long it would take...

Alan, you've made your point pretty clear to me with this stunt (no
slight intended, I don't have a better word at the moment)... Though I
have reservations about the method.

Good luck against the /.'ers. :/

Eli, a U.S. developer
--------------------. Real Users find the one combination of bizarre
Eli Carter \ input values that shuts down the system for days.
eli.carter(a)inet.com `-------------------------------------------------

2001-10-22 17:55:48

by Wayne.Brown

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10



I never said that Alan, or any particular individual, should risk a lawsuit or
jail. I simply said that I hoped *someone outside the US* (that is, someone not
subject to US laws) would make the information available. Surely there are
places in the world that are beyond the reach of the DMCA. How about those
European sites that made strong encryption available to circumvent the US export
restrictions on encryption technology? I never heard of the FBI raiding any of
them.

Wayne




George Garvey <[email protected]> on 10/22/2001 12:35:53 PM

To: Wayne Brown/Corporate/Altec@Altec
cc: [email protected]

Subject: Re: Linux 2.2.20pre10



So you want to make the decision for Alan to get into a lawsuit and
possibly go to jail to fight the law? Will you pay his legal bills? Will
you take over his maintenance duties if necessary? Will you give him a
job when he's done if it comes to that?
That's a personal decision, don't you think? Who can judge another
without knowing their circumstances? Do you understand the situation at
all? Truthfully, I don't.

On Mon, Oct 22, 2001 at 12:21:43PM -0500, [email protected] wrote:
> It's highly unlikely that Alan withholding information from a handful
> of US Linux users and developers will have any effect on US laws.




2001-10-22 18:00:48

by Rob Turk

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

"Nick LeRoy" <[email protected]> wrote in message
news:[email protected]...
> Wayne, everybody..
>
> I hate to belabor this point, but I'm in full agreement. If I really
> believed that Alan's boycott would have *any* positive affect, I'd fully
> support it, but the reality of the situation is that Wayne is right -- nobody
> with any real power will ever know or be able to a difference. I think that
> civil disobiediance is the only sensible action.
>
> -Nick

Alan might have to travel to the US somewhere in the near future. Do you think
he wants to risk being arrested? Making a point is one thing, serving time is
another. If Alan would disclose the details now, he would knowingly be
disobediant. Dimitry Sklyarov was ' unknowingly disobediant', and look what that
got him...

Rob




2001-10-22 18:00:48

by Rob Turk

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10


<[email protected]> wrote in message
news:[email protected]...
>
>
> It's highly unlikely that Alan withholding information from a handful of US
> Linux users and developers will have any effect on US laws. Plenty of us have
> complained already to our elected officials, without results.

Yup, but if large US-based corporations with economic ties into Linux no longer
have access to clear patch descriptions, *they* might have a better chance to
convince your US lawmakers that these laws are hurting US economy.

Rob





2001-10-22 18:02:48

by Per Jessen

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001 12:51:53 -0500, [email protected] wrote:
>I never said that Alan, or any particular individual, should risk a lawsuit or
>jail. I simply said that I hoped *someone outside the US* (that is, someone not
>subject to US laws) would make the information available. Surely there are
>places in the world that are beyond the reach of the DMCA. How about those

Alan Cox, living in the UK, may be *somewhat* subject to US legislation.
Ties between the US and the UK are strong, and it is understandable if a UK-
resident person does not feel entirely out of reach of US law enforcement.

IMHO.


regards,
Per Jessen, Zurich

regards,
Per Jessen, Zurich
http://www.enidan.com - home of the J1 serial console.

Windows 2001: "I'm sorry Dave ... I'm afraid I can't do that."


2001-10-22 18:05:58

by Rik van Riel

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001 [email protected] wrote:

> I never said that Alan, or any particular individual, should
> risk a lawsuit or jail. I simply said that I hoped *someone
> outside the US* (that is, someone not subject to US laws) would
> make the information available.

If you publish to the US, you can be sued under US law.

> Surely there are places in the world that are beyond the reach
> of the DMCA. How about those European sites that made strong
> encryption available to circumvent the US export restrictions on
> encryption technology? I never heard of the FBI raiding any of
> them.

There's a german guy named as one of the defendants in
the DVD lawsuit in California. He has never even been
to California, but could end up being convicted for
doing something which is perfectly legal in Germany.

I don't think I want to take the risk of getting charged
with a crime in the US for something perfectly legal here.
I'd rather lock out the US and leave the legal risks to the
people who elected the folks who put these laws in place...

regards,

Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)

http://www.surriel.com/ http://distro.conectiva.com/

2001-10-22 18:14:38

by Dan Hollis

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001, bert hubert wrote:
> On Mon, Oct 22, 2001 at 01:30:00PM +0100, Alan Cox wrote:
> > > This would then presumably lead to password protected access for US kernel
> > > developers that need to know? And some kind of NDA?
> > US kernel developers cannot be told. Period.
> (...)
> > Its based directly on legal opinion.
> Then I suggest we leave this planet.

What, Heavens Gate style?

-Dan
--
[-] Omae no subete no kichi wa ore no mono da. [-]

2001-10-22 18:21:49

by Dan Hollis

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001, Horst von Brand wrote:
> bert hubert <[email protected]> said:
> > Then I suggest we leave this planet.
> I'd expected an "all the world is USA" delusion from an US citizen, not
> from somebody in .nl...

The MPAA abducted a norwegian child using police armed with assault
weapons. Alan and other non-us citizens certainly have reason to be
concerned.

-Dan
--
[-] Omae no subete no kichi wa ore no mono da. [-]

2001-10-22 18:31:19

by Wayne.Brown

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10



I wonder if there are any Linux hackers in Iraq? It's doubtful the government
there would honor any legal action attempted by the US on DMCA issues. OTOH, it
would put me in the rather weird position of agreeing with the Iraqi government,
which is something I NEVER would have expected... :-)

Wayne




"Per Jessen" <[email protected]> on 10/22/2001 01:13:42 PM

Please respond to "Per Jessen" <[email protected]>

To: "[email protected]" <[email protected]>
cc: (bcc: Wayne Brown/Corporate/Altec)

Subject: Re: Linux 2.2.20pre10



On Mon, 22 Oct 2001 12:51:53 -0500, [email protected] wrote:
>I never said that Alan, or any particular individual, should risk a lawsuit or
>jail. I simply said that I hoped *someone outside the US* (that is, someone
not
>subject to US laws) would make the information available. Surely there are
>places in the world that are beyond the reach of the DMCA. How about those

Alan Cox, living in the UK, may be *somewhat* subject to US legislation.
Ties between the US and the UK are strong, and it is understandable if a UK-
resident person does not feel entirely out of reach of US law enforcement.

IMHO.


regards,
Per Jessen, Zurich

regards,
Per Jessen, Zurich
http://www.enidan.com - home of the J1 serial console.

Windows 2001: "I'm sorry Dave ... I'm afraid I can't do that."


2001-10-22 18:35:10

by Gavin Baker

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, Oct 22, 2001 at 12:30:02PM +0100, Alan Cox wrote:

> > > 2.2.20pre11
> > > o Security fixes
> > > | Details censored in accordance with the US DMCA
> >
> > Care to elaborate?
>
> On a list that reaches US citizens - no. File permissions and userids may
> constitute and be used for rights management.

Alan, are we to assume any future security related patch details are to
be censored until this DMCA madness is over?

In this case, im not sure if its a good idea for anyone to actually
apply these patches until they have read, and understand the code. If
the person in question is not fluent in C, how do they know what they
are patching, or whether to patch it at all without your explanation of
what it does?

If this is the case, im sure lots of websites will spring up, with
blatent disregard for the DMCA, that will fill in the blanks from the
changelogs. People will make a public stand against this insanity.

On the other hand, if the actual code for these security fixes is not
classed as "Details", i dont know what is.

2.5.8 changelog...
o Security Fixes
| None applied for fear of the code upsetting the US DMCA
o VM updates (Rik)
o Some other updates
| applied, but authors kept anonymous for fear of the DMCA
| seeing the updates as security issues, also details censored
| just in case.
o etc.

madness.

--
Gavin Baker - UK

2001-10-22 18:38:29

by Nick LeRoy

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Wayne..

It's a scary comentary that the Iraqi government may provide more liberties
that our own US government. Sigh.

-Nick


On Monday 22 October 2001 13:27, [email protected] wrote:
> I wonder if there are any Linux hackers in Iraq? It's doubtful the
> government there would honor any legal action attempted by the US on DMCA
> issues. OTOH, it would put me in the rather weird position of agreeing
> with the Iraqi government, which is something I NEVER would have
> expected... :-)
>
> Wayne

2001-10-22 18:38:50

by Joel Jaeggli

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10


On Mon, 22 Oct 2001 [email protected] wrote:

>
>
> I never said that Alan, or any particular individual, should risk a lawsuit or
> jail. I simply said that I hoped *someone outside the US* (that is, someone not
> subject to US laws) would make the information available.

tell that to dimitri skylarov, I'm sure he'd love to here it.

> Surely there are
> places in the world that are beyond the reach of the DMCA. How about those
> European sites that made strong encryption available to circumvent the US export
> restrictions on encryption technology? I never heard of the FBI raiding any of
> them.
>
> Wayne
>
>
>
>
> George Garvey <[email protected]> on 10/22/2001 12:35:53 PM
>
> To: Wayne Brown/Corporate/Altec@Altec
> cc: [email protected]
>
> Subject: Re: Linux 2.2.20pre10
>
>
>
> So you want to make the decision for Alan to get into a lawsuit and
> possibly go to jail to fight the law? Will you pay his legal bills? Will
> you take over his maintenance duties if necessary? Will you give him a
> job when he's done if it comes to that?
> That's a personal decision, don't you think? Who can judge another
> without knowing their circumstances? Do you understand the situation at
> all? Truthfully, I don't.
>
> On Mon, Oct 22, 2001 at 12:21:43PM -0500, [email protected] wrote:
> > It's highly unlikely that Alan withholding information from a handful
> > of US Linux users and developers will have any effect on US laws.
>
>
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>

--
--------------------------------------------------------------------------
Joel Jaeggli [email protected]
Academic User Services [email protected]
PGP Key Fingerprint: 1DE9 8FCA 51FB 4195 B42A 9C32 A30D 121E
--------------------------------------------------------------------------
It is clear that the arm of criticism cannot replace the criticism of
arms. Karl Marx -- Introduction to the critique of Hegel's Philosophy of
the right, 1843.


2001-10-22 18:42:21

by Alexander Viro

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10



On Mon, 22 Oct 2001 [email protected] wrote:

> I wonder if there are any Linux hackers in Iraq? It's doubtful the government
> there would honor any legal action attempted by the US on DMCA issues. OTOH, it
> would put me in the rather weird position of agreeing with the Iraqi government,
> which is something I NEVER would have expected... :-)

Oh, come on. Every government is right on some issues. Proof:

For every government X there is at least one government Y such that X
would claim that Y is a bunch of corrupt assholes. Since every government
_is_ a bunch of corrupt assholes, every government is right at least in one
of its claims.

2001-10-22 19:03:19

by Wayne.Brown

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10



I certainly can't argue with your logic. :-)

Actually, I believe there are some decent, honest, well-meaning people in our
government. It's just that they seldom have much influence on policy. :-(

Wayne




Alexander Viro <[email protected]> on 10/22/2001 01:40:36 PM

To: Wayne Brown/Corporate/Altec@Altec
cc: "[email protected]" <[email protected]>

Subject: Re: Linux 2.2.20pre10





On Mon, 22 Oct 2001 [email protected] wrote:

> I wonder if there are any Linux hackers in Iraq? It's doubtful the government
> there would honor any legal action attempted by the US on DMCA issues. OTOH,
it
> would put me in the rather weird position of agreeing with the Iraqi
government,
> which is something I NEVER would have expected... :-)

Oh, come on. Every government is right on some issues. Proof:

For every government X there is at least one government Y such that X
would claim that Y is a bunch of corrupt assholes. Since every government
_is_ a bunch of corrupt assholes, every government is right at least in one
of its claims.





2001-10-22 19:10:49

by Brian Litzinger

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

> > Putting pressure on US people to have them influence their
> > legislation? Aka. every people have the rulers they deserve? Won't
> > work out.

On Mon, Oct 22, 2001 at 01:29:14PM +0100, Alan Cox wrote:
> "Until they become conscious they will never rebel, and until after
> they have rebelled they cannot become conscious."

While I've been generally saddened by Alan Cox's and others
anti-America attitude, I am somewhat surprised to find that
Alan believes the US bombing of Afghanistan is justified and so
is the collateral damage as they call it.

Alan's point being that a population of a State can't be innocent
of the actions of their government, something, by the way, with
which I disagree.

Strange though, while the US has delivered hundreds of millions of US
dollars in aid to Afghanistan both before and after 9/11, Alan would
deny US citizens some of the tools with which to change things at home.

Alan asks us to rebel, but then denies us at least some of the
avenues we might take. Others claiming for him that he doesn't
want to risk jail. What if every aid worker in Afghanistan
and elsewhere around the world had the same attitude?

--
Brian Litzinger <[email protected]>

Copyright (c) 2001 By Brian Litzinger, All Rights Reserved

2001-10-22 19:15:39

by Tudor Bosman

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

OK, let's get the disclaimer out of the way. This post is opinionated,
and IANAL. Now...


For reference, here is the full text of the DMCA subsection in question:
(1201(2)):

``(2) No person shall manufacture, import, offer to the public,
provide, or otherwise traffic in any technology, product, service,
device, component, or part thereof, that-

``(A) is primarily designed or produced for the purpose
of circumventing a technological measure that effectively con-
trols access to a work protected under this title;
``(B) has only limited commercially significant purpose or
use other than to circumvent a technological measure that
effectively controls access to a work protected under this title;
or
``(C) is marketed by that person or another acting in concert
with that person with that person's knowledge for use in cir-
cumventing a technological measure that effectively controls
access to a work protected under this title.


I would like to comment on this from two different angles.

1. The subsection mentions "any technology, product, service, device,
component, or part thereof". While this definition is vague, and we
hackers tend to like splitting hairs (see Dave Touretzky's DeCSS
gallery, http://www-2.cs.cmu.edu/~dst/DeCSS/Gallery/index.html), there
is a clear distinction between (constitutionally-protected) speech (in a
non-machine readable) form, and a software product. Other forms of
expression (source code, non-machine readable source code, source code
set to music, etc.) lie on the fine line between the two.

For example, exporting PGP on paper and OCR-ing it (because exporting it
in electronic form was illegal) was a legal absurdity. While this
hair-splitting might have amused a few lawyers and judges here and
there, I believe that a well-versed attorney could have torn that
defense to pieces, because we tried drawing demarcation lines instead of
concentrating on defeating the spirit of the law.

The above-mentioned paragraphs make no reference to "information" or a
"description" of such a circumvention device. A high-level description
(in plain English) of a security hole is not a "technology, product,
service, device, component, or part thereof"; and if it can be construed
as such, surely the realization of such description (the source code
itself) is much closer to the notion of a "product". Is this the end of
full disclosure and open source/free software? Should BUGTRAQ be banned
from US residents?


2. The arguments for/against publishing the description of the security
hole in the DMCA context are the same as the arguments for/against full
disclosure in the security field in general. IF the description were
published, then... (paraphrasing the three DMCA paragraphs I cited)

(A) it would NOT be primarily designed for circumventing a technological
measure that effectively controls access to a protected work- it would
be primarily designed for informing system administrators of their risks
and the importance of the patch, and informing developers of pitfalls to
avoid in writing new code;

(B) it would have a LARGE commercially significant purpose other than to
circumvent a technological measure that effectively controls access to a
protected work- the main purpose would be to urge system administrators
and developers to implement a higher degree of protection (at the very
least, apply the patch), and

(C) it would NOT be marketed by Alan Cox or another acting in concert
with him for use in circumventing a technological measure that
effectively controls access to a protected work- this is a no-brainer, I
don't think there are many people on this list who openly advocate
exploiting security holes for gaining unauthorized access.


In conclusion, I tried to make two points in the above rant:

1. A description of a security hole is constitutionally protected
speech, and as such cannot be construed as violating the sections of the
DMCA. If such description fits the definition of "technology, product,
service, device, component, or part thereof", then we're in big trouble,
because source code itself is much closer to the definition of a
"product" than a description of the source code.

2. A description of a security hole, or unpatched source code, or even
exploit code do not meet the criteria set forward by the DMCA for
illegal circumvention devices.


Best regards,

Tudor.


--
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

2001-10-22 19:23:19

by Paul Fulghum

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Alexander "Webster" Viro wrote:

> every government _is_ a bunch of corrupt assholes...

Good definition. Instead of arguing about which one
stinks the most, we should probe ways of wiping out
the DMCA without excess inflamation.

Paul Fulghum, [email protected]
Microgate Corporation, http://www.microgate.com

2001-10-22 19:23:29

by D. Stimits

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

bert hubert wrote:
>
> On Mon, Oct 22, 2001 at 01:30:00PM +0100, Alan Cox wrote:
> > > This would then presumably lead to password protected access for US kernel
> > > developers that need to know? And some kind of NDA?
> >
> > US kernel developers cannot be told. Period.
> (...)
> > Its based directly on legal opinion.
>
> Then I suggest we leave this planet.

If I could leave I would.

FYI, I am one of those USA people that wrote to Senator Hollings and
others about this new SSSCA stuff, asking him why he wanted to destroy
economic interests (e.g., IBM's), along with showing his utter contempt
for the Constitution of the USA. He'll just killfile it, it isn't what
he wants to hear, he's a child with a loaded gun.
http://www.newsforge.com/article.pl?sid=01/10/19/1546246&mode=thread

D. Stimits, [email protected]

>
> --
> http://www.PowerDNS.com Versatile DNS Software & Services
> Trilab The Technology People
> Netherlabs BV / Rent-a-Nerd.nl - Nerd Available -
> 'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/

2001-10-22 19:28:59

by D. Stimits

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Horst von Brand wrote:
>
> bert hubert <[email protected]> said:
> > On Mon, Oct 22, 2001 at 01:30:00PM +0100, Alan Cox wrote:
> > > > This would then presumably lead to password protected access for US kernel
> > > > developers that need to know? And some kind of NDA?
> > >
> > > US kernel developers cannot be told. Period.
> > (...)
> > > Its based directly on legal opinion.
>
> > Then I suggest we leave this planet.
>
> I'd expected an "all the world is USA" delusion from an US citizen, not
> from somebody in .nl...

Racist and prejudiced opinions though are found everywhere. Stereotypes
and arrogance know no boundaries. You mistake being a US citizen with
being a puppet.

D. Stimits, [email protected]

> --
> Dr. Horst H. von Brand Usuario #22616 counter.li.org
> Departamento de Informatica Fono: +56 32 654431
> Universidad Tecnica Federico Santa Maria +56 32 654239
> Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/

2001-10-22 19:34:29

by D. Stimits

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

bill davidsen wrote:
>
> In article <[email protected]>
> [email protected] wrote:
> | > This would then presumably lead to password protected access for US kernel
> | > developers that need to know? And some kind of NDA?
> |
> | US kernel developers cannot be told. Period.
> |
> | > 'IANAL', and neither are you, are you sure this sillyness is necessary?
> |
> | Its based directly on legal opinion.
>
> And who will be maintaining the world and us-castrated kernel source?
> I can't imagine anything worse for the security of this country than not
> allow computer users access to security issues.

See:
http://www.newsforge.com/article.pl?sid=01/10/19/1546246&mode=thread
http://www.petitiononline.com/SSSCA/petition.html
http://216.110.42.179/docs/hollings.090701.html

Then complain to Senators Hollings and Stevens; they haven't heard of
the Constitution, maybe someone could remind them.

D. Stimits, [email protected]

>
> --
> bill davidsen <[email protected]>
> His first management concern is not solving the problem, but covering
> his ass. If he lived in the middle ages he'd wear his codpiece backward.
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/

2001-10-22 19:37:59

by Adrian Bunk

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001 [email protected] wrote:

> I never said that Alan, or any particular individual, should risk a lawsuit or
> jail. I simply said that I hoped *someone outside the US* (that is, someone not
> subject to US laws) would make the information available. Surely there are
> places in the world that are beyond the reach of the DMCA. How about those

Where in the world do you find "someone not subject to US laws"? Someone
who develops a program in Russia gets arrested in the USA. And with the
"Hague Convention on Jurisdiction and Foreign Judgments in Civil and
Commercial Matters" [1] it will become much more easy for US companies for
sue people outside the USA...

> European sites that made strong encryption available to circumvent the US export
> restrictions on encryption technology? I never heard of the FBI raiding any of
> them.

That's a completely different thing: It is and it was always legal to use
encryption technology inside the USA and to import it into the USA (read:
downloading it from outside the USA is some kind of import). The only
thing that was (and is still under some circumstances) forbidden is the
export it from the USA. That means that in this case there are _no_ legal
risks for you when you offer encryption technology on a server that is
located outside the USA - and this is quite different from the DMCA
problems.

> Wayne

cu
Adrian

[1] An article in German about it that includes a pdf with the English
text of the proposal is at
http://www.heise.de/newsticker/data/jk-15.10.01-001/


--

Get my GPG key: finger [email protected] | gpg --import

Fingerprint: B29C E71E FE19 6755 5C8A 84D4 99FC EA98 4F12 B400




2001-10-22 19:39:19

by Rik van Riel

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001 [email protected] wrote:

> While I've been generally saddened by Alan Cox's and others
> anti-America attitude, I am somewhat surprised to find that

[snip drivel on steroids]

> Others claiming for him that he doesn't want to risk jail.

You seem to have claimed as much for (against?) him as
all the others in this thread together. Lets take this
topic elsewhere, shall we ?

Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)

http://www.surriel.com/ http://distro.conectiva.com/

2001-10-22 19:38:49

by D. Stimits

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Nick LeRoy wrote:
>
> On Monday 22 October 2001 11:34, Rik van Riel wrote:
> > On Mon, 22 Oct 2001, bill davidsen wrote:
> > > And who will be maintaining the world and us-castrated kernel
> > > source? I can't imagine anything worse for the security of this
> > > country than not allow computer users access to security issues.
> >
> > Don't worry, there are more than enough kernel hackers
> > outside of the US to keep maintaining the kernel.
> >
> > The worst that could happen is that the US cripples
> > itself by not allowing the kernel hackers outside the
> > US to publish security info to people in the US, but
> > only to the rest of the world.
> >
> > That's tough, they're a democratic country, they can
> > change the law if it hurts them too much.
>
> Rik...
>
> I *wish* it were that simple. If you don't think that a least some of us
> *try*, you're kidding yourself. The real problem, IMHO, is that the
> electorate of our country no longer has any real power or control over the
> government -- it's the corporations that do. Money talks, so the saying
> goes. He who has the gold makes the rules.
>
> So, please don't punish all of us for the acts of our corrupt system. We
> just try to make it better in whatever ways we can. FWIW, the ACLU, EEF,
> etc. are our best hope for a free society.

In one location, I see senator Hollings listed as party
"Democrat-Disney". Disney is another spot to boycott, they are trying to
have Linux and open source o/s's declared illegal to even touch
copyright media...not as a web server, a home machine, or anything (say
bye to IBM's Linux efforts). I think the vote for this killer SSSCA is
somewhere around the 25th of this month, so you better hurry.

D. Stimits, [email protected]

(PS: I always suspected Mickey Mouse was a member of the Taliban)

>
> Thanks
>
> -Nick
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/

2001-10-22 19:42:39

by Mike Fedyk

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, Oct 22, 2001 at 12:14:47PM -0700, Tudor Bosman wrote:
> 2. A description of a security hole, or unpatched source code, or even
> exploit code do not meet the criteria set forward by the DMCA for
> illegal circumvention devices.
>

I believe the exploit could be logically considered a "product" whos
use is to destroy. Even though it can be used to test to see it the problem
is really fixed on a patched system...

2001-10-22 19:43:19

by Gregory Ade

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 22 Oct 2001, Alan Cox wrote:

> > This would then presumably lead to password protected access for US kernel
> > developers that need to know? And some kind of NDA?
>
> US kernel developers cannot be told. Period.
>
> > 'IANAL', and neither are you, are you sure this sillyness is necessary?
>
> Its based directly on legal opinion.

<rantmode>

So, then, just to satisfy my curiosity, how long until users of Linux in
the U.S.A. will no longer be allowed to download new kernels?

After all, all it would really take for one of us to find out what was
fixed is to download this patch and go through it line by line, and
examine the context of the changes.

Or are we no longer allowed to look at the sources either?

I'm really confused by this gesture. You're talking about both sides of
your mouth by telling us that "US kernel developers cannot be told" and at
the same time releasing the source/patch to the world.

Make up your mind.

</rantmode>

I guess I was wrong about the Linux kernel being Open Source and freely
available and distributable.

- --
Gregory K. Ade <[email protected]>
http://unnerving.org/~gkade
OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE71HbOeQUEYOr0hEsRAn39AKC7loLShLzNQvH2fbr4fsVz5pxfHACeIiAi
1vzVfy+QQNpSlS6wEbkiWeI=
=X7eo
-----END PGP SIGNATURE-----


2001-10-22 19:45:39

by D. Stimits

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Nick LeRoy wrote:
>
> Wayne, everybody..
>
> I hate to belabor this point, but I'm in full agreement. If I really
> believed that Alan's boycott would have *any* positive affect, I'd fully
> support it, but the reality of the situation is that Wayne is right -- nobody
> with any real power will ever know or be able to a difference. I think that
> civil disobiediance is the only sensible action.

I wish I had a vote in Senator Hollings jurisdiction, I'd try to have
him impeached or recalled. It would never work, but it might open some
eyes.

D. Stimits, [email protected]

>
> -Nick
>
> On Monday 22 October 2001 12:21, [email protected] wrote:
> > It's highly unlikely that Alan withholding information from a handful of US
> > Linux users and developers will have any effect on US laws. Plenty of us
> > have complained already to our elected officials, without results. The
> > number of people who would care (or even know) about Alan's security
> > boycott -- even if it includes the entire US readership of linux-kernel --
> > is vanishingly small compared to the general population, and no politician
> > is going to pay attention to such a small and dilute constituency. All a
> > policy of secrecy will accomplish is to punish US kernel hackers (who
> > probably disagree with the DMCA as much as the rest of you) and have no
> > effect on the average citizen who doesn't have a clue about either the DMCA
> > or Linux. I'm seeing a disturbing trend here; with all the talk about this
> > topic and about EXPORT_SYMBOL_GPL here lately, I'm starting to think
> > linux-kernel is more about restricting information than disseminating it.
> >
> > I believe the DCMA should be treated like firearms laws or any other bad
> > laws: Fight them where possible, and disobey them where fighting them is
> > not possible.
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/

2001-10-22 19:49:19

by Doug McNaught

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

"D. Stimits" <[email protected]> writes:

> In one location, I see senator Hollings listed as party
> "Democrat-Disney". Disney is another spot to boycott, they are trying to
> have Linux and open source o/s's declared illegal to even touch
> copyright media...not as a web server, a home machine, or anything (say
> bye to IBM's Linux efforts). I think the vote for this killer SSSCA is
> somewhere around the 25th of this month, so you better hurry.

Committee hearings, not a vote.

-Doug
--
Let us cross over the river, and rest under the shade of the trees.
--T. J. Jackson, 1863

2001-10-22 19:55:59

by Tom Sightler

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

> In conclusion, I tried to make two points in the above rant:
>
> 1. A description of a security hole is constitutionally protected
> speech, and as such cannot be construed as violating the sections of the
> DMCA. If such description fits the definition of "technology, product,
> service, device, component, or part thereof", then we're in big trouble,
> because source code itself is much closer to the definition of a
> "product" than a description of the source code.
>
> 2. A description of a security hole, or unpatched source code, or even
> exploit code do not meet the criteria set forward by the DMCA for
> illegal circumvention devices.

Very good point indeed. I would like for someone, anyone, to explain to me
exactly how disclosing security issues in open code would ever violate the
DMCA. Alan stated that it comes from a legal opinion, I would like to see
this opinion and know who it was from. Partially because I am from South
Carolina, the same state as SSSCA co-author Sen Hollings. I would love to
be able to spell out this "doomsday" can't publish security issues scenario
and hear his response, but I just don't see it in the DMCA. I would love
for someone to enlighten me on how they came to this conclusion with an
intelligent sentance other than "that what the DMCA says." Where does it
say that? How can you interpret that?

Everyone wants to bring up the Sklyarov case, but he didn't just expose the
weakness of the code, his company actively sold a product for financial gain
that circumvented the protection. While I still don't think the Sklyarov
himself should be the target, it has very little similarity to any open
source products like Linux.

To meet the criteria for criminal prosecution under DMCA you must violate
the rules "willfully and for purposes of commercial advantage or private
financial gain." This is the only case in which the government can pursue
you without another parties involvement.

Later,
Tom


2001-10-22 19:58:19

by Gregory Ade

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 22 Oct 2001, Rik van Riel wrote:

> That's tough, they're a democratic country, they can
> change the law if it hurts them too much.

No, it's a Republic. More specifically, a representative democracy, which
means that we're at the mercy of the people we've given license to
represent us. They make all sorts of promises to get in office, and then
go do their own damn thing anyway.

Unfortunately, the people I vote for never make it in to office, but
that's fodder for an entirely off-topic debate (flamewar?) on American
Politics. But, because I at least voted, I reserve the right to bitch
about what the people in office are doing. =)

I've written my representatives and voiced my opinions, but apparently
I'm of such a small minority that I think I'm being ignored.

- --
Gregory K. Ade <[email protected]>
http://unnerving.org/~gkade
OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE71HoGeQUEYOr0hEsRAuf1AKCEwe84VvLtomt1KYvSRWMIQCozhQCfZHrM
WjIEixxaffGjwl6aecjHxew=
=wkYl
-----END PGP SIGNATURE-----


2001-10-22 20:01:29

by Bill Davidsen

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

In article <[email protected]> [email protected] wrote:
|
|
| I certainly can't argue with your logic. :-)
|
| Actually, I believe there are some decent, honest, well-meaning people in our
| government. It's just that they seldom have much influence on policy. :-(

After watching the VM wars here, how can you doubt that decent,
honest, well-meaning, and at least in the case of VM, competent people
can have very different ideas of how to solve a problem? Do you think
good people don't ever propose very bad solutions to problem? Just look
a release 2.4.11-ohshit.

Write to your politicians, and try to find out who does NSA secure
linux. How happy can they be not to get security fixes? Do they have to
stop publishing? Are people coming in black helicopters to dismantle
CERT, long our line of defense?

Stop trying to demonize politicians and start writing letters. State
the FACTS clearly without coming off as a hothead or worse, and you can
convince a staffer, which is the way in. Local elections are this year,
I bet your local candidate will give you a few minutes and if convinced
would would at least try to get you a five minutes on the phone with a
congressman. Then you need to be cool and informative.

Contact the local VFW and try to get someone interested. Soldiers
know about operating without intelligence information, and they often
have contacts. IBM is spending big bucks on TV ads for Linux, don't
hesitate to mention that trying to get the ear of a politician. Let
them, know this is not a bunch of hackers.

Start using the system instead of whining about it. You don't need
money to rock the boat, just the perception that you are a reasonable
person pointing out a problem.

--
bill davidsen <[email protected]>
His first management concern is not solving the problem, but covering
his ass. If he lived in the middle ages he'd wear his codpiece backward.

2001-10-22 20:04:19

by Richard B. Johnson

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001 [email protected] wrote:

> > > Putting pressure on US people to have them influence their
> > > legislation? Aka. every people have the rulers they deserve? Won't
> > > work out.
>
> On Mon, Oct 22, 2001 at 01:29:14PM +0100, Alan Cox wrote:
> > "Until they become conscious they will never rebel, and until after
> > they have rebelled they cannot become conscious."
>
> While I've been generally saddened by Alan Cox's and others
> anti-America attitude, I am somewhat surprised to find that
> Alan believes the US bombing of Afghanistan is justified and so
> is the collateral damage as they call it.
>
> Alan's point being that a population of a State can't be innocent
> of the actions of their government, something, by the way, with
> which I disagree.
>
[SNIPPED...]

Once the government controls the schools, children learn what the
government wants them to learn. This knowledge becomes "fact" even
though it may be illogical and have no technical basis. Once the
United States government gained a toe-hold in the schools in the
1948 "School Lunch Program", the result was clear and the future
certain. Now we have socialist teachers teaching future socialist
legislators.

I am certain that the same problem exists with all governments,
even the United Kingdom. I don't think Alan is anti-American,
merely having been blinded by his own schooling. The days of
the patriots who declared; "Give me liberty or give me death!"
are long gone everywhere. Now we have, instead, those who declare;
"Give me a job so I can feed my family...". Anything the government
promises, that makes that job easier, or more readily available,
is accepted as the price of liberty when, if fact, there is no
liberty involved whatsoever. I read a quote in one of the IEEE
rags where Alan stated that he was afraid that he'd be arrested
if he entered the United States. I don't think he has too
much to worry about, the United States government didn't even
"provide for the common defense" (preamble to the US Constitution)
as became obvious on 9/11. I'm sure nobody would wake up even if
Alan was a terrorist.

I believe that we should have sent a tactical nuclear cruise
missile to Ben Laden's last known address. We can always apologize
later. This would put future terrorists on notice that if you
tweak the tiger's tail, you get hurt. But, that's why I'm
not a politician. Instead, we've got so-called government leader-
ship that is running around the world kissing ass. I don't need
some government to apologize for my existence. I need a government
to "provide for the common defense..." as required by the United
States Constitution.

Sorry about the off-topic.

Cheers,
Dick Johnson

Penguin : Linux version 2.4.1 on an i686 machine (799.53 BogoMips).

I was going to compile a list of innovations that could be
attributed to Microsoft. Once I realized that Ctrl-Alt-Del
was handled in the BIOS, I found that there aren't any.


2001-10-22 20:07:59

by Alan

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

> So, then, just to satisfy my curiosity, how long until users of Linux in
> the U.S.A. will no longer be allowed to download new kernels?

Potentially about 12 months after the SSSCA is passed. At which point you may
well find only a binary only OS with enforced copy management is legal in
the USA.

> I guess I was wrong about the Linux kernel being Open Source and freely
> available and distributable.

It is, subject to the law of the various countries concerned.

Alan

2001-10-22 20:16:40

by Alan

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

> support it, but the reality of the situation is that Wayne is right -- nobody
> with any real power will ever know or be able to a difference. I think that
> civil disobiediance is the only sensible action.

And thats a choice you have - go post the relevant information where you
like at your own risk.

2001-10-22 20:19:40

by Mr. Shannon Aldinger

[permalink] [raw]
Subject: linux-kernel-legal? was (Re: Linux 2.2.20pre10)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 22 Oct 2001, Gregory Ade wrote:

> No, it's a Republic. More specifically, a representative democracy, which
> means that we're at the mercy of the people we've given license to
> represent us. They make all sorts of promises to get in office, and then
> go do their own damn thing anyway.
>

Here I thought we had Republicans fighting to make the US a republic and
Democrats fighting to make it a Democracy. Oh well, my mistake. Can
someone start a seperate mailing list maybe linux-kernel-legal. It would
be a good place for this and discussion of any other new laws, US and
other that effect the kernel hackers. As a bonus it wouldn't distract from
the patches.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iEYEARECAAYFAjvUf9QACgkQwtU6L/A4vVCa/wCaA3STfFIErhA3rl/4NpUvJSYV
xLIAn0UsaExwEQj2Ir++XfqLmp7LRsRc
=Ux3H
-----END PGP SIGNATURE-----


2001-10-22 20:23:00

by Torrey Hoffman

[permalink] [raw]
Subject: RE: Linux 2.2.20pre10

Gregory Ade ranted, and I couldn't resist replying:

> So, then, just to satisfy my curiosity, how long until users
> of Linux in
> the U.S.A. will no longer be allowed to download new kernels?

If (hopefully not when!) the SSSCA passes. Personally, I'm making
plans to get out of the US if that happens.

> After all, all it would really take for one of us to find out what was
> fixed is to download this patch and go through it line by line, and
> examine the context of the changes.
> Or are we no longer allowed to look at the sources either?

Of course you can look at the sources. So ** YOU ** can go through
the patches, figure out exactly what the security flaws were, create
a detailed description, and post it on a web page or on this list.

Then ** YOU ** are the one who might get sued under the DMCA.
Why should Alan take the risk?

> I'm really confused by this gesture. You're talking about

I don't think it is primarily a gesture. Obviously Alan is taking
a somewhat extreme position, probably (partly) to make a point, but
there are REAL issues here. (IANAL either, of course.)

To spell it out:

1. The security flaws were in userid and other kernel subsystems.

2. These kernel systems could be used to protect copyrighted data -
for example, perhaps some on-line music company uses Linux
servers to store the music.

3. Instructions on how to check for (i.e. exploit) the flaw may
constitute an illegal copy control circumvention device.
Why? Well, perhaps if you know the details, you could use
them to hack on-line music servers, and download music for
free, or without the DRM locks on it. It really isn't
difficult to come up with a plausible example.

4. Presenting detailed information like this, together with sample
code, is basically what Dimitri Skylarov was arrested for.

4b. You are not safe even if you never visit the US.

5. Dimitry is still awaiting trial and faces (at worst) ~20 years
in jail and tens of thousands of dollars in fines, merely for
explaining how lousy the security is on some software intended
to protect copyrighted content.

6. Therefore, as I see it, Alan wisely is avoiding even coming
close to that.

Do you really have a problem with that? I think it's very prudent.

The source code or patch itself is a FIX, it cannot be construed
as a circumvention device. (compare to information about the holes,
which includes shell script for sample exploits, etc.)

> I guess I was wrong about the Linux kernel being Open Source
> and freely available and distributable.

Calm down, you are getting your knickers in a knot over something
that is not Alan's fault.

Torrey Hoffman


2001-10-22 20:22:10

by Alan

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

> 1. A description of a security hole is constitutionally protected
> speech, and as such cannot be construed as violating the sections of the
> DMCA. If such description fits the definition of "technology, product,
> service, device, component, or part thereof", then we're in big trouble,
> because source code itself is much closer to the definition of a
> "product" than a description of the source code.

I firmly believe that if justice prevails in the existing DMCA cases you
will be shown to be right. I've seen people compare the US to Iraq and
I don't buy that.

However until people stop shooting I'd prefer not to be a potential target.

Alan

2001-10-22 20:26:30

by PinkFreud

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

> > > 2.2.20pre11
> > > o Security fixes
> > > | Details censored in accordance with the US DMCA
> > > Care to elaborate?
>
> On a list that reaches US citizens - no. File permissions and userids may
> constitute and be used for rights management.
>
> Alan

Why not take that a step further? It would seem to me that your
insane interpretation of that insane law would mean that unix and it's
derivatives (Linux, anyone?) would be illegal to use as well.

You're preaching to the choir here. By withholding these changes from US
citizens, you're not going to pressure any politicians. I doubt there are
many politicians who count on this issue reading this list. I think most
of the US citizens reading this list, though, are enlightened enough to
know the harm the DMCA causes.

Please don't tell me you woke up this morning and had a sudden attack of
conscience that you were violating US law. You've posted such changes
here since the DMCA was put into effect, not to mention that lists like
Bugtraq are still operating in the US - and I think many of us managed to
read about the symlink and ptrace holes in kernels <= 2.2.19.


Mike Edwards

Brainbench certified Master Linux Administrator
http://www.brainbench.com/transcript.jsp?pid=158188
-----------------------------------
Unsolicited advertisments to this address are not welcome.

2001-10-22 20:28:20

by Alan

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

> On Mon, Oct 22, 2001 at 01:29:14PM +0100, Alan Cox wrote:
> > "Until they become conscious they will never rebel, and until after
> > they have rebelled they cannot become conscious."
>
> While I've been generally saddened by Alan Cox's and others
> anti-America attitude, I am somewhat surprised to find that
> Alan believes the US bombing of Afghanistan is justified and so
> is the collateral damage as they call it.

That quote is rather older than the US bombing of Afghanistan. You read
totally inappropriate things into it.

2001-10-22 20:30:40

by Rik van Riel

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001, PinkFreud wrote:

> You're preaching to the choir here. By withholding these
> changes from US citizens, you're not going to pressure any
> politicians.

Pressuring US politicians is a job for US citizens.

Why are you asking Alan to risk prison _and_ pressure
US politicians? That's something you, as a resident
of the USA, should be doing yourself.


Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)

http://www.surriel.com/ http://distro.conectiva.com/


2001-10-22 20:36:21

by Alan

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

> Everyone wants to bring up the Sklyarov case, but he didn't just expose the
> weakness of the code, his company actively sold a product for financial gain
> that circumvented the protection. While I still don't think the Sklyarov

The Felten case is the more relevant one.

2001-10-22 20:36:20

by Tommy Reynolds

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

It was a dark and stormy night. Suddenly "Torrey Hoffman" <[email protected]> spoke:

> Gregory Ade ranted, and I couldn't resist replying:
>
> > So, then, just to satisfy my curiosity, how long until users
> > of Linux in
> > the U.S.A. will no longer be allowed to download new kernels?
>
> If (hopefully not when!) the SSSCA passes. Personally, I'm making
> plans to get out of the US if that happens.

Ah, but would you be allowed to leave if you possess any security knowlege?

---------------------------------------------+-----------------------------
Tommy Reynolds | mailto: <[email protected]>
Red Hat, Inc., Embedded Development Services | Phone: +1.256.704.9286
307 Wynn Drive NW, Huntsville, AL 35805 USA | FAX: +1.236.837.3839
Senior Software Developer | Mobile: +1.919.641.2923

2001-10-22 20:38:40

by Alan

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

> United States government gained a toe-hold in the schools in the
> 1948 "School Lunch Program", the result was clear and the future
> certain. Now we have socialist teachers teaching future socialist
> legislators.

I think that you need to learn the difference between socialism and
stalinist statism - what you are describing is the USSR, which was of
course the other major state that imprisoned people for wanting to make
copies as part of free speech, and which controlled copying devices with
laws.

Alan

2001-10-22 20:42:10

by PinkFreud

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001, Rik van Riel wrote:

> Date: Mon, 22 Oct 2001 18:30:38 -0200 (BRST)
> From: Rik van Riel <[email protected]>
> To: PinkFreud <[email protected]>
> Cc: [email protected]
> Subject: Re: Linux 2.2.20pre10
>
> On Mon, 22 Oct 2001, PinkFreud wrote:
>
> > You're preaching to the choir here. By withholding these
> > changes from US citizens, you're not going to pressure any
> > politicians.
>
> Pressuring US politicians is a job for US citizens.

Yep. I agree.

> Why are you asking Alan to risk prison _and_ pressure
> US politicians? That's something you, as a resident
> of the USA, should be doing yourself.

I never said that. I merely pointed out that most US citizens on this
list know what the DMCA really stands for, and are, in all likelyhood
doing something, no matter how small, about it. Why pressure us, when
most of us are undoubtedly aware of the problem?

As for risking jail, I point out again that the DMCA has never stopped him
before. I recognize that the Skylarov case has him scared - and I don't
blame him. Howver, Alan has already announced his intentions not to enter
the US until the DMCA is repealed. What do you think is going to happen -
Bush sends the military out to bomb his house?

Sorry, that was in bad taste, I know. But I am trying to make a point
here. There's not much the US can do without him entering the country,
and he doesn't plan on doing so. What annoys me, however, is suppressing
security information from US citizens just because a few moronic
politicians have their heads permanently shoved up their asses.

Seems to me Alan is just adding to the problem.


> Rik
> --


Mike Edwards

Brainbench certified Master Linux Administrator
http://www.brainbench.com/transcript.jsp?pid=158188
-----------------------------------
Unsolicited advertisments to this address are not welcome.

2001-10-22 20:45:50

by Richard B. Johnson

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001, Alan Cox wrote:

> > United States government gained a toe-hold in the schools in the
> > 1948 "School Lunch Program", the result was clear and the future
> > certain. Now we have socialist teachers teaching future socialist
> > legislators.
>
> I think that you need to learn the difference between socialism and
> stalinist statism - what you are describing is the USSR, which was of
> course the other major state that imprisoned people for wanting to make
> copies as part of free speech, and which controlled copying devices with
> laws.
>

Sorry. I got confused. With the government reading everything we
type, I tend to get the countries mixed.

Cheers,
Dick Johnson

Penguin : Linux version 2.4.1 on an i686 machine (799.53 BogoMips).

I was going to compile a list of innovations that could be
attributed to Microsoft. Once I realized that Ctrl-Alt-Del
was handled in the BIOS, I found that there aren't any.


2001-10-22 20:45:50

by Dan Hollis

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001, Alan Cox wrote:
> > Everyone wants to bring up the Sklyarov case, but he didn't just expose the
> > weakness of the code, his company actively sold a product for financial gain
> > that circumvented the protection. While I still don't think the Sklyarov
> The Felten case is the more relevant one.

decss as well -- strange how people forget that one so easily

-Dan
--
[-] Omae no subete no kichi wa ore no mono da. [-]

2001-10-22 20:50:10

by D. Stimits

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Doug McNaught wrote:
>
> "D. Stimits" <[email protected]> writes:
>
> > In one location, I see senator Hollings listed as party
> > "Democrat-Disney". Disney is another spot to boycott, they are trying to
> > have Linux and open source o/s's declared illegal to even touch
> > copyright media...not as a web server, a home machine, or anything (say
> > bye to IBM's Linux efforts). I think the vote for this killer SSSCA is
> > somewhere around the 25th of this month, so you better hurry.
>
> Committee hearings, not a vote.

Even better...as much influence against Disney and politicians that
support SSSCA should be put in as soon as possible. Would you rather
have your input a few days before a final vote, or while minds could
still be open? SSSCA is more dangerous than the Taliban, all the Taliban
can kill are people...SSSCA can kill more than that.

D. Stimits, [email protected]

>
> -Doug
> --
> Let us cross over the river, and rest under the shade of the trees.
> --T. J. Jackson, 1863
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/

2001-10-22 20:58:00

by Craig Dickson

[permalink] [raw]
Subject: RE: Linux 2.2.20pre10

Alan Cox wrote:

> However until people stop shooting I'd prefer not to be a potential
> target.

Mr. Cox,

I understand your concern for your own safety, though I disagree with
your evaluation of the danger in this case.

However, I think it's fair to say that the production and distribution
of complete changelogs, such that all users have access to them, is an
important part of the job of being the official maintainer for a
project, especially such an important project as the stable branch of
the Linux kernel.

So it sounds to me like what you're really saying is that you are
unwilling to take the risks that, under the current circumstances, you
perceive as an unavoidable part of the task of maintaining the kernel.

I don't buy the argument you seem to be implying, that you can fulfil
your responsibilities as kernel maintainer by making this information
available in such a way that US residents cannot obtain it. From the
statistics I've seen in the past, a high percentage of Linux users are
US residents. It is surely unreasonable to suggest that withholding
information from all those people is compatible with being the official
kernel maintainer.

You are aware, no doubt, that Linus Torvalds is currently resident in
the US. If you are unable to give him complete changelogs and
explanations of the patches you submit to him, I can't imagine how you
could continue to perform effectively as a Linux kernel developer.

Perhaps you should step down. This would not only be the honest and
honorable thing to do, if you truly believe that distributing changelogs
to the US would place you in legal jeopardy, but it would also be a far
more dramatic act of protest than merely censoring changelogs.

Respectfully,

Craig Dickson

2001-10-22 21:01:50

by Jussi Laako

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Rik van Riel wrote:
>
> The worst that could happen is that the US cripples
> itself by not allowing the kernel hackers outside the
> US to publish security info to people in the US, but
> only to the rest of the world.

Unless they pressure foreign governments to make similar laws as we have
seen with Wassenaar arrangement and few other cases...


- Jussi Laako

--
PGP key fingerprint: 161D 6FED 6A92 39E2 EB5B 39DD A4DE 63EB C216 1E4B
Available at PGP keyservers

2001-10-22 21:05:20

by Tom Sightler

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

> > Everyone wants to bring up the Sklyarov case, but he didn't just expose
the
> > weakness of the code, his company actively sold a product for financial
gain
> > that circumvented the protection. While I still don't think the
Sklyarov
>
> The Felten case is the more relevant one.

OK, I need even more help here. Isn't it Felten the one doing the suing in
that case. I need more clarification. I've tried to read both the EFF
pages as well as other sources and I don't even see where he has been sued
under the DMCA (although it does look like he was theatened with legal
action from the RIAA). Has there been a recent ruling that I've been too
busy to see lately.

Thanks,
Tom


2001-10-22 21:07:40

by Rik van Riel

[permalink] [raw]
Subject: RE: Linux 2.2.20pre10

On Mon, 22 Oct 2001, Craig Dickson wrote:

> However, I think it's fair to say that the production and distribution
> of complete changelogs, such that all users have access to them, is an
> important part of the job of being the official maintainer for a
> project, especially such an important project as the stable branch of
> the Linux kernel.

Maybe Alan will allow publishing of the changelogs on
http://thefreeworld.net/ ?

> From the statistics I've seen in the past, a high percentage of
> Linux users are US residents.

If they're unhappy with the consequences of US law, they
should move.

> Perhaps you should step down.

Alan is doing an absolutely fantastic job of maintaining
the kernel, I see absolutely no reason why he should stop
doing that.

If you want the changelogs for the kernel published in
the US, why don't you publish them, under your name and
your full responsability ?

regards,

Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)

http://www.surriel.com/ http://distro.conectiva.com/

2001-10-22 21:11:40

by Wayne.Brown

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10



As the person who first brought Iraq into this thread, I have to say this: If
you think I was comparing the US to Iraq then you're mistaken. I was merely
pointing out Iraq (semi-jokingly) as an example of a country that would not care
about enforcing US laws.

Wayne




Alan Cox <[email protected]> on 10/22/2001 03:28:38 PM

To: [email protected] (Tudor Bosman)
cc: [email protected] ([email protected]) (bcc: Wayne
Brown/Corporate/Altec)

Subject: Re: Linux 2.2.20pre10



> 1. A description of a security hole is constitutionally protected
> speech, and as such cannot be construed as violating the sections of the
> DMCA. If such description fits the definition of "technology, product,
> service, device, component, or part thereof", then we're in big trouble,
> because source code itself is much closer to the definition of a
> "product" than a description of the source code.

I firmly believe that if justice prevails in the existing DMCA cases you
will be shown to be right. I've seen people compare the US to Iraq and
I don't buy that.

However until people stop shooting I'd prefer not to be a potential target.

Alan

2001-10-22 21:13:40

by Tom Sightler

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

> On Mon, 22 Oct 2001, Alan Cox wrote:
> > > Everyone wants to bring up the Sklyarov case, but he didn't just
expose the
> > > weakness of the code, his company actively sold a product for
financial gain
> > > that circumvented the protection. While I still don't think the
Sklyarov
> > The Felten case is the more relevant one.
>
> decss as well -- strange how people forget that one so easily

Not forgotten, just trying to understand relevance. How do these cases,
which all revolve around breaking commercial products and cause damage to
the corporations that push them, apply to security in the open source Linux
kernel to which the public is given all rights.

BTW, I'm not for the DMCA either, I understand the harm it causes, what I
don't understand is how people are twisting it to apply to Linux source code
and security issue. Is Microsoft also in violation of the DMCA? In some
cases they release security details on the issues their updates address. If
so perhaps we should all sue Microsoft for damages and by tomorrow the law
will be repealed.

Later,
Tom


2001-10-22 21:16:50

by D. Stimits

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Rik van Riel wrote:
>
> On Mon, 22 Oct 2001, PinkFreud wrote:
>
> > You're preaching to the choir here. By withholding these
> > changes from US citizens, you're not going to pressure any
> > politicians.
>
> Pressuring US politicians is a job for US citizens.

NO! US citizens should provide the most pressure, but thinking that
nations which the USA trades with and is partners with have no influence
is plain wrong. To state only citizens of USA can help means that you
truly believe the USA is an island untouched by the world around it. You
can't fight this from jail, but you don't have to be a USA citizen to
bring to light the shear stupidity of some US law. Sometimes a foreign
country has more influence in shouting about the wrong doings than do US
citizens...the political point of information input is different, all
angles are required. You don't have to be responsible for a problem in
order to be able to help solve it.

D. Stimits, [email protected]

>
> Why are you asking Alan to risk prison _and_ pressure
> US politicians? That's something you, as a resident
> of the USA, should be doing yourself.
>
> Rik
> --
> DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)
>
> http://www.surriel.com/ http://distro.conectiva.com/
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/

2001-10-22 21:22:20

by Tom Sightler

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

> > From the statistics I've seen in the past, a high percentage of
> > Linux users are US residents.
>
> If they're unhappy with the consequences of US law, they
> should move.

Laws don't get changed by people moving, they get changed working to get
them changed.

> > Perhaps you should step down.
>
> Alan is doing an absolutely fantastic job of maintaining
> the kernel, I see absolutely no reason why he should stop
> doing that.

I agree with that, I wouldn't want to see this happen either.

> If you want the changelogs for the kernel published in
> the US, why don't you publish them, under your name and
> your full responsability ?

I would gladly publish them on my site, however, I'm unsure how I could get
them, and I unfortunately don't have the skill to completely understand them
from only the source. If someone can help me with this I'll be glad to
provide the space.

Also, shouldn't some company with Linux interest be willing to take on this
risk? Say, Redhat or IBM.

Later,
Tom


2001-10-22 21:23:40

by Craig Dickson

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Rik van Riel wrote:

> Maybe Alan will allow publishing of the changelogs on
> http://thefreeworld.net/ ?

Earlier today he said he wanted to put them online in a way that US
citizens couldn't get at them. That's simply not acceptable. Now, if he
backs off to simply not including them in email, but publishing them on
a non-US website that is freely accessible to Americans, that might be a
reasonable compromise.

> > From the statistics I've seen in the past, a high percentage of
> > Linux users are US residents.
>
> If they're unhappy with the consequences of US law, they
> should move.

That sort of remark doesn't merit a response. Particularly since, in
this case, the argument rests on a delusional reading of the DMCA, as
has been argued elsewhere in this thread. I don't defend the DMCA at
all, but let's stick to reality here. It's silly to suggest that Alan
is at any risk of prosecution by publishing a changelog.

> > Perhaps you should step down.
>
> Alan is doing an absolutely fantastic job of maintaining
> the kernel, I see absolutely no reason why he should stop
> doing that.

Alan has done a great many wonderful things for the kernel, and it would
indeed be very sad if he could not continue to do so. However, if he's
unwilling to do the job completely, making changelogs and all other
public information available without restrictions, then he is no longer
doing a very important part of his job, and someone else should take
over.

Again, remember that Linus himself is living in the US. How can Alan
submit security-related patches to Linus, and explain why they're needed,
without (as Alan sees it) risking prosecution under the DMCA?

> If you want the changelogs for the kernel published in
> the US, why don't you publish them, under your name and
> your full responsability ?

If Alan isn't allowing US residents access to the changelogs, then it's
quite impossible for me to do as you suggest; I can't publish what I
don't have.

Craig

2001-10-22 21:26:50

by Ognen Duzlevski

[permalink] [raw]
Subject: RE: Linux 2.2.20pre10

Blah...

I usually try not to speak unless I have something relevant to say but I
must say I am growing tired of the "United States is the center of the
world" doctrine. Linux is free for you to change so sit down and publish
your own changelogs if you can. Either that or shut up.

Ognen

On Mon, 22 Oct 2001, Craig Dickson wrote:

> Alan Cox wrote:
>
> > However until people stop shooting I'd prefer not to be a potential
> > target.
>
> Mr. Cox,
>
> I understand your concern for your own safety, though I disagree with
> your evaluation of the danger in this case.
>
[a lot of unnecessary crap snipped]

> Respectfully,
>
> Craig Dickson

2001-10-22 21:30:20

by Gerhard Mack

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001, Alan Cox wrote:

> > So, then, just to satisfy my curiosity, how long until users of Linux in
> > the U.S.A. will no longer be allowed to download new kernels?
>
> Potentially about 12 months after the SSSCA is passed. At which point you may
> well find only a binary only OS with enforced copy management is legal in
> the USA.
>
> > I guess I was wrong about the Linux kernel being Open Source and freely
> > available and distributable.
>
> It is, subject to the law of the various countries concerned.
>
> Alan

Has it become time for a non-us.vger.kernel.org ??

--
Gerhard Mack

[email protected]

<>< As a computer I find your faith in technology amusing.

2001-10-22 21:32:10

by Rik van Riel

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001, Craig Dickson wrote:
> Rik van Riel wrote:
>
> > Maybe Alan will allow publishing of the changelogs on
> > http://thefreeworld.net/ ?
>
> Earlier today he said he wanted to put them online in a way that
> US citizens couldn't get at them. That's simply not acceptable.

It's perfectly fine with me ;)

> Now, if he backs off to simply not including them in email, but
> publishing them on a non-US website that is freely accessible to
> Americans, that might be a reasonable compromise.

We're working on implementing access control for
thefreeworld.net so the classified content won't
be available for citizens and inhabitants of the
USA.

This is done so we won't be liable for publishing
things to the USA which would be illegal there.

> Alan has done a great many wonderful things for the kernel, and
> it would indeed be very sad if he could not continue to do so.
> However, if he's unwilling to do the job completely, making
> changelogs and all other public information available without
> restrictions, then he is no longer doing a very important part
> of his job, and someone else should take over.

So if the SSSCA gets approved and open source is outlawed
(because only software with 'approved security measures'
is allowed) Linux should stop entirely ?

I don't agree that one US law, which hurts US citizens,
should also hurt the rest of the world. It's your country,
it's your law, it should only hurt you...

regards,

Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)

http://www.surriel.com/ http://distro.conectiva.com/

2001-10-22 21:34:41

by David Miller

[permalink] [raw]
Subject: Re: linux-kernel-legal? was

From: "Mr. Shannon Aldinger" <[email protected]>
Date: Mon, 22 Oct 2001 16:21:23 -0400 (EDT)

Here I thought we had Republicans fighting to make the US a republic and
Democrats fighting to make it a Democracy. Oh well, my mistake. Can
someone start a seperate mailing list maybe linux-kernel-legal. It would
be a good place for this and discussion of any other new laws, US and
other that effect the kernel hackers. As a bonus it wouldn't distract from
the patches.

The EFF and many other organizations concerned about the DMCA issues
have suitable public lists for discussion of this topic. I do not see
a need for a new vger list.

You can just as well take this 2.2.x changelog thread there. In fact,
they're probably already talking about it :-)

Franks a lot,
David S. Miller
[email protected]

2001-10-22 21:37:30

by Craig Dickson

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

[email protected] wrote:

> I usually try not to speak unless I have something relevant to say

Well, nobody's perfect.

> but I
> must say I am growing tired of the "United States is the center of the
> world" doctrine.

Nothing I've said reflects or, to a sensible person, suggests such a
doctrine. The US may not be the center of the world, or the most
important country in it, but it's no less important than any other
nation.

> Linux is free for you to change so sit down and publish
> your own changelogs if you can. Either that or shut up.

I'll try to pretend we're having a rational discussion here, despite
your last sentence.

So are you saying that you don't agree that publishing complete
changelogs should be considered an essential duty of the kernel
maintainer?

Craig

2001-10-22 21:37:22

by Dan Hollis

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001, Tom Sightler wrote:
> If so perhaps we should all sue Microsoft for damages and by tomorrow the law
> will be repealed.

You cant sue microsoft -- you waive all rights to damages with the
shrinkwrap licenses.

-Dan
--
[-] Omae no subete no kichi wa ore no mono da. [-]

2001-10-22 21:38:31

by Bob Glamm

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

> > However, I think it's fair to say that the production and distribution
> > of complete changelogs, such that all users have access to them, is an
> > important part of the job of being the official maintainer for a
> > project, especially such an important project as the stable branch of
> > the Linux kernel.
>
> Maybe Alan will allow publishing of the changelogs on
> http://thefreeworld.net/ ?
>
> > From the statistics I've seen in the past, a high percentage of
> > Linux users are US residents.
>
> If they're unhappy with the consequences of US law, they
> should move.

>From the comments I've seen, there are a number of people considering
just this option should those laws be passed & stand up in the Supreme
Court. I know I'm one of them.

Perhaps that could be used as a point of pressure against those
proposing these laws: that a significant number of smart people that
generate the intellectual property (and hence revenue) of a variety of
companies will leave the US and generate IP & revenue for foreign
(read: competing) firms ;)

-Bob

2001-10-22 21:45:52

by Rik van Riel

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001, Craig Dickson wrote:

> So are you saying that you don't agree that publishing complete
> changelogs should be considered an essential duty of the kernel
> maintainer?

OK, I'll bite.

If publishing changelogs would be illegal in, say, the USA,
should Linux development be stopped ?

Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)

http://www.surriel.com/ http://distro.conectiva.com/

2001-10-22 21:48:51

by ognen

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

> Nothing I've said reflects or, to a sensible person, suggests such a
> doctrine. The US may not be the center of the world, or the most
> important country in it, but it's no less important than any other
> nation.

...or all nations except it?

Most of what you said implied exactly that. You even indicated some
statistics.

> So are you saying that you don't agree that publishing complete
> changelogs should be considered an essential duty of the kernel
> maintainer?

I am saying that if the laws of your country are to blame for you not
being able to obtain something, the maintainer cant help it. But he sure
doesnt have to step down especially since he has been doing a great job.

Ognen

2001-10-22 21:52:30

by Kilobug

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Rik van Riel wrote:

>>I never said that Alan, or any particular individual, should
>>risk a lawsuit or jail. I simply said that I hoped *someone
>>outside the US* (that is, someone not subject to US laws) would
>>make the information available.
>>
>
> If you publish to the US, you can be sued under US law.
>

Ok, so mail me the security-related informations at
[email protected], it's in France so you can, and I'll forward them.

I don't plan to go to the US a day or another (I won't go to any country
that use death penalty, for moral and political reasons), and so I don't
fear their DMCA.

--
** Gael Le Mignot, Ing3 EPITA, Coder of The Kilobug Team **
Home Mail : [email protected] Work Mail : [email protected]
GSM : 06.71.47.18.22 (in France) ICQ UIN : 7299959
Web : http://kilobug.freesurf.fr or http://drizzt.dyndns.org

"Software is like sex it's better when it's free.", Linus Torvalds


2001-10-22 21:58:10

by Tony Hoyle

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

In the ancient scrolls of Usenet, page
<Pine.LNX.4.33L.0110221943290.22127-100000@duckman.distro.conectiva>, "Rik
van Riel" <[email protected]> spake thus:


> If publishing changelogs would be illegal in, say, the USA, should Linux
> development be stopped ?

If the SSSCA gets passed that's not an impossible scenario... (more
likely it'll just become unavailable in the US).

Tony

--
"Only wimps use tape backup: _real_ men just upload their important stuff on
ftp, and let the rest of the world mirror it ;)" -- Linus Torvalds

[email protected] http://www.nothing-on.tv

2001-10-22 22:01:30

by Bill Davidsen

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001, Rik van Riel wrote:

> On Mon, 22 Oct 2001, bill davidsen wrote:
>
> > And who will be maintaining the world and us-castrated kernel
> > source? I can't imagine anything worse for the security of this
> > country than not allow computer users access to security issues.
>
> Don't worry, there are more than enough kernel hackers
> outside of the US to keep maintaining the kernel.

Last I heard Linus was in the USA, his not being able to participate in
security discussions worries me very much. Ditto Redhat and IBM.

--
bill davidsen <[email protected]>
CTO, TMR Associates, Inc
Doing interesting things with little computers since 1979.

2001-10-22 22:02:10

by D. Stimits

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Bob Glamm wrote:
>
> > > However, I think it's fair to say that the production and distribution
> > > of complete changelogs, such that all users have access to them, is an
> > > important part of the job of being the official maintainer for a
> > > project, especially such an important project as the stable branch of
> > > the Linux kernel.
> >
> > Maybe Alan will allow publishing of the changelogs on
> > http://thefreeworld.net/ ?
> >
> > > From the statistics I've seen in the past, a high percentage of
> > > Linux users are US residents.
> >
> > If they're unhappy with the consequences of US law, they
> > should move.
>
> >From the comments I've seen, there are a number of people considering
> just this option should those laws be passed & stand up in the Supreme
> Court. I know I'm one of them.

Too bad the option only applies to people with enough money to relocate.

D. Stimits, [email protected]

>
> Perhaps that could be used as a point of pressure against those
> proposing these laws: that a significant number of smart people that
> generate the intellectual property (and hence revenue) of a variety of
> companies will leave the US and generate IP & revenue for foreign
> (read: competing) firms ;)
>
> -Bob
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/

2001-10-22 22:10:00

by Rik van Riel

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001, Tony Hoyle wrote:

> > If publishing changelogs would be illegal in, say, the USA, should Linux
> > development be stopped ?
>
> If the SSSCA gets passed that's not an impossible scenario... (more
> likely it'll just become unavailable in the US).

Oh, I'm absolutely certain that Linux development will continue
but Linux just won't be available to people in the US any more.

If people are truly uncomfortable with it, they should prevent
the SSSCA from becoming a law.

regards,

Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)

http://www.surriel.com/ http://distro.conectiva.com/

2001-10-22 22:11:20

by Dan Hollis

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001, Bill Davidsen wrote:
> Last I heard Linus was in the USA, his not being able to participate in
> security discussions worries me very much. Ditto Redhat and IBM.

I wonder if Linus has an exit-usa plan in case the SSSCA passes.
If the SSSCA does pass, Linus would be in extreme danger.

-Dan
--
[-] Omae no subete no kichi wa ore no mono da. [-]

2001-10-22 22:13:10

by Craig Dickson

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Rik van Riel wrote:

> So if the SSSCA gets approved and open source is outlawed
> (because only software with 'approved security measures'
> is allowed) Linux should stop entirely ?

Nobody's suggesting that. But as long as the source code is available in
the US, changelogs should also be available. I mean, let's be serious
here. Kernel changelogs are NOT cookbooks for security exploits.
Problems generally aren't described in anywhere near enough detail that
anyone less than a kernel wizard could even figure out the exploit based
on the changelog's description of the fix. So it's nonsensical to
suggest that the source code is distributable without fear of
prosecution, but somehow the changelog isn't.

If the source code itself somehow becomes illegal, or if Alan can talk
Linus into placing a geographical restriction on the distribution of
Linux (which, as the trademark and copyright owner, would be within his
rights), then the changelog issue will be moot.

I really would like to see Linus comment on this. As a US resident, as
the owner of the Linux trademark, and as the development-branch leader
of kernel development, he's taking every "risk" Alan is, and more,
because he's here where the FBI could arrest him if it wanted to, while
Alan is thousands of miles away. So far, Linus has shown no indication,
AFAIK, that he intends to censor his changelogs. Why not? Is he truly
heedless of his own safety, or is he just too sensible to freak out
over such an implausible scenario?

Craig

2001-10-22 22:15:10

by Sam Varshavchik

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001, PinkFreud wrote:

> Why not take that a step further? It would seem to me that your
> insane interpretation of that insane law would mean that unix and it's
> derivatives (Linux, anyone?) would be illegal to use as well.

Only partially correct. Linux will certainly be illegal under SSSCA.
Read it. UNIX is not. And there's nothing insane about it. That's what
the proposed bill says.

> Please don't tell me you woke up this morning and had a sudden attack of
> conscience that you were violating US law. You've posted such changes

Perhaps a sudden realization, would be more like it.

--
Sam

2001-10-22 22:17:00

by Tony Hoyle

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

In the ancient scrolls of Usenet, page
<[email protected]>, "Dan Hollis"
<[email protected]> spake thus:

> On Mon, 22 Oct 2001, Bill Davidsen wrote:
>> Last I heard Linus was in the USA, his not being able to participate in
>> security discussions worries me very much. Ditto Redhat and IBM.
>
> I wonder if Linus has an exit-usa plan in case the SSSCA passes. If the
> SSSCA does pass, Linus would be in extreme danger.

It wouldn't surprise me if half of silicon valley had an exit plan...
The fallout will be fun to watch from 3000 miles away :-)

Tony

--
"Only wimps use tape backup: _real_ men just upload their important stuff on
ftp, and let the rest of the world mirror it ;)" -- Linus Torvalds

[email protected] http://www.nothing-on.tv

2001-10-22 22:17:00

by Pedro Corte-Real

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 22 October 2001 23:02, D. Stimits wrote:
>
>
> Too bad the option only applies to people with enough money to relocate.
>

Well, freedom in the US has always been about money. The independence war was
about getting rid of taxes and modern freedom is bought in the courtrooms
with expensive lawyers. Why should it change now?

Greetings,

Pedro.


PS: sorry for fueling offtopic posts into an offtopic thread.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE71JsD2SBo0jBmgGARAvx8AKDFN+CuPqCYZDbBryK9dKRcy+8OGgCfVcPl
gCZ4lh5AQZkzubm+M4qYE7A=
=SK5+
-----END PGP SIGNATURE-----

2001-10-22 22:17:00

by Wayne.Brown

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10



Thank you. That's a very kind and generous offer. You might want to consult a
French attorney, though, just to make certain there's no way they could make
trouble for you under French law.

I really appreciate the fact that you're willing to help, but I wouldn't want
you to risk getting into trouble on our behalf.

Wayne




Kilobug <[email protected]> on 10/22/2001 04:52:43 PM

To: [email protected]
cc: (bcc: Wayne Brown/Corporate/Altec)

Subject: Re: Linux 2.2.20pre10



Rik van Riel wrote:

>>I never said that Alan, or any particular individual, should
>>risk a lawsuit or jail. I simply said that I hoped *someone
>>outside the US* (that is, someone not subject to US laws) would
>>make the information available.
>>
>
> If you publish to the US, you can be sued under US law.
>

Ok, so mail me the security-related informations at
[email protected], it's in France so you can, and I'll forward them.

I don't plan to go to the US a day or another (I won't go to any country
that use death penalty, for moral and political reasons), and so I don't
fear their DMCA.

--
** Gael Le Mignot, Ing3 EPITA, Coder of The Kilobug Team **
Home Mail : [email protected] Work Mail : [email protected]
GSM : 06.71.47.18.22 (in France) ICQ UIN : 7299959
Web : http://kilobug.freesurf.fr or http://drizzt.dyndns.org

"Software is like sex it's better when it's free.", Linus Torvalds


2001-10-22 22:22:02

by Carsten Kuckuk

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

By the same line of reasoning, using passwd as root on a different user
would be a possible circumvention of a copyright protection mechanism
and thus turn passwd into illegal software under the DMCA. Are all *nix
manufacturers and Linux distributors aware of this? All Linux distros
and all Unix operating systems are illegal under DMCA...

2001-10-22 22:22:20

by Leif Sawyer

[permalink] [raw]
Subject: RE: Linux 2.2.20pre10

> Rik van Riel responds to:
> On Mon, 22 Oct 2001, Craig Dickson wrote:
> > Rik van Riel wrote:
> >
> > > Maybe Alan will allow publishing of the changelogs on
> > > http://thefreeworld.net/ ?
> >
> > Earlier today he said he wanted to put them online in a way that
> > US citizens couldn't get at them. That's simply not acceptable.
>
> It's perfectly fine with me ;)
>
> > Now, if he backs off to simply not including them in email, but
> > publishing them on a non-US website that is freely accessible to
> > Americans, that might be a reasonable compromise.
>
> We're working on implementing access control for
> thefreeworld.net so the classified content won't
> be available for citizens and inhabitants of the
> USA.
>
> This is done so we won't be liable for publishing
> things to the USA which would be illegal there.
>
> > Alan has done a great many wonderful things for the kernel, and
> > it would indeed be very sad if he could not continue to do so.
> > However, if he's unwilling to do the job completely, making
> > changelogs and all other public information available without
> > restrictions, then he is no longer doing a very important part
> > of his job, and someone else should take over.
>
> So if the SSSCA gets approved and open source is outlawed
> (because only software with 'approved security measures'
> is allowed) Linux should stop entirely ?
>
> I don't agree that one US law, which hurts US citizens,
> should also hurt the rest of the world. It's your country,
> it's your law, it should only hurt you...

Now i'm completely mystified. Since I'm a member of BugTraq,
I get full disclosure of the bugs that make it there.

Including the recent kernel bugs.

Since I'm in the position to see the problem before the solution,
I'd be happy to repost a summary of security-related changes
to vger, provided of course that I'm able to correlate the changes
with the advisories posted on BugTraq.

Of course, if Alan wanted to cc me on the kernel updates with the full
text of the changes, or if I had access to this new website, I'd still
be willing to repost.

Once a security issue is published to the global internet community
(via BugTraq, vger, or any other method) with regards to the open-source
componant of the linux kernel (i can't speak for non-GPL'd stuff of course)
in a manner consistant with full-disclosure, then I see no legal issue
with posting information that informs users of what fixes are made.

--
Leif Sawyer -- Pi@4398680
[email protected] || [email protected] || internic: LS2540
(907) 868 - 0116 || ICQ - 3749190 || http://home.gci.net/~leif
Network & Security Engineer -- General Communication Inc.
PGP Fingerprint: 77 C8 34 B8 FD BC C6 32 5F FE 93 4B AE 6C F7 4E
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GAT d+ s: a C+++(++)$ US++++$ UL++++$ P+++ L++(+++) E---
W+++ N+ o+ K w O- M- V PS+ PE Y+ PGP(+) t+@ 5- X R- tv b++(+++)
DI++++ D++ G+ e(+)* h-- r++ y+ PP++++ HH++++ A19 NT{--}
------END GEEK CODE BLOCK------
Decode it! http://www.ebb.org/ungeek/



2001-10-22 22:22:53

by Jan Niehusmann

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, Oct 22, 2001 at 03:13:08PM -0700, Craig Dickson wrote:
> Nobody's suggesting that. But as long as the source code is available in
> the US, changelogs should also be available. I mean, let's be serious

I remember the time when kernel patches (at least for development
versions) where released without any changelogs most of the time.
It took some time to teach Linus that people really like changelogs ;-)

So missing changelogs are not the end of the world, and linux development
does work without them, it is only some wasted effort if every
interested developer has to analyse the code to find and understand the
changes.

Jan

2001-10-22 22:27:30

by Jeff Golds

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Craig Dickson wrote:
>
> I really would like to see Linus comment on this. As a US resident, as
> the owner of the Linux trademark, and as the development-branch leader
> of kernel development, he's taking every "risk" Alan is, and more,
> because he's here where the FBI could arrest him if it wanted to, while
> Alan is thousands of miles away. So far, Linus has shown no indication,
> AFAIK, that he intends to censor his changelogs. Why not? Is he truly
> heedless of his own safety, or is he just too sensible to freak out
> over such an implausible scenario?
>

Maybe Linus hasn't responded because he's already headed out of the
country? Maybe he's hiding in an ambulance headed for the Mexican
border. ;)

-Jeff

P.S. Email me if you don't get joke in the second sentence (or the first
for that matter).

--
Jeff Golds
Sr. Software Engineer
[email protected]

2001-10-22 22:27:30

by Kilobug

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

[email protected] wrote:

>
> Thank you. That's a very kind and generous offer. You might want to consult a
> French attorney, though, just to make certain there's no way they could make
> trouble for you under French law.


Even if I'm risking troubles, I'm ready to face them. Freedom of speech
is important enough to take risks to fight for it. Remember: "Beware of
he who would deny you access to information, for in his heart he dreams
himself your master"


>
> I really appreciate the fact that you're willing to help, but I wouldn't want
> you to risk getting into trouble on our behalf.

I'm ready to take the risks...

--
** Gael Le Mignot, Ing3 EPITA, Coder of The Kilobug Team **
Home Mail : [email protected] Work Mail : [email protected]
GSM : 06.71.47.18.22 (in France) ICQ UIN : 7299959
Web : http://kilobug.freesurf.fr or http://drizzt.dyndns.org

"Software is like sex it's better when it's free.", Linus Torvalds

2001-10-22 22:31:40

by Wayne.Brown

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10



Even if every Linux user in the US speaks out against it (and I'm sure a lot of
us already have), I doubt it will make any difference at all. There just aren't
enough of us. But hey, you and the rest of the world will still have Linux, so
who cares, right? It's great to see such enthusiastic support for the
principles of free software.

My personal opinion is that no one in this discussion is really concerned about
getting arrested or sued over publishing Linux changelogs. I think it's all
just a publicity stunt to make a point, at the expense of those who have no
choice in the matter. In any case, I'm thoroughly disgusted with the whole
subject and don't intend to answer any more posts or emails about it.

Wayne




Rik van Riel <[email protected]> on 10/22/2001 05:04:54 PM

To: Tony Hoyle <[email protected]>
cc: [email protected] (bcc: Wayne Brown/Corporate/Altec)

Subject: Re: Linux 2.2.20pre10



On Mon, 22 Oct 2001, Tony Hoyle wrote:

> > If publishing changelogs would be illegal in, say, the USA, should Linux
> > development be stopped ?
>
> If the SSSCA gets passed that's not an impossible scenario... (more
> likely it'll just become unavailable in the US).

Oh, I'm absolutely certain that Linux development will continue
but Linux just won't be available to people in the US any more.

If people are truly uncomfortable with it, they should prevent
the SSSCA from becoming a law.

regards,

Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)

http://www.surriel.com/ http://distro.conectiva.com/

2001-10-22 22:39:22

by victor

[permalink] [raw]
Subject: Re[2]: Linux 2.2.20pre10


Tuesday, October 23, 2001, 12:15:24 AM, you wrote:

SV> On Mon, 22 Oct 2001, PinkFreud wrote:

>> Why not take that a step further? It would seem to me that your
>> insane interpretation of that insane law would mean that unix and it's
>> derivatives (Linux, anyone?) would be illegal to use as well

SV> Only partially correct. Linux will certainly be illegal under SSSCA.
could something be illegal if you created 10 years before the law :??
or it could be illegal if you continue developing it :?
do you realy thing linux will be declare illegal and Linus will be
under this law if IBM, SGI, HP, COMPAQ and so many other computer
giants are developing for linux and linux is so popular, i dont think
that nobody could stop it
"It would seem to me that your
insane interpretation of that insane law would mean that unix and it's
derivatives"
if i read well SGI(irix) HP(HP-UX) SUN (SOLARIS & SUNos)
COMPAQ(True64, VMS) would crash
because unix is ilegal.... i dont think so
SV>
SV> Read it. UNIX is not. And there's nothing insane about it. That's what
SV> the proposed bill says.

>> Please don't tell me you woke up this morning and had a sudden attack of
>> conscience that you were violating US law. You've posted such changes
i am a european citizen, i only wait to see if europe dont adopt that
law :/

SV> Perhaps a sudden realization, would be more like it.





Best regards,
victor mailto:[email protected]

2001-10-22 22:50:54

by David Weinehall

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, Oct 22, 2001 at 05:12:53PM -0400, Tom Sightler wrote:
> > On Mon, 22 Oct 2001, Alan Cox wrote:
> > > > Everyone wants to bring up the Sklyarov case, but he didn't just
> expose the
> > > > weakness of the code, his company actively sold a product for
> financial gain
> > > > that circumvented the protection. While I still don't think the
> Sklyarov
> > > The Felten case is the more relevant one.
> >
> > decss as well -- strange how people forget that one so easily
>
> Not forgotten, just trying to understand relevance. How do these cases,
> which all revolve around breaking commercial products and cause damage to
> the corporations that push them, apply to security in the open source Linux
> kernel to which the public is given all rights.

For me, DeCSS is an application that has a purpose for watching DVD:s
when I boot my G4 into Linux instead of MacOS.

And even those that actually use DeCSS only to gain their "copyright"
(that is, provide you with your right to copy what you have purchased,
for backup-purposes, for instance) or indeed those that illegaly copy
DVDs, seldom do so to break commercial products and cause damage to the
corporations that push them.

As for the Sklyarov-case, I'm pretty sure he'd been arrested even if his
program had been an open source program under the GPL, freely
distributed etc.

[snip]


/David Weinehall
_ _
// David Weinehall <[email protected]> /> Northern lights wander \\
// Project MCA Linux hacker // Dance across the winter sky //
\> http://www.acc.umu.se/~tao/ </ Full colour fire </

2001-10-22 22:50:53

by Steven Walter

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, Oct 22, 2001 at 09:34:28PM +0100, Alan Cox wrote:
> > On Mon, Oct 22, 2001 at 01:29:14PM +0100, Alan Cox wrote:
> > > "Until they become conscious they will never rebel, and until after
> > > they have rebelled they cannot become conscious."
> >
> > While I've been generally saddened by Alan Cox's and others
> > anti-America attitude, I am somewhat surprised to find that
> > Alan believes the US bombing of Afghanistan is justified and so
> > is the collateral damage as they call it.
>
> That quote is rather older than the US bombing of Afghanistan. You read
> totally inappropriate things into it.

Certainly, it is not. This statement applies to Afghanistan, in that
the fact that they have not rebelled means they imply consent to
everything their government does, and therefore are just as guilty as
the Taliban. Therefore, killing civilians (collateral damage) is no
worse than killing terrorists or Taliban officials. This is a stance I
can easily subscribe to, not just with Afghanistan but with any people,
nation, state, or country.
--
-Steven
In a time of universal deceit, telling the truth is a revolutionary act.
-- George Orwell
Freedom is slavery. Ignorance is strength. War is peace.
-- George Orwell
Those that would give up a necessary freedom for temporary safety
deserver neither freedom nor safety.
-- Ben Franklin

2001-10-22 22:58:51

by Mike Fedyk

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, Oct 22, 2001 at 04:42:51PM -0400, PinkFreud wrote:
> the US until the DMCA is repealed. What do you think is going to happen -
> Bush sends the military out to bomb his house?
>
> Sorry, that was in bad taste, I know. But I am trying to make a point

This is almost as bad as a Natzi reference...

C'mon people. I'm sure these security issues have been discussed on bugtraq
or someplace similar, why not just go there to look it up?

2001-10-22 23:01:30

by D. Stimits

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Pedro Corte-Real wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Monday 22 October 2001 23:02, D. Stimits wrote:
> >
> >
> > Too bad the option only applies to people with enough money to relocate.
> >
>
> Well, freedom in the US has always been about money. The independence war was
> about getting rid of taxes and modern freedom is bought in the courtrooms
> with expensive lawyers. Why should it change now?

When talking about why Americans don't go out and magically change
things, this is the key. When talking about who is harmed most by
injustices, the theme of the poorest is true anywhere. Just a point when
criticizing Americans, contrary to popular opinion, not starving is not
the same as having power or influence. When someone without money
complains, it is called "whining"; when someone with money complains, it
is called "free market".

D. Stimits, [email protected]

>
> Greetings,
>
> Pedro.
>
> PS: sorry for fueling offtopic posts into an offtopic thread.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE71JsD2SBo0jBmgGARAvx8AKDFN+CuPqCYZDbBryK9dKRcy+8OGgCfVcPl
> gCZ4lh5AQZkzubm+M4qYE7A=
> =SK5+
> -----END PGP SIGNATURE-----
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/

2001-10-22 23:05:20

by D. Stimits

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Carsten Kuckuk wrote:
>
> By the same line of reasoning, using passwd as root on a different user
> would be a possible circumvention of a copyright protection mechanism
> and thus turn passwd into illegal software under the DMCA. Are all *nix
> manufacturers and Linux distributors aware of this? All Linux distros
> and all Unix operating systems are illegal under DMCA...

Perhaps you missed the part in SSSCA where there was a clause that gave
certain parties back doors into all machines (by law) to test if you
violate copyright rules? I think that part got washed out already, but
what you properly consider via sarcasm, some Senator has at least
proposed as law.

D. Stimits, [email protected]

> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/

2001-10-22 23:07:00

by David Ford

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

I assume since you are using Sklyarov as an example that you fully
intend to prevent Linus from getting such information as well?

This reaction is ludicrous.

Instead of helping US people, now the US people are fighting both US
politicians and their own camp of code developers.

David

Alan Cox wrote:

>>Putting pressure on US people to have them influence their
>>legislation? Aka. every people have the rulers they deserve? Won't work
>>out.
>>
>
> "Until they become conscious they will never rebel, and until after
> they have rebelled they cannot become conscious."
>
>>Seriously, are you kidding?
>>
>
>The current interpretation of the DMCA is as lunatic as it sounds. With luck
>the Sklyarov case will see that overturned on constitutional grounds. Until
>then US citizens will have to guess about security issues.
>
>Alan
>


2001-10-22 23:08:20

by Mike Fedyk

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, Oct 22, 2001 at 05:45:02PM -0500, Steven Walter wrote:
> On Mon, Oct 22, 2001 at 09:34:28PM +0100, Alan Cox wrote:
> > > On Mon, Oct 22, 2001 at 01:29:14PM +0100, Alan Cox wrote:
> > > > "Until they become conscious they will never rebel, and until after
> > > > they have rebelled they cannot become conscious."
> > >
> > > While I've been generally saddened by Alan Cox's and others
> > > anti-America attitude, I am somewhat surprised to find that
> > > Alan believes the US bombing of Afghanistan is justified and so
> > > is the collateral damage as they call it.
> >
> > That quote is rather older than the US bombing of Afghanistan. You read
> > totally inappropriate things into it.
>
> Certainly, it is not. This statement applies to Afghanistan, in that
> the fact that they have not rebelled means they imply consent to
> everything their government does, and therefore are just as guilty as
> the Taliban. Therefore, killing civilians (collateral damage) is no
> worse than killing terrorists or Taliban officials. This is a stance I
> can easily subscribe to, not just with Afghanistan but with any people,
> nation, state, or country.

And how is someone from a forien country going to see just how much or how
little you have rebelled against the DMCA? We allowed the law to be passed
so now we should take the blame?

Like some have already said, we have politicians that promise one thing, and
do whatever the hell they want after they're in office. It depends on how
much they stick to their promisses when comes election time in 2-4 years
that determines wheather they stay there...

2001-10-22 23:08:30

by Alan

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

> This reaction is ludicrous.
>
> Instead of helping US people, now the US people are fighting both US
> politicians and their own camp of code developers.

I dont see why I should risk 5 years in a US jail. Not my problem.
Fortunately the major vendors kernel development teams are all non US based.

Alan

2001-10-22 23:11:00

by Luigi Genoni

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

That means USA are not a democracy anymore, but a elegible oligarcy!
that is exactly what you wrote!

If it is so, stop to call you a democracy.
but, untill USA citizens call USA a democracy, and they
go to vote, people have the power to change things. Real problem is
INFORMATION!
Alan is right with what he is doing. But we should do something so that
ALL USA citizens will be informed!!!

Luigi


On Mon, 22 Oct 2001, Nick LeRoy wrote:

>
> I *wish* it were that simple. If you don't think that a least some of us
> *try*, you're kidding yourself. The real problem, IMHO, is that the
> electorate of our country no longer has any real power or control over the
> government -- it's the corporations that do. Money talks, so the saying
> goes. He who has the gold makes the rules.
>
> So, please don't punish all of us for the acts of our corrupt system. We
> just try to make it better in whatever ways we can. FWIW, the ACLU, EEF,
> etc. are our best hope for a free society.
>
> Thanks
>
> -Nick
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>

2001-10-22 23:19:30

by Luigi Genoni

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

I do not know about linux kernel, but I know of a couple of GPLed projects
where nice guys from Iraq sended patches and they were merged (they were
good stuff).

Excuse me if I do not say the name of those projects, but I am
sure you understand.

just to say a paradox.

USA are quite like ancien Athen, it were imposing democracy to other greek
polis (greek polis were also in south Italy, asia and north africa...)
Then this democracy degenerated to a corrupt and tirannic (self proclaming
democratic) system.
Nice guys from Sparta and then from thebe, and of course from
Athen destroyed athenian supremacy.
(just read tucidide's history and then xenofonte's ellenics).


If USA is defending democracy, and USA is not a democracy, then
USA should start a was against itself to defend democracy defeating USA
government.

History shows that happened, so it could happen again.

Luigi

On Mon, 22 Oct 2001 [email protected] wrote:

>
>
> I wonder if there are any Linux hackers in Iraq? It's doubtful the government
> there would honor any legal action attempted by the US on DMCA issues. OTOH, it
> would put me in the rather weird position of agreeing with the Iraqi government,
> which is something I NEVER would have expected... :-)
>
> Wayne
>
>
>
>
> "Per Jessen" <[email protected]> on 10/22/2001 01:13:42 PM
>
> Please respond to "Per Jessen" <[email protected]>
>
> To: "[email protected]" <[email protected]>
> cc: (bcc: Wayne Brown/Corporate/Altec)
>
> Subject: Re: Linux 2.2.20pre10
>
>
>
> On Mon, 22 Oct 2001 12:51:53 -0500, [email protected] wrote:
> >I never said that Alan, or any particular individual, should risk a lawsuit or
> >jail. I simply said that I hoped *someone outside the US* (that is, someone
> not
> >subject to US laws) would make the information available. Surely there are
> >places in the world that are beyond the reach of the DMCA. How about those
>
> Alan Cox, living in the UK, may be *somewhat* subject to US legislation.
> Ties between the US and the UK are strong, and it is understandable if a UK-
> resident person does not feel entirely out of reach of US law enforcement.
>
> IMHO.
>
>
> regards,
> Per Jessen, Zurich
>
> regards,
> Per Jessen, Zurich
> http://www.enidan.com - home of the J1 serial console.
>
> Windows 2001: "I'm sorry Dave ... I'm afraid I can't do that."
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
>
>
>
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>

2001-10-22 23:21:21

by Jeff Garzik

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Mike Fedyk wrote:
> C'mon people. I'm sure these security issues have been discussed on bugtraq
> or someplace similar, why not just go there to look it up?

Very true... though I am sure DMCA has a legally chilling effect on
BugTraq as well. Theoretically foreigners who post analysis and
exploits on BugTraq can be jailed when they enter the US, just like
Dmitry.

Jeff


--
Jeff Garzik | Only so many songs can be sung
Building 1024 | with two lips, two lungs, and one tongue.
MandrakeSoft | - nomeansno

2001-10-22 23:24:52

by Steven Walter

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, Oct 22, 2001 at 04:07:49PM -0700, Mike Fedyk wrote:
> On Mon, Oct 22, 2001 at 05:45:02PM -0500, Steven Walter wrote:
> > On Mon, Oct 22, 2001 at 09:34:28PM +0100, Alan Cox wrote:
> > > > On Mon, Oct 22, 2001 at 01:29:14PM +0100, Alan Cox wrote:
> > > > > "Until they become conscious they will never rebel, and until after
> > > > > they have rebelled they cannot become conscious."
> > > >
> > > > While I've been generally saddened by Alan Cox's and others
> > > > anti-America attitude, I am somewhat surprised to find that
> > > > Alan believes the US bombing of Afghanistan is justified and so
> > > > is the collateral damage as they call it.
> > >
> > > That quote is rather older than the US bombing of Afghanistan. You read
> > > totally inappropriate things into it.
> >
> > Certainly, it is not. This statement applies to Afghanistan, in that
> > the fact that they have not rebelled means they imply consent to
> > everything their government does, and therefore are just as guilty as
> > the Taliban. Therefore, killing civilians (collateral damage) is no
> > worse than killing terrorists or Taliban officials. This is a stance I
> > can easily subscribe to, not just with Afghanistan but with any people,
> > nation, state, or country.
>
> And how is someone from a forien country going to see just how much or how
> little you have rebelled against the DMCA? We allowed the law to be passed
> so now we should take the blame?
>
> Like some have already said, we have politicians that promise one thing, and
> do whatever the hell they want after they're in office. It depends on how
> much they stick to their promisses when comes election time in 2-4 years
> that determines wheather they stay there...

Eh? Perhaps it was unclear that I was speaking in a broader sense, thus
being more off-topic than most. The DMCA is collectively our (U.S.
Citizens') fault. We must now work to correct it. Just as the Taliban
is at least partially the Afghan people's fault. See?
--
-Steven
In a time of universal deceit, telling the truth is a revolutionary act.
-- George Orwell
Freedom is slavery. Ignorance is strength. War is peace.
-- George Orwell
Those that would give up a necessary freedom for temporary safety
deserver neither freedom nor safety.
-- Ben Franklin

2001-10-22 23:27:01

by Jeff Garzik

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Craig Dickson wrote:
> I really would like to see Linus comment on this. As a US resident, as
> the owner of the Linux trademark, and as the development-branch leader
> of kernel development, he's taking every "risk" Alan is, and more,
> because he's here where the FBI could arrest him if it wanted to, while
> Alan is thousands of miles away. So far, Linus has shown no indication,
> AFAIK, that he intends to censor his changelogs. Why not? Is he truly
> heedless of his own safety, or is he just too sensible to freak out
> over such an implausible scenario?

Linus' changelogs don't contain information that would need to be
censored AFAICS. His changelogs are generally pretty terse.

Jeff


--
Jeff Garzik | Only so many songs can be sung
Building 1024 | with two lips, two lungs, and one tongue.
MandrakeSoft | - nomeansno

2001-10-22 23:29:41

by D. Stimits

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Luigi Genoni wrote:
>
> That means USA are not a democracy anymore, but a elegible oligarcy!
> that is exactly what you wrote!
>
> If it is so, stop to call you a democracy.
> but, untill USA citizens call USA a democracy, and they
> go to vote, people have the power to change things. Real problem is
> INFORMATION!
> Alan is right with what he is doing. But we should do something so that
> ALL USA citizens will be informed!!!

Who told you the USA was a democracy? Never has, never will be. It is a
democratic republic. ENORMOUS difference.

I consider it supportive that someone outside the USA is "drawing the
line". The buck has to stop somewhere. The sooner the s*it hits the fan,
the better. The damage caused by excess corporate influence is one place
that needs a line drawn, and politicians willing to join in creating
collateral damage against their own people in some demented and wrong
idea of real security is another ("hey, son, you have a wart on that
finger, better amputate the arm").

D. Stimits, [email protected]

>
> Luigi
>
> On Mon, 22 Oct 2001, Nick LeRoy wrote:
>
> >
> > I *wish* it were that simple. If you don't think that a least some of us
> > *try*, you're kidding yourself. The real problem, IMHO, is that the
> > electorate of our country no longer has any real power or control over the
> > government -- it's the corporations that do. Money talks, so the saying
> > goes. He who has the gold makes the rules.
> >
> > So, please don't punish all of us for the acts of our corrupt system. We
> > just try to make it better in whatever ways we can. FWIW, the ACLU, EEF,
> > etc. are our best hope for a free society.
> >
> > Thanks
> >
> > -Nick
> > -
> > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> > the body of a message to [email protected]
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
> > Please read the FAQ at http://www.tux.org/lkml/
> >
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/

2001-10-22 23:30:41

by Tom Sightler

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

> > Not forgotten, just trying to understand relevance. How do these cases,
> > which all revolve around breaking commercial products and cause damage
to
> > the corporations that push them, apply to security in the open source
Linux
> > kernel to which the public is given all rights.
>
> For me, DeCSS is an application that has a purpose for watching DVD:s
> when I boot my G4 into Linux instead of MacOS.

For me too, but in other people's opinion it's a tool for pirates (I don't
share this opinion, however, I can see how some people, who don't understand
the difference, might have this opinion). However, I don't think that a
security exploit in an open sourced OS is likely to be a "curcumvention
device" to even clueless people.

> And even those that actually use DeCSS only to gain their "copyright"
> (that is, provide you with your right to copy what you have purchased,
> for backup-purposes, for instance) or indeed those that illegaly copy
> DVDs, seldom do so to break commercial products and cause damage to the
> corporations that push them.

Agreed, but's that's how these corporations (or coporate representatives)
managed to get these cases to court. However, I fail to see who is going to
be the prosecutor in the case of a security exploit against the open source
Linux kernel. In every one of these cases, DeCSS, SDI, and eBook, the
encryption that was hacked was put in place by the companies specifically to
protect the copyrighted work. The Linux kernel provides general access
controls and does not meet the following DMCA requirement to be a copyright
protection system:

"(B) a technological measure "effectively controls access to a work" if the
measure, in the ordinary course of its operation, requires the application
of information, or a process or a treatment, with the authority of the
copyright owner, to gain access to the work."

The part that is missing is the "authority of the copyright owner" portion.
In the case of CSS, SDI, and eBook, the copyright owners all specifically
allow access to the information only when using authorized means of viewing
the work. Last I checked no copyright owner has said that ACL's are an
authorized means.

This is my main argument why I think Alan is safe to post security related
information in changelogs. I just don't think there is any way for someone
to interpret this law to mean that posting that information is illegal. Of
course, if he still doesn't want to I respect that opinion as well, but I'm
sure willing to do it.

> As for the Sklyarov-case, I'm pretty sure he'd been arrested even if his
> program had been an open source program under the GPL, freely
> distributed etc.

I would tend to agree, because Adobe initially filed the complaint for
damages he could have been arrested under the civil action. However, once
Adobe agreed to drop the issue (I'm not sure they did, but it is my
understanding that they have) it didn't matter much, because they are not
required to pursue the criminal portion, the government alone can pursue it
from there.

BTW, I'm not trying to argue that the cases which use the DMCA are valid in
any way, I'm totally againts all of them as they definately impose on my
fair use rights, which is why I have never purchased an eBook, don't own a
DVD player (actually not 100% true, I have a DVD player in my laptop and
have used it for loading software and playing around with DVD playback under
Linux using some borrowed DVD's), and don't own music with any SDI
watermarks (that I know of). If companies don't want to grant me fair use,
I don't want their products.

Later,
Tom


2001-10-22 23:31:51

by jdthood

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

I think that a lot of people would like to know more about
how the DMCA creates the risk that Alan is worried about.

Having said that, the decision about what is required to protect
himself is up to Alan, and if he chooses to be very cautious
then that is more than his right. Don't like it? You can
always start maintaining your own -xyz kernel branch.

I would also like to know how this issue affects Canadians,
who often occupy a legal middle ground between the U.S.
and the non-U.S. world when it comes to these issues.
Can Canadian citizens be informed of these changelog items?

--
Thomas Hood
(Don't reply to the From: address but to jdthood_AT_mail.com)

2001-10-22 23:33:31

by Mike Fedyk

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Tue, Oct 23, 2001 at 12:15:00AM +0100, Alan Cox wrote:
> > This reaction is ludicrous.
> >
> > Instead of helping US people, now the US people are fighting both US
> > politicians and their own camp of code developers.
>
> I dont see why I should risk 5 years in a US jail. Not my problem.
> Fortunately the major vendors kernel development teams are all non US based.
>

You still didn't answer the qustion of wheather you are going to give
descriptions to Linus in the US of A...

2001-10-22 23:35:31

by Craig Dickson

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

There have been a lot of messages from a number of different people
about this "censored changelogs" issue. Rather than reply to various
points separately, I just want to sum up my views in one message.

I simply don't believe that Alan Cox is at any risk of prosecution, and
what's more, I don't believe that he believes it. He's just making a
dramatic political statement that will have no effect on the law, will
never even be noticed by American legislators, and serves only to annoy
US-based Linux users.

The words "Felten" and "Sklyarov" keep coming up in this discussion. The
parallel between Alan Cox's situation and those cases are simply not
valid.

Felten conducted research on how to break DRM systems that were being
considered for commercial use (the proposed SDMI standards).

Sklyarov developed (or helped develop) a product that breaks Adobe's
commercial DRM scheme for PDF files.

Note that both Felten and Skyarov developed and publicized (or announced
an intent to publicize, in Felten's case) ways of compromising
commercial, third-party DRM systems, thus embarrassing and antagonizing
the wealthy corporations that had invested time, money, and prestige in
those DRM systems. This has no real similarity with Alan Cox's kernel
work. All Alan is doing is fixing bugs in a system that he has every
right to work on, and has a long history of contributing to. He is _not_
reverse-engineering someone else's copyright-protection scheme and
publicizing how to circumvent it. And anyone who's ever actually _read_
his changelogs should know that they do not in any way amount to attack
recipes.

What's more, nobody sued or prosecuted Felten. The RIAA made threatening
noises, but backed off the instant they were called on it, insisting
that they had never had any intention of suing anybody, and they fully
supported Felten's rights as an academic researcher, blah blah blah.
(No, I don't really believe them, but the fact is, ultimately, they
didn't sue.) Felten elected not to present his paper mostly because it
gave him and the EFF a stronger case for his suit against the RIAA; he
couldn't very well present the paper and then sue them for preventing
him from doing so, and he obviously wants to be the Constitutional test
case or he wouldn't have bothered suing them at all after they publicly
backed down.

Alan Cox claims to have legal advice, but has said nothing about who
gave it to him, or what their qualifications are regarding US copyright
law and the DMCA, or even exactly what their reasoning was; all we know
is that the end result is that he's decided not to distribute complete
changelogs. I find it hard to take this sort of nebulous claim of "legal
advice" seriously when the advice seems nonsensical on its face.

Craig

2001-10-22 23:37:13

by D. Stimits

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

David Ford wrote:
>
> I assume since you are using Sklyarov as an example that you fully
> intend to prevent Linus from getting such information as well?
>
> This reaction is ludicrous.
>
> Instead of helping US people, now the US people are fighting both US
> politicians and their own camp of code developers.

And there is the real danger of terrorism. Someone once wrote a book
(called "The Art of War") that describes it. It's the realm of "divide
and conquer". It brings a lot of people together to finally agree on
things when they wouldn't even talk to each other. But it also brings
together the "bad" things. These laws are dangerous because they add to
the terrorist concept of divide and conquer, only now we're sponsoring
it against ourselves, and companies like Disney and much of the
entertainment industry finds it profitable to join the momentum, it's
profitable for them.

D. Stimits, [email protected]

>
> David
>
> Alan Cox wrote:
>
> >>Putting pressure on US people to have them influence their
> >>legislation? Aka. every people have the rulers they deserve? Won't work
> >>out.
> >>
> >
> > "Until they become conscious they will never rebel, and until after
> > they have rebelled they cannot become conscious."
> >
> >>Seriously, are you kidding?
> >>
> >
> >The current interpretation of the DMCA is as lunatic as it sounds. With luck
> >the Sklyarov case will see that overturned on constitutional grounds. Until
> >then US citizens will have to guess about security issues.
> >
> >Alan
> >
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/

2001-10-22 23:39:31

by Jonathan Lundell

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

At 5:45 PM -0500 10/22/01, Steven Walter wrote:
>On Mon, Oct 22, 2001 at 09:34:28PM +0100, Alan Cox wrote:
>> > On Mon, Oct 22, 2001 at 01:29:14PM +0100, Alan Cox wrote:
>> > > "Until they become conscious they will never rebel, and until after
>> > > they have rebelled they cannot become conscious."
>> >
>> > While I've been generally saddened by Alan Cox's and others
>> > anti-America attitude, I am somewhat surprised to find that
>> > Alan believes the US bombing of Afghanistan is justified and so
>> > is the collateral damage as they call it.
>>
>> That quote is rather older than the US bombing of Afghanistan. You read
>> totally inappropriate things into it.
>
>Certainly, it is not. This statement applies to Afghanistan, in that
>the fact that they have not rebelled means they imply consent to
>everything their government does, and therefore are just as guilty as
>the Taliban. Therefore, killing civilians (collateral damage) is no
>worse than killing terrorists or Taliban officials. This is a stance I
>can easily subscribe to, not just with Afghanistan but with any people,
>nation, state, or country.

That seems like a willful misreading of the original. Where did you
get "consent"? Alan suggests that non-rebellion implies lack of
consciousness, which doesn't imply consent.

--
/Jonathan Lundell.

2001-10-22 23:44:31

by Sam Vilain

[permalink] [raw]
Subject: Leaving the planet [Was Re: Linux 2.2.20pre10]

On Mon, 22 Oct 2001 14:25:05 +0200
bert hubert <[email protected]> wrote:

> US kernel developers cannot be told. Period.
> (...)
> > Its based directly on legal opinion.
> Then I suggest we leave this planet.

_ _ _______ _______ ______ __ __ _______ /
|_____| |______ |_____| |_____/ \_/ |______ /
| | |______ | | | \_ | |______ .

+------------------------------+
| THE DECLARATION OF EVOLUTION |
+------------------------------+
_ _ _
| | | | HEN in the course of organic evolution it becomes obvious that
| | | | a mutational process is inevitably dissolving the physical and
|__/_/ neurological bonds which connect the members of one generation
to the past and inevitably directing them to assume among the species
of Earth the separate and equal station to which the Laws of Nature
and Nature's God entitle them, a decent concern for the harmony of
species requires that the causes of the mutation should be declared.

We hold these truths to be self evident:

* That all species are created different but equal;

* That they are endowed, each one, with certain inalienable rights;

* That among them are Freedom to Live, Freedom to Grow, and Freedom
to pursue Happiness in their own style;

* That to protect these God-given rights, social structures
naturally emerge, basing their authority on the principles of
love of God and respect for all forms of life;

* That whenever any form of government becomes destructive of life,
liberty, and harmony, it is the organic duty of the young members
of that species to mutate, to drop out, to initiate a new social
structure, laying its foundations on such principles and
organizing its power in such form as seems likely to produce the
safety, happiness, and harmony of all sentient beings.

Genetic wisdom, indeed, suggests that social structures long
established should not be discarded for frivolous reasons and
transient causes. The ecstasy of mutation is equally balanced by the
pain. Accordingly all experience shows that members of a species are
more disposed to suffer, while evils are sufferable, rather than to
discard the forms to which they are accustomed.

But when a long train of abuses and usurpations, all pursuing
invariably the same destructive goals, threaten the very fabric of
organic life and the serene harmony of the planet, it is the right, it
is the organic duty to drop out of such morbid covenants and to evolve
new loving social structures.

Such has been the patient sufferance of the freedom-loving peoples of
this earth, and such is now the necessity which constrains us to form
new systems of government.

The history of the white, menopausal, mendacious men now ruling the
planet earth is a history of repeated violation of the harmonious laws
of nature, all having the direct object of establishing a tyranny of
the materialistic aging over the gentle, the peace-loving, the young,
the colored. To prove this, let Facts be submitted to the judgement of
generations to come.

* These old, white rulers have maintained a continuous war against
other species of life, enslaving and destroying at whim fowl,
fish, animals and spreading a lethal carpet of concrete and metal
over the soft body of earth.

* They have maintained as well a continual state of war among
themselves and against the colored races, the freedom-loving, the
gentle, the young. Genocide is their habit.

* They have instituted artificial scarcities, denying peaceful folk
the natural inheritance of earth's abundance and God's endowment.

* They have glorified material values and degraded the spiritual.

* They have claimed private, personal ownership of God's land,
driving by force of arms the gentle from passage on the earth.

* In their greed they have erected artificial immigration and
customs barriers, preventing the free movement of people.

* In their lust for control they have set up systems of compulsory
education to coerce the minds of the children and to destroy the
wisdom and innocence of the playful young.

* In their lust for power they have controlled all means of
communication to prevent the free flow of ideas and to block
loving exchanges among the gentle.

* In their fear they have instituted great armies of secret police
to spy upon the privacy of the pacific.

* In their anger they have coerced the peaceful young against their
will to join their armies and to wage murderous wars against the
young and gentle of other countries.

* In their greed they have made the manufacture and selling of
weapons the basis of their economies.

* For profit they have polluted the air, the rivers, the seas.

* In their impotence they have glorified murder, violence, and
unnatural sex in their mass media.

* In their aging greed they have set up an economic system which
favors age over youth.

* They have in every way attempted to impose a robot uniformity and
to crush variety, individuality, and independence of thought.

* In their greed, they have instituted political systems which
perpetuate rule by the aging and force youth to choose between
plastic conformity or despairing alienation.

* They have invaded privacy by illegal search, unwarranted arrest,
and contemptuous harassment.

* They have enlisted an army of informers.

* In their greed they sponsor the consumption of deadly tars and
sugars and employ cruel and unusual punishment of the possession
of life-giving alkaloids and acids.

* They never admit a mistake. They unceasingly trumpet the virtue
of greed and war. In their advertising and in their manipulation
of information they make a fetish out of blatant falsity and
pious self-enhancement. Their obvious errors only stimulate them to
greater error and noisier self-approval.

* They are bores.

* They hate beauty.

* They hate sex.

* They hate life.

We have warned them from time to time to their inequities and
blindness. We have addressed every available appeal to their withered
sense of righteousness. We have tried to make them laugh. We have
prophesied in detail the terror they are perpetuating. But they have
been deaf to the weeping of the poor, the anguish of the colored, the
rocking mockery of the young, the warnings of their poets. Worshipping
only force and money, they listen only to force and money. But we
shall no longer talk in these grim tongues.

We must therefore acquiesce to genetic necessity, detach ourselves
from their uncaring madness and hold them henceforth as we hold the
rest of God's creatures - in harmony, life brothers, in their excess,
menaces to life.

We, therefore, God-loving, peace-loving, life-loving, fun-loving men
and women, appealing to the Supreme Judge of the Universe for the
rectitude of our intentions, do, in the name and by the Authority of
all sentient beings who seek gently to evolve on this planet, solemnly
publish and declare that we are free and independent, and that we are
absolved from all Allegiance to the United States Government and all
governments controlled by the menopausal, and that grouping ourselves
into tribes of like-minded fellows, we claim full power to live and
move on the land, obtain sustenance with our own hands and minds in
the style which seems sacred and holy to us, and to do all Acts and
Things which independent Freemen and Freewomen may of right do without
infringing on the same rights of other species and groups to do their
own thing.

And for the support of this Declaration of Evolution with a firm
reliance on the protection of Divine Providence, and serenely
confident of the approval of generations to come, in whose name we
speak, do we now mutually pledge to each other our Lives, our
Fortunes, and our Sacred Honor.

-- Dr. Timothy Leary, Ph.D.

2001-10-22 23:44:21

by D. Stimits

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Thomas Hood wrote:
>
> I think that a lot of people would like to know more about
> how the DMCA creates the risk that Alan is worried about.

I personally think DMCA creates a bad precedence, and in part is a
reason why some idiot senator would sponsor more ridiculous bills like
SSSCA. Killing or neutering DMCA is a good starting point to stopping it
in the future. Check out SSSCA, no doubt influenced by the success of
DMCA:
http://www.newsforge.com/article.pl?sid=01/10/19/1546246&mode=thread

D. Stimits, [email protected]

>
> Having said that, the decision about what is required to protect
> himself is up to Alan, and if he chooses to be very cautious
> then that is more than his right. Don't like it? You can
> always start maintaining your own -xyz kernel branch.
>
> I would also like to know how this issue affects Canadians,
> who often occupy a legal middle ground between the U.S.
> and the non-U.S. world when it comes to these issues.
> Can Canadian citizens be informed of these changelog items?
>
> --
> Thomas Hood
> (Don't reply to the From: address but to jdthood_AT_mail.com)
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/

2001-10-22 23:47:21

by Steven Walter

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, Oct 22, 2001 at 04:39:02PM -0700, Jonathan Lundell wrote:
> >> > > "Until they become conscious they will never rebel, and until after
> >> > > they have rebelled they cannot become conscious."
> >> >
> >> > While I've been generally saddened by Alan Cox's and others
> >> > anti-America attitude, I am somewhat surprised to find that
> >> > Alan believes the US bombing of Afghanistan is justified and so
> >> > is the collateral damage as they call it.
> >>
> >> That quote is rather older than the US bombing of Afghanistan. You read
> >> totally inappropriate things into it.
> >
> >Certainly, it is not. This statement applies to Afghanistan, in that
> >the fact that they have not rebelled means they imply consent to
> >everything their government does, and therefore are just as guilty as
> >the Taliban. Therefore, killing civilians (collateral damage) is no
> >worse than killing terrorists or Taliban officials. This is a stance I
> >can easily subscribe to, not just with Afghanistan but with any people,
> >nation, state, or country.
>
> That seems like a willful misreading of the original. Where did you
> get "consent"? Alan suggests that non-rebellion implies lack of
> consciousness, which doesn't imply consent.

Seems like, but isn't. It's every citizen's responsibility to be aware
of the matters concerning the State. If they aren't, then again it is
their own fault.
--
-Steven
In a time of universal deceit, telling the truth is a revolutionary act.
-- George Orwell
Freedom is slavery. Ignorance is strength. War is peace.
-- George Orwell
Those that would give up a necessary freedom for temporary safety
deserver neither freedom nor safety.
-- Ben Franklin

2001-10-22 23:48:11

by D. Stimits

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Tom Sightler wrote:
>
> > > Not forgotten, just trying to understand relevance. How do these cases,
> > > which all revolve around breaking commercial products and cause damage
> to
> > > the corporations that push them, apply to security in the open source
> Linux
> > > kernel to which the public is given all rights.
> >
> > For me, DeCSS is an application that has a purpose for watching DVD:s
> > when I boot my G4 into Linux instead of MacOS.
>
> For me too, but in other people's opinion it's a tool for pirates (I don't
> share this opinion, however, I can see how some people, who don't understand
> the difference, might have this opinion). However, I don't think that a
> security exploit in an open sourced OS is likely to be a "curcumvention
> device" to even clueless people.
>
> > And even those that actually use DeCSS only to gain their "copyright"
> > (that is, provide you with your right to copy what you have purchased,
> > for backup-purposes, for instance) or indeed those that illegaly copy
> > DVDs, seldom do so to break commercial products and cause damage to the
> > corporations that push them.
>
> Agreed, but's that's how these corporations (or coporate representatives)
> managed to get these cases to court. However, I fail to see who is going to
> be the prosecutor in the case of a security exploit against the open source
> Linux kernel. In every one of these cases, DeCSS, SDI, and eBook, the
> encryption that was hacked was put in place by the companies specifically to
> protect the copyrighted work. The Linux kernel provides general access
> controls and does not meet the following DMCA requirement to be a copyright
> protection system:
>
> "(B) a technological measure "effectively controls access to a work" if the
> measure, in the ordinary course of its operation, requires the application
> of information, or a process or a treatment, with the authority of the
> copyright owner, to gain access to the work."
>
> The part that is missing is the "authority of the copyright owner" portion.
> In the case of CSS, SDI, and eBook, the copyright owners all specifically
> allow access to the information only when using authorized means of viewing
> the work. Last I checked no copyright owner has said that ACL's are an
> authorized means.

SSSCA grants all this. SSSCA would have enormous impact here. If SSSCA
passes, look out.
http://www.newsforge.com/article.pl?sid=01/10/19/1546246&mode=thread

D. Stimits, [email protected]

>
> This is my main argument why I think Alan is safe to post security related
> information in changelogs. I just don't think there is any way for someone
> to interpret this law to mean that posting that information is illegal. Of
> course, if he still doesn't want to I respect that opinion as well, but I'm
> sure willing to do it.
>
> > As for the Sklyarov-case, I'm pretty sure he'd been arrested even if his
> > program had been an open source program under the GPL, freely
> > distributed etc.
>
> I would tend to agree, because Adobe initially filed the complaint for
> damages he could have been arrested under the civil action. However, once
> Adobe agreed to drop the issue (I'm not sure they did, but it is my
> understanding that they have) it didn't matter much, because they are not
> required to pursue the criminal portion, the government alone can pursue it
> from there.
>
> BTW, I'm not trying to argue that the cases which use the DMCA are valid in
> any way, I'm totally againts all of them as they definately impose on my
> fair use rights, which is why I have never purchased an eBook, don't own a
> DVD player (actually not 100% true, I have a DVD player in my laptop and
> have used it for loading software and playing around with DVD playback under
> Linux using some borrowed DVD's), and don't own music with any SDI
> watermarks (that I know of). If companies don't want to grant me fair use,
> I don't want their products.
>
> Later,
> Tom
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/

2001-10-22 23:56:31

by David Weinehall

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, Oct 22, 2001 at 05:27:06PM -0500, [email protected] wrote:
>
>
> Even if every Linux user in the US speaks out against it (and I'm sure
> a lot of us already have), I doubt it will make any difference at all.

I'm sure that a couple of tens of thousands of well-informed
Open-Source/Free Speech proponents attending Sklyarovs trial would draw
attention.

Similarly a large manifestion on the day of the hearing on SSSCA,
preferably with known (important!) professors, scientists, authors, etc
giving lectures on why DMCA/SSSCA is so bad for
freedom/economy/whatever, would probably give quite some
column-millimetres.

> There just aren't enough of us. But hey, you and the rest of the
> world will still have Linux, so who cares, right? It's great to see
> such enthusiastic support for the principles of free software.

I think few, if anyone, has said anything such.
But I do know, that an Alan at home, co-working with his under-ground
cluster of gnomes, does a hell-of-a-lot more good for free software
than an Alan in a US-prison as yet another victim of "justice".

> My personal opinion is that no one in this discussion is really
> concerned about getting arrested or sued over publishing Linux
> changelogs. I think it's all just a publicity stunt to make a point,
> at the expense of those who have no choice in the matter. In any

Ahhhh. So you argue, that this is a publicity-stunt pulled by Alan,
and at the same time complain about the fact that the people fighting
the DMCA/SSSCA don't get enough attention? That is, you complain about
an alleged attempt to pull attention to an idiotic law, yet whine about
the fact that it's hard to get enough attention about this law?

> case, I'm thoroughly disgusted with the whole subject and don't intend
> to answer any more posts or emails about it.

Ok.


/David Weinehall
_ _
// David Weinehall <[email protected]> /> Northern lights wander \\
// Project MCA Linux hacker // Dance across the winter sky //
\> http://www.acc.umu.se/~tao/ </ Full colour fire </

2001-10-22 23:57:51

by Sam Vilain

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001 12:27:22 -0700
[email protected] wrote:

> On Mon, Oct 22, 2001 at 01:29:14PM +0100, Alan Cox wrote:
> > "Until they become conscious they will never rebel, and until after
> > they have rebelled they cannot become conscious."
> While I've been generally saddened by Alan Cox's and others
> anti-America attitude, I am somewhat surprised to find that
> Alan believes the US bombing of Afghanistan is justified and so
> is the collateral damage as they call it.

*plonk*

2001-10-22 23:58:41

by Jonathan Lundell

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

At 6:47 PM -0500 10/22/01, Steven Walter wrote:
> > That seems like a willful misreading of the original. Where did you
>> get "consent"? Alan suggests that non-rebellion implies lack of
>> consciousness, which doesn't imply consent.
>
>Seems like, but isn't. It's every citizen's responsibility to be aware
>of the matters concerning the State. If they aren't, then again it is
>their own fault.

I don't quarrel with the fact that you assert that. However, it does
not follow from Alan's statement.

And if non-rebellion by a citizenry against immoral behavior by its
government justifies the slaughter of that citizenry, then, to quote
Jefferson in a slightly different context, " Indeed I tremble for my
country when I reflect that God is just, that his justice cannot
sleep forever."
--
/Jonathan Lundell.

2001-10-23 00:02:11

by Jeff Golds

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Steven Walter wrote:
>
> On Mon, Oct 22, 2001 at 04:39:02PM -0700, Jonathan Lundell wrote:
> > >> > > "Until they become conscious they will never rebel, and until after
> > >> > > they have rebelled they cannot become conscious."
> > >> >
> > >> > While I've been generally saddened by Alan Cox's and others
> > >> > anti-America attitude, I am somewhat surprised to find that
> > >> > Alan believes the US bombing of Afghanistan is justified and so
> > >> > is the collateral damage as they call it.
> > >>
> > >> That quote is rather older than the US bombing of Afghanistan. You read
> > >> totally inappropriate things into it.
> > >
> > >Certainly, it is not. This statement applies to Afghanistan, in that
> > >the fact that they have not rebelled means they imply consent to
> > >everything their government does, and therefore are just as guilty as
> > >the Taliban. Therefore, killing civilians (collateral damage) is no
> > >worse than killing terrorists or Taliban officials. This is a stance I
> > >can easily subscribe to, not just with Afghanistan but with any people,
> > >nation, state, or country.
> >
> > That seems like a willful misreading of the original. Where did you
> > get "consent"? Alan suggests that non-rebellion implies lack of
> > consciousness, which doesn't imply consent.
>
> Seems like, but isn't. It's every citizen's responsibility to be aware
> of the matters concerning the State. If they aren't, then again it is
> their own fault.

That might be true in a democracy, but what do you do when you don't
live in such a place? What if your government was not democractic but
"whoever has the most guns". Are you saying that people who don't rebel
against people with guns are consenting?

Also, how can "every citizen be aware of the matters concerning the
State" when you live in a society where the State controls the media?

-Jeff

--
Jeff Golds
Sr. Software Engineer
[email protected]

2001-10-23 00:10:55

by Luigi Genoni

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10


Ohh, our prime minister declared USA the main defensor of liberty.
Of course he was thinking also to this law. You know he has three
television, a couple of newspapers and so on...
His natural attitude brings him to agree in every case with USA
government. He is a good vendor. Apart of this. In Italy we are making a
lot of pressure against a stupid law about copyrights, but
when the prime minister is the owner of the biggest television and most
important newspapers, and when the statal television and newspaper are
a little assentive with the government (oh... just a little),
we are under censure. And anyway we publish articles and public mails
about that, we open web sites. We try to inform, and belive me, italians
are not so interested is a soccer team is not involved.

USA citizens should have less dificoulties to do something similar,
but I am not informed of a real effort from them.

Luigi

p.s.
of course, please, tell me I am wrong

On Mon, 22 Oct 2001, D. Stimits wrote:

>
> NO! US citizens should provide the most pressure, but thinking that
> nations which the USA trades with and is partners with have no influence
> is plain wrong. To state only citizens of USA can help means that you
> truly believe the USA is an island untouched by the world around it. You
> can't fight this from jail, but you don't have to be a USA citizen to
> bring to light the shear stupidity of some US law. Sometimes a foreign
> country has more influence in shouting about the wrong doings than do US
> citizens...the political point of information input is different, all
> angles are required. You don't have to be responsible for a problem in
> order to be able to help solve it.
>
> D. Stimits, [email protected]
>
> >
> > Why are you asking Alan to risk prison _and_ pressure
> > US politicians? That's something you, as a resident
> > of the USA, should be doing yourself.
> >
> > Rik
> > --
> > DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)
> >
> > http://www.surriel.com/ http://distro.conectiva.com/
> >
> > -
> > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> > the body of a message to [email protected]
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
> > Please read the FAQ at http://www.tux.org/lkml/
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>

2001-10-23 00:20:37

by David Miller

[permalink] [raw]
Subject: government/politics/whatever discussions


They don't belong here.

Sure Alan's changelogs are relevant, but half of the threads now with
the same Subject line are far beyond that.

Please take these conversations to appropriate lists or take them into
private email. In fact, these talks would do much more good at one of
the EFF or other political activism lists.

They don't belong here, As interesting and important as these
topics are. I am sure I am not the only person who frankly doesn't
want to have to listen to some of the conversations happening here
now today, when I read this list to get (oh my gosh!) linux kernel
related material.

I'm asking everyone nicely to abide by this request. Matti and I
really don't want to have to be assholes and start black holing people
who can't keep their postings on-topic.

Franks a lot,
David S. Miller
[email protected]

2001-10-23 00:39:16

by Matti Aarnio

[permalink] [raw]
Subject: Re: government/politics/whatever discussions

On Mon, Oct 22, 2001 at 05:20:42PM -0700, David S. Miller wrote:
....
> I'm asking everyone nicely to abide by this request. Matti and I
> really don't want to have to be assholes and start black holing people
> who can't keep their postings on-topic.

Blocking some discussion topic (Subject substring) is the ultimate
penalty I am willing to impose -- and have imposed couple times
over the years.

Folks, while DaveM and myself are hard to tempt to be censors,
even that can happen... Please, don't tempt us.

> Franks a lot,
> David S. Miller
> [email protected]

/Matti Aarnio

2001-10-23 00:37:47

by victor

[permalink] [raw]
Subject: Re[2]: Linux 2.2.20pre10

Hello D.,

Tuesday, October 23, 2001, 1:49:01 AM, you wrote:

DS> Tom Sightler wrote:
>>
>> > > Not forgotten, just trying to understand relevance. How do these cases,
>> > > which all revolve around breaking commercial products and cause damage
>> to
>> > > the corporations that push them, apply to security in the open source
>> Linux
>> > > kernel to which the public is given all rights.
>> >
>> > For me, DeCSS is an application that has a purpose for watching DVD:s
>> > when I boot my G4 into Linux instead of MacOS.
>>
>> For me too, but in other people's opinion it's a tool for pirates (I don't
>> share this opinion, however, I can see how some people, who don't understand
>> the difference, might have this opinion). However, I don't think that a
>> security exploit in an open sourced OS is likely to be a "curcumvention
>> device" to even clueless people.
>>
>> > And even those that actually use DeCSS only to gain their "copyright"
>> > (that is, provide you with your right to copy what you have purchased,
>> > for backup-purposes, for instance) or indeed those that illegaly copy
>> > DVDs, seldom do so to break commercial products and cause damage to the
>> > corporations that push them.
>>
>> Agreed, but's that's how these corporations (or coporate representatives)
>> managed to get these cases to court. However, I fail to see who is going to
>> be the prosecutor in the case of a security exploit against the open source
>> Linux kernel. In every one of these cases, DeCSS, SDI, and eBook, the
>> encryption that was hacked was put in place by the companies specifically to
>> protect the copyrighted work. The Linux kernel provides general access
>> controls and does not meet the following DMCA requirement to be a copyright
>> protection system:
>>
>> "(B) a technological measure "effectively controls access to a work" if the
>> measure, in the ordinary course of its operation, requires the application
>> of information, or a process or a treatment, with the authority of the
>> copyright owner, to gain access to the work."
>>
>> The part that is missing is the "authority of the copyright owner" portion.
>> In the case of CSS, SDI, and eBook, the copyright owners all specifically
>> allow access to the information only when using authorized means of viewing
>> the work. Last I checked no copyright owner has said that ACL's are an
>> authorized means.

DS> SSSCA grants all this. SSSCA would have enormous impact here. If SSSCA
DS> passes, look out.
DS> http://www.newsforge.com/article.pl?sid=01/10/19/1546246&mode=thread


we would call it $$$ca :(((
Researchers and hobbyists seeking new uses for innovative technology might well find their experimentation and prototypes to be criminal under this law.
Other countries will not have similar requirements in their laws and may actively fear the imposition of anti-copy technologies
like always imposing their laws to the world
i expect that Europe dont accept that, but what i would expect if
Spain's president is one of the friend of USA...

DS> D. Stimits, [email protected]

>>
>> This is my main argument why I think Alan is safe to post security related
>> information in changelogs. I just don't think there is any way for someone
>> to interpret this law to mean that posting that information is illegal. Of
>> course, if he still doesn't want to I respect that opinion as well, but I'm
>> sure willing to do it.
>>
>> > As for the Sklyarov-case, I'm pretty sure he'd been arrested even if his
>> > program had been an open source program under the GPL, freely
>> > distributed etc.
>>
>> I would tend to agree, because Adobe initially filed the complaint for
>> damages he could have been arrested under the civil action. However, once
>> Adobe agreed to drop the issue (I'm not sure they did, but it is my
>> understanding that they have) it didn't matter much, because they are not
>> required to pursue the criminal portion, the government alone can pursue it
>> from there.
>>
>> BTW, I'm not trying to argue that the cases which use the DMCA are valid in
>> any way, I'm totally againts all of them as they definately impose on my
>> fair use rights, which is why I have never purchased an eBook, don't own a
>> DVD player (actually not 100% true, I have a DVD player in my laptop and
>> have used it for loading software and playing around with DVD playback under
>> Linux using some borrowed DVD's), and don't own music with any SDI
>> watermarks (that I know of). If companies don't want to grant me fair use,
>> I don't want their products.
>>
>> Later,
>> Tom
>>
>> -
>> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
>> the body of a message to [email protected]
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>> Please read the FAQ at http://www.tux.org/lkml/
DS> -
DS> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
DS> the body of a message to [email protected]
DS> More majordomo info at http://vger.kernel.org/majordomo-info.html
DS> Please read the FAQ at http://www.tux.org/lkml/



--
Best regards,
victor mailto:[email protected]

2001-10-23 00:41:06

by Michael Rothwell

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10


> If it is so, stop to call you a democracy.

Okay, call us a Republic instead. ;)




2001-10-23 00:40:56

by Luigi Genoni

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10



On Mon, 22 Oct 2001, D. Stimits wrote:

> Luigi Genoni wrote:
> >
> > That means USA are not a democracy anymore, but a elegible oligarcy!
> > that is exactly what you wrote!
> >
> > If it is so, stop to call you a democracy.
> > but, untill USA citizens call USA a democracy, and they
> > go to vote, people have the power to change things. Real problem is
> > INFORMATION!
> > Alan is right with what he is doing. But we should do something so that
> > ALL USA citizens will be informed!!!
>
> Who told you the USA was a democracy? Never has, never will be. It is a
> democratic republic. ENORMOUS difference.
sorry for bad english. I was refering to greek meaning ot the work
democratia, that implies, of course, a democratic republic way of
government, because citizens are too many for direct cratia, do they need
a way to get an indirect cratia.
>
> I consider it supportive that someone outside the USA is "drawing the
> line". The buck has to stop somewhere. The sooner the s*it hits the fan,
> the better. The damage caused by excess corporate influence is one place
> that needs a line drawn, and politicians willing to join in creating
> collateral damage against their own people in some demented and wrong
> idea of real security is another ("hey, son, you have a wart on that
> finger, better amputate the arm").
>
agreed

Luigi


2001-10-23 00:42:58

by Chris Gomez

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

From: "David Weinehall" <[email protected]>
Sent: Monday, October 22, 2001 4:56 PM
> On Mon, Oct 22, 2001 at 05:27:06PM -0500, [email protected] wrote:
> > There just aren't enough of us. But hey, you and the rest of the
> > world will still have Linux, so who cares, right? It's great to see
> > such enthusiastic support for the principles of free software.
>
> I think few, if anyone, has said anything such.

Comments along the lines of "move somewhere else" certainly seem to imply
such.
Rik van Riel in particular has said many things along those lines; "That's
tough, they're a democratic country, they can change the law if it hurts
them too much." Of course, that statement is completely untrue. We are
neither a democracy, nor do individuals without very much money have the
power to change laws. Which also precludes moving to a different country.

--Chris Gomez


2001-10-23 00:53:29

by Luigi Genoni

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10



On Mon, 22 Oct 2001, Craig Dickson wrote:

> There have been a lot of messages from a number of different people
> about this "censored changelogs" issue. Rather than reply to various
> points separately, I just want to sum up my views in one message.
>
> I simply don't believe that Alan Cox is at any risk of prosecution, and
> what's more, I don't believe that he believes it. He's just making a
> dramatic political statement that will have no effect on the law, will
> never even be noticed by American legislators, and serves only to annoy
> US-based Linux users.
your own opinion
>
> The words "Felten" and "Sklyarov" keep coming up in this discussion. The
> parallel between Alan Cox's situation and those cases are simply not
> valid.
>
> Felten conducted research on how to break DRM systems that were being
> considered for commercial use (the proposed SDMI standards).
>
> Sklyarov developed (or helped develop) a product that breaks Adobe's
> commercial DRM scheme for PDF files.
>
> Note that both Felten and Skyarov developed and publicized (or announced
> an intent to publicize, in Felten's case) ways of compromising
> commercial, third-party DRM systems, thus embarrassing and antagonizing
> the wealthy corporations that had invested time, money, and prestige in
> those DRM systems. This has no real similarity with Alan Cox's kernel
> work.
Ans so, if a company makes a vulnerable product, I am not free
to publish the bug?

ahh, simply nonsense.

> All Alan is doing is fixing bugs in a system that he has every
> right to work on, and has a long history of contributing to. He is _not_
> reverse-engineering someone else's copyright-protection scheme and
> publicizing how to circumvent it. And anyone who's ever actually _read_
> his changelogs should know that they do not in any way amount to attack
> recipes.
>
> What's more, nobody sued or prosecuted Felten. The RIAA made threatening
> noises, but backed off the instant they were called on it, insisting
> that they had never had any intention of suing anybody, and they fully
> supported Felten's rights as an academic researcher, blah blah blah.
Yes, Felten has the right to do what he did, period!
and, by the way, Sklyarov had the right to write its code in Russia, and
to seel it to a russian company. Then the company could do what it wants.
USA has no right to do something against Sklyarov.

Luigi




2001-10-23 01:08:31

by Craig Dickson

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Luigi Genoni wrote:
> On Mon, 22 Oct 2001, Craig Dickson wrote:
>
> > There have been a lot of messages from a number of different people
> > about this "censored changelogs" issue. Rather than reply to various
> > points separately, I just want to sum up my views in one message.
> >
> > I simply don't believe that Alan Cox is at any risk of prosecution, and
> > what's more, I don't believe that he believes it. He's just making a
> > dramatic political statement that will have no effect on the law, will
> > never even be noticed by American legislators, and serves only to annoy
> > US-based Linux users.
> your own opinion

If you read carefully, I said twice "I don't believe", which pretty
clearly indicates that I am expressing my own opinion. So I'm not at
all sure what you think you're contributing by repeating that fact.

> Ans so, if a company makes a vulnerable product, I am not free
> to publish the bug?
>
> ahh, simply nonsense.

Yes, it is nonsense. Where did you come up with it? Nothing I wrote
suggested any such thing.

What I was pointing out was that the RIAA and Adobe at least had some
reason to be opposed to what Felten and Sklyarov were doing. It is
unfortunate that the DMCA gave them the appearance of legal backing for
their revoltingly unethical attempts to prevent public discussion of the
technical demerits of their technology, but the real point here is that
there was a plaintiff to initiate DMCA prosecution (in Sklyarov's case)
or to threaten Felten with a civil action. But who is going to do the
same to Alan Cox for fixing kernel bugs? Who could conceivably have a
cause for action?

I hope this clarifies my point for you.

Craig

2001-10-23 01:26:45

by Tom Sightler

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

>
> SSSCA grants all this. SSSCA would have enormous impact here. If SSSCA
> passes, look out.
> http://www.newsforge.com/article.pl?sid=01/10/19/1546246&mode=thread
>
> D. Stimits, [email protected]
>

I understand, but the SSSCA is not law now, only the DMCA.

I'm very concerned about the SSSCA, and being from the state of South
Carolina, which Sen. Hollings claims to represent, I'm hoping my letters and
pleadings will have at least some effect (maybe he'll read them). I've
actually met Sen. Hollings once, and have voted against him on every
possible occassion. I don't think he has a clue about the negative effects
such legislation would have.

This is partly why I'm so interested in this discussion. The DMCA was bad
enough, athough I think Alan's interpretation is an extreme one, but the
SSSCA is impossible. The best thing I could say about it is that I'm almost
sure it would have to be struck down in court. Anyway, I'm reading up on
it, and working on a new letter to try to elaborate more.

Still, even when the SSSCA becomes law, I'll likely be one of the ones in
jail, because I'm not giving up on Linux, or the US, that easily. I can
understand why other outside of the US might think otherwise though.

Later,
Tom


2001-10-23 01:40:26

by Steven Walter

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, Oct 22, 2001 at 06:01:02PM -0700, Jeff Golds wrote:
> > > >> > > "Until they become conscious they will never rebel, and until after
> > > >> > > they have rebelled they cannot become conscious."
> > > >> >
> > > >> > While I've been generally saddened by Alan Cox's and others
> > > >> > anti-America attitude, I am somewhat surprised to find that
> > > >> > Alan believes the US bombing of Afghanistan is justified and so
> > > >> > is the collateral damage as they call it.
> > > >>
> > > >> That quote is rather older than the US bombing of Afghanistan. You read
> > > >> totally inappropriate things into it.
> > > >
> > > >Certainly, it is not. This statement applies to Afghanistan, in that
> > > >the fact that they have not rebelled means they imply consent to
> > > >everything their government does, and therefore are just as guilty as
> > > >the Taliban. Therefore, killing civilians (collateral damage) is no
> > > >worse than killing terrorists or Taliban officials. This is a stance I
> > > >can easily subscribe to, not just with Afghanistan but with any people,
> > > >nation, state, or country.
> > >
> > > That seems like a willful misreading of the original. Where did you
> > > get "consent"? Alan suggests that non-rebellion implies lack of
> > > consciousness, which doesn't imply consent.
> >
> > Seems like, but isn't. It's every citizen's responsibility to be aware
> > of the matters concerning the State. If they aren't, then again it is
> > their own fault.
>
> That might be true in a democracy, but what do you do when you don't
> live in such a place? What if your government was not democractic but
> "whoever has the most guns". Are you saying that people who don't rebel
> against people with guns are consenting?

Of course. It's naturally understandable that they don't rebel, but
that's the case, at least. Democratic society did not spring overnight.
It was hard won through centuries of standing up against 'the people
with guns,' even if the people with guns had swords, bows and arrows,
cannons, rifles, etc., instead.

> Also, how can "every citizen be aware of the matters concerning the
> State" when you live in a society where the State controls the media?

Again, see above. Others have managed it. No one is saying its easy,
only possible.

And again, I don't hold the fact that the unarmed Afghans don't rebel
against them. As I said it's completely understandable. I don't think
they deserve to be killed. I'm only saying that a good argument can be
made that they are completely responsible for their government, directly
or indirectly.
--
-Steven
In a time of universal deceit, telling the truth is a revolutionary act.
-- George Orwell
Freedom is slavery. Ignorance is strength. War is peace.
-- George Orwell
Those that would give up a necessary freedom for temporary safety
deserver neither freedom nor safety.
-- Ben Franklin

2001-10-23 01:40:06

by Steven Walter

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, Oct 22, 2001 at 04:58:48PM -0700, Jonathan Lundell wrote:
> At 6:47 PM -0500 10/22/01, Steven Walter wrote:
> > > That seems like a willful misreading of the original. Where did you
> >> get "consent"? Alan suggests that non-rebellion implies lack of
> >> consciousness, which doesn't imply consent.
> >
> >Seems like, but isn't. It's every citizen's responsibility to be aware
> >of the matters concerning the State. If they aren't, then again it is
> >their own fault.
>
> I don't quarrel with the fact that you assert that. However, it does
> not follow from Alan's statement.

My logic is that a lack of rebellion implies consent. If you don't
rebel against it, then you must agree with it. If you don't agree with it,
then you must rebel against it. Is there a flaw in that logic? Surely,
there are degrees to it, i.e., you disagree, but not enough to be
killed. However, in what is practically the scenario now (either
they're are killed by the Taliban for disagreeing or killed by Americans
for agreeing), it only makes sense to align yourself with the same side
as your heart.

> And if non-rebellion by a citizenry against immoral behavior by its
> government justifies the slaughter of that citizenry, then, to quote
> Jefferson in a slightly different context, " Indeed I tremble for my
> country when I reflect that God is just, that his justice cannot
> sleep forever."
> --
> /Jonathan Lundell.

--
-Steven
In a time of universal deceit, telling the truth is a revolutionary act.
-- George Orwell
Freedom is slavery. Ignorance is strength. War is peace.
-- George Orwell
Those that would give up a necessary freedom for temporary safety
deserver neither freedom nor safety.
-- Ben Franklin

2001-10-23 01:59:10

by Aaron Lehmann

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, Oct 22, 2001 at 07:32:11PM -0200, Rik van Riel wrote:
> We're working on implementing access control for
> thefreeworld.net so the classified content won't
> be available for citizens and inhabitants of the
> USA.

And how are you going to do that? Challenge/response ("How do you say
hello in Dutch?")?

IP-based restrictions will not work. I have shell accounts in Europe
that can serve as SSH tunnels. If I use one of these, you will still
be liable.

2001-10-23 02:48:02

by Patrick Chase

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

/> > So, then, just to satisfy my curiosity, how long until users of
Linux in/
/> > the U.S.A. will no longer be allowed to download new kernels?/

> Potentially about 12 months after the SSSCA is passed. At which point
you may
> well find only a binary only OS with enforced copy management is legal in
> the USA.

Not even then, unless you can convince each and every contributor to
relicense their contribution to you under something other than the GPL.
(My reading of the license is that there is _no_ legality-based
exception to the pertinent "derivative works" clause, though I could
easily be wrong). Your change summaries are your original work, so you
are of course free to withold information there at your discretion ;-)

-- Patrick


2001-10-23 03:46:08

by jdthood

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

In your letter you describe Alan as an "official" maintainer
of the stable kernel, but there isn't such a thing. Alan
is a volunteer who works his butt off integrating patches
from other volunteers in order to produce a useful series of
Linux kernels. He has apparently decided, however, to limit
his volunteer contributions to those that aren't liable to
land him in jail sometime in the future.

You seem to think that Alan is just being paranoid or petty,
but you are wrong. U.S. law makes OSS coding legally risky.
Alan's duties require him to handle a lot of code, which
increases his exposure to the risk. Furthermore, his
position in the community makes him an attractive target for
any entity that decides to attack the open source software
community with legal weapons. Remember Sklyarov.

--
Thomas Hood

> Mr. Cox,
>
> I understand your concern for your own safety, though I disagree with
> your evaluation of the danger in this case.
>
> However, I think it's fair to say that the production and distribution
> of complete changelogs, such that all users have access to them, is an
> important part of the job of being the official maintainer for a
> project, especially such an important project as the stable branch of
> the Linux kernel.
>
> So it sounds to me like what you're really saying is that you are
> unwilling to take the risks that, under the current circumstances, you
> perceive as an unavoidable part of the task of maintaining the kernel.
>
> I don't buy the argument you seem to be implying, that you can fulfil
> your responsibilities as kernel maintainer by making this information
> available in such a way that US residents cannot obtain it. From the
> statistics I've seen in the past, a high percentage of Linux users are
> US residents. It is surely unreasonable to suggest that withholding
> information from all those people is compatible with being the official
> kernel maintainer.
>
> You are aware, no doubt, that Linus Torvalds is currently resident in
> the US. If you are unable to give him complete changelogs and
> explanations of the patches you submit to him, I can't imagine how you
> could continue to perform effectively as a Linux kernel developer.
>
> Perhaps you should step down. This would not only be the honest and
> honorable thing to do, if you truly believe that distributing changelogs
> to the US would place you in legal jeopardy, but it would also be a far
> more dramatic act of protest than merely censoring changelogs.
>
> Respectfully,
>
> Craig Dickson
--
Thomas Hood
(Don't reply to the From: address but to jdthood_AT_mail.com)

2001-10-23 03:55:09

by Nicholas Dronen

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, Oct 22, 2001 at 05:45:02PM -0500, Steven Walter wrote:
> On Mon, Oct 22, 2001 at 09:34:28PM +0100, Alan Cox wrote:
> > > On Mon, Oct 22, 2001 at 01:29:14PM +0100, Alan Cox wrote:
> > > > "Until they become conscious they will never rebel, and until after
> > > > they have rebelled they cannot become conscious."
> > >
> > > While I've been generally saddened by Alan Cox's and others
> > > anti-America attitude, I am somewhat surprised to find that
> > > Alan believes the US bombing of Afghanistan is justified and so
> > > is the collateral damage as they call it.
> >
> > That quote is rather older than the US bombing of Afghanistan. You read
> > totally inappropriate things into it.
>
> Certainly, it is not. This statement applies to Afghanistan, in that
> the fact that they have not rebelled means they imply consent to
> everything their government does, and therefore are just as guilty as
> the Taliban. Therefore, killing civilians (collateral damage) is no
> worse than killing terrorists or Taliban officials. This is a stance I
> can easily subscribe to, not just with Afghanistan but with any people,
> nation, state, or country.

Rather, they have not rebelled *successfully*. The country
is in civil war. The Taliban are not regarded as a legitimate
government. Until shortly after 9/11, only three governments
recognized the Taliban diplomatically -- the Wahhabist Saudi
Arabia, the militarist Pakistan and the United Arab Emirates.
(The standing representative of Afghanistan in the United Nations
is *not* of the Taliban.)

Finally, Afghani women have risked their lives and been beaten and
killed for their protests and activities.

http://www.rawa.org/

I witnessed a film just this weekend of an Afghani woman being
shot to death by a member of the Taliban. The film was taken
by a woman who herself risked her life by carrying a video camera
under her clothing.

So, infer what you will about Mr. Cox's statement, but don't
breezily justify the death of innocent civilians (Afghani or
otherwise) in part by disregarding such all-too-inconvenient
details.

Regards,

Nicholas Dronen

2001-10-23 04:36:31

by CaT

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, Oct 22, 2001 at 06:59:19PM -0700, Aaron Lehmann wrote:
> On Mon, Oct 22, 2001 at 07:32:11PM -0200, Rik van Riel wrote:
> > We're working on implementing access control for
> > thefreeworld.net so the classified content won't
> > be available for citizens and inhabitants of the
> > USA.
>
> And how are you going to do that? Challenge/response ("How do you say
> hello in Dutch?")?
>
> IP-based restrictions will not work. I have shell accounts in Europe
> that can serve as SSH tunnels. If I use one of these, you will still
> be liable.

Now, as near as I can tell, he didn't make them available to you and put
up protections against your acquring information you should not have. It
does not matter if they're pissweak as rot13 or not...

As such any getting around them (either by lieing in answer to a
question of 'Are you an American?' or whatever) would be circumvention
of his digital protection mechanisms and as such your actions would be
punishable under the DMCA, would they not?

This means you can go to gaol without the $200...

(Unless I've misunderstood something)

--
CaT "As you can expect it's really affecting my sex life. I can't help
it. Each time my wife initiates sex, these ejaculating hippos keep
floating through my mind."
- Mohd. Binatang bin Goncang, Singapore Zoological Gardens

2001-10-23 05:57:04

by Paul Komkoff

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Replying to Alan Cox:
> I think that you need to learn the difference between socialism and
> stalinist statism - what you are describing is the USSR, which was of
> course the other major state that imprisoned people for wanting to make
> copies as part of free speech, and which controlled copying devices with
> laws.

Not only copying devices - every typewriter also needed to be registered
here "that days" :) we was denied not to only copy but to say anything own
too.

And about restricting copying devices - somebody trying the same in computer
industry, yeah? to deny cd-recorders 'coz they can be used to violate
somebody so-called-copyright, er

and I finish with an usual in this cases (translated from russian) -
"The author thanks the alphabet for kindly given letters"

- --
Paul P 'Stingray' Komkoff 'Greatest' Jr // (icq)23200764 // (irc)Spacebar
PPKJ1-RIPE // (smtp)[email protected] // (http)stingr.net // (pgp)0xA4B4ECA4
-----BEGIN PGP SIGNATURE-----

iEYEAREDAAYFAjvVBpEACgkQyMW8naS07KRseACbBry5lcKVGXa9juDVoUSjkj1K
S/EAoKQYaf+2wiXpgc8mrMzU+AzHUU+N
=9Qi3
-----END PGP SIGNATURE-----

2001-10-23 06:29:14

by Yoann Vandoorselaere

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 2001-10-22 at 23:52, Kilobug wrote:
> Rik van Riel wrote:
>
> >>I never said that Alan, or any particular individual, should
> >>risk a lawsuit or jail. I simply said that I hoped *someone
> >>outside the US* (that is, someone not subject to US laws) would
> >>make the information available.
> >>
> >
> > If you publish to the US, you can be sued under US law.
> >
>
> Ok, so mail me the security-related informations at
> [email protected], it's in France so you can, and I'll forward them.
>
> I don't plan to go to the US a day or another (I won't go to any country
> that use death penalty, for moral and political reasons), and so I don't
> fear their DMCA.

Did you see recent french law change ? I think there is not a long time
to go before we end up with law like DMCA. Have a look to
http://www.lsijolie.net

--
Yoann Vandoorselaere
http://www.prelude-ids.org


Attachments:
(No filename) (232.00 B)

2001-10-23 10:00:45

by Marco Colombo

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Tue, 23 Oct 2001, Luigi Genoni wrote:

>
> Ohh, our prime minister declared USA the main defensor of liberty.
> Of course he was thinking also to this law. You know he has three
> television, a couple of newspapers and so on...
> His natural attitude brings him to agree in every case with USA
> government. He is a good vendor. Apart of this. In Italy we are making a
> lot of pressure against a stupid law about copyrights, but
> when the prime minister is the owner of the biggest television and most
> important newspapers, and when the statal television and newspaper are
> a little assentive with the government (oh... just a little),
> we are under censure. And anyway we publish articles and public mails
> about that, we open web sites. We try to inform, and belive me, italians
> are not so interested is a soccer team is not involved.
>
> USA citizens should have less dificoulties to do something similar,
> but I am not informed of a real effort from them.
>
> Luigi
>
> p.s.
> of course, please, tell me I am wrong

Of course you are: move this to soc.*, please.

.TM.
--
____/ ____/ /
/ / / Marco Colombo
___/ ___ / / Technical Manager
/ / / ESI s.r.l.
_____/ _____/ _/ [email protected]

2001-10-23 10:50:20

by Rik van Riel

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001, Aaron Lehmann wrote:
> On Mon, Oct 22, 2001 at 07:32:11PM -0200, Rik van Riel wrote:
> > We're working on implementing access control for
> > thefreeworld.net so the classified content won't
> > be available for citizens and inhabitants of the
> > USA.

> IP-based restrictions will not work. I have shell accounts in Europe
> that can serve as SSH tunnels. If I use one of these, you will still
> be liable.

Ummm wait a moment ? Wasn't the whole point of the DMCA
that circumventing access control was illegal ?

Otherwise there wouldn't be lawsuits over DeCSS, about
prof. Felten's research and Dmitry would be back home
with his family, right ?

regards,

Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)

http://www.surriel.com/ http://distro.conectiva.com/

2001-10-23 12:32:01

by Jesse Pollard

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

>
> By the same line of reasoning, using passwd as root on a different user
> would be a possible circumvention of a copyright protection mechanism
> and thus turn passwd into illegal software under the DMCA. Are all *nix
> manufacturers and Linux distributors aware of this? All Linux distros
> and all Unix operating systems are illegal under DMCA...

It also applies to Windows too -- the admin would be cirumventing protection
by just changing the/a password...

-------------------------------------------------------------------------
Jesse I Pollard, II
Email: [email protected]

Any opinions expressed are solely my own.

2001-10-23 13:20:54

by Nick LeRoy

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Monday 22 October 2001 17:16, Tony Hoyle wrote:
> In the ancient scrolls of Usenet, page
> <[email protected]>, "Dan Hollis"
>
> <[email protected]> spake thus:
> > On Mon, 22 Oct 2001, Bill Davidsen wrote:
> >> Last I heard Linus was in the USA, his not being able to participate in
> >> security discussions worries me very much. Ditto Redhat and IBM.
> >
> > I wonder if Linus has an exit-usa plan in case the SSSCA passes. If the
> > SSSCA does pass, Linus would be in extreme danger.
>
> It wouldn't surprise me if half of silicon valley had an exit plan...
> The fallout will be fun to watch from 3000 miles away :-)
>
> Tony

I'm not sure if anybody else has heard this yet, but apparently a number of
big software corps, including M$ & IBM have come out AGAINST the SSSCA. This
is good news.

http://linuxtoday.com/news_story.php3?ltsn=2001-10-23-008-20-NW-BZ-LL

-Nick

2001-10-23 16:21:05

by Jonathan Amery

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

In article <[email protected]> Wayne wrote:
> It's great to see such enthusiastic support for the
>principles of free software.

This would be the principles of "I've written this, I hope people find
it useful" or "The author places no restrictions on the distribution
or modification of this work" or likewise?

Jonathan.

2001-10-23 16:28:25

by Geert Uytterhoeven

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001, Craig Dickson wrote:
> If the source code itself somehow becomes illegal, or if Alan can talk
> Linus into placing a geographical restriction on the distribution of
> Linux (which, as the trademark and copyright owner, would be within his
> rights), then the changelog issue will be moot.

Linus cannot do that, since he doesn't own the copyright on the parts written
by others.

Gr{oetje,eeting}s,

Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected]

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds

2001-10-23 17:37:23

by Paul Jakma

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001, Aaron Lehmann wrote:

> And how are you going to do that? Challenge/response ("How do you say
> hello in Dutch?")?

ooooh... i know i know! :)

>
> IP-based restrictions will not work. I have shell accounts in Europe
> that can serve as SSH tunnels. If I use one of these, you will still
> be liable.

no he wouldn't.

you would have circumvented Rik's content-protection system. who
knows, perhaps /you/ might be liable to face punitive measures under
your own DMCA.

to everyone else: see Thomas Hood's rather good post, ie:

A kernel hacker absolutely positively has the right to do what he
wants with his own patches, and esp. is not obliged to users to
do/publish things which carry any risk of possible legal action
relating to his work on his linux. (esp. when you consider that the UK
lies far further to the west politically than it's geographic position
might suggest).

finally: can all the political/legal stuff please go somewhere else?

some of us actually subscribe to this list to read kernel bods discuss
kernel stuff.... :)

--paulj


2001-10-23 18:26:08

by David Miller

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10


This subject line is going to be black holed if people can't take
to heart the request I made yesterday to end these off topic threads.

Just cut the shit already and take these threads elsewhere.

Franks a lot,
David S. Miller
[email protected]

2001-10-24 04:58:33

by Paul G. Allen

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Mike Fedyk wrote:
>
> On Mon, Oct 22, 2001 at 05:45:02PM -0500, Steven Walter wrote:
> > On Mon, Oct 22, 2001 at 09:34:28PM +0100, Alan Cox wrote:
> > > > On Mon, Oct 22, 2001 at 01:29:14PM +0100, Alan Cox wrote:
> > > > > "Until they become conscious they will never rebel, and until after
> > > > > they have rebelled they cannot become conscious."
> > > >
> > > > While I've been generally saddened by Alan Cox's and others
> > > > anti-America attitude, I am somewhat surprised to find that
> > > > Alan believes the US bombing of Afghanistan is justified and so
> > > > is the collateral damage as they call it.
> > >
> > > That quote is rather older than the US bombing of Afghanistan. You read
> > > totally inappropriate things into it.
> >
> > Certainly, it is not. This statement applies to Afghanistan, in that
> > the fact that they have not rebelled means they imply consent to
> > everything their government does, and therefore are just as guilty as
> > the Taliban. Therefore, killing civilians (collateral damage) is no
> > worse than killing terrorists or Taliban officials. This is a stance I
> > can easily subscribe to, not just with Afghanistan but with any people,
> > nation, state, or country.
>
> And how is someone from a forien country going to see just how much or how
> little you have rebelled against the DMCA? We allowed the law to be passed
> so now we should take the blame?

No, "we" did not allow the law to pass. It was passed under our noses and is now being interpreted poorly. The DMCA does not remove our rights under copyright
law as written, but it has removed them as interpreted. The interpretation of the written law is the dangerous thing, not the actual written law. Chances are
the DMCA will stand until the US Supreme Court hears a case and makes the proper decision.

The DMCA and laws like it are meant for one thing: to allow entertainment companies to control what we see/read/hear, how we see/read/hear it, where, and when
we see/read/hear it. Since the networks in this country are run by the very same companies that propose and lobby for these laws, we never hear about them
through these channels. The public at large never has a clue until it's too late. Then we get to suffer until the law is overturned (hopefully).

>
> Like some have already said, we have politicians that promise one thing, and
> do whatever the hell they want after they're in office. It depends on how
> much they stick to their promisses when comes election time in 2-4 years
> that determines wheather they stay there...

Politicians are allowed to do as they please by the pundits who continue to vote for them, or not vote at all. It also occurs because the same people can't seem
to realize why politicians do this. Short term limits force them to do what the corporations they represent tell them to so that they'll have a job once they
are no longer politicians. The lame idea that we must allow campaign contributions at all allows these same corporations to easily grease their palms. The
public at large seems to think there are only two political parties and there is no other alternative. And it is extremely rare that anyone knows what the law
really is in any given situation, even though it is easily accessed via library or Internet.

Throw in the ridiculous complacency of most Americans, the programming that tells us "I can't make a difference, so why bother.", the lack of understanding of
how the law really works (and it does work well when people know how it works - been there, done that), and the general "I don't give a damn about my neighbor
or my kids." attitude, and we get what we deserve. What we have is a government run by, and for, corporations, and fewer and fewer freedoms than our
Constitution garnets as a result. Usually the Supreme Court fixes these things in time, but in the mean time we're screwed, blued, and tattooed.

Now, as for the DMCA bad SSSCA as it pertains to those outside the US. The FBI operates outside the US. The US has great influence on many countries. Don't
think for a minute that a law passed here will never, ever effect you in your own country. We all live on the same planet and with this "New World Order" crap
we, more and more, are dependent upon each other. Unless we all work together, ping our own governments and publicly pressure them, things will only get worse.
The saying "You can't fight City Hall." is very true if you do it alone, but if you make a spectacle of them, public pressure will far outweigh corporate or
special interest money.

Note also that the SSSCA will destroy most all GPL software in the US. It will also harm the Internet as a whole in a LARGE way because Apache, OpenSSH, Linux,
etc. will become illegal. Companies such as mine will be forced to find alternative ways to run their network. In case you are not aware, most likely you use
Akamai servers every day when you browse the Internet (we have over 12,000 servers in 53+ countries on over 300 networks). Most of our servers run Linux,
OpenSSH, and Apache/Apache SSL (using OpenSSL), as well as Perl and many, many GPL programs. Take all those away, or impose licensing and other costs on them,
and the Internet is a much different, and more expensive, place. Whether it realizes it or not, the SSSCA will greatly harm the US government itself.

I for one will not submit to the SSSCA and DMCA or any other such law that removes any of my constitutionally guaranteed freedoms. I do not vote for either of
the main parties and have a reputation for bitching and moaning to lawyers, law makers, and other authorities whenever my freedom is threatened. I guess it's in
my blood to do so, considering my ancestors did the same when this country was founded. Would that more Americans did the same.

PGA

--
Paul G. Allen
UNIX Admin II/Programmer
Akamai Technologies, Inc.
http://www.akamai.com
Work: (858)909-3630

2001-10-24 08:18:59

by Florian Weimer

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Gerhard Mack <[email protected]> writes:

> Has it become time for a non-us.vger.kernel.org ??

This whole non-use concept doesn't work. Even if the server is
located in a free country, traffic might still be routed over US soil.

--
Florian Weimer [email protected]
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898

2001-10-24 13:27:05

by Horst H. von Brand

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

"Per Jessen" <[email protected]> said:

[...]

> Alan Cox, living in the UK, may be *somewhat* subject to US legislation.
> Ties between the US and the UK are strong, and it is understandable if a UK-
> resident person does not feel entirely out of reach of US law
> enforcement.

He works for Red Hat...
--
Dr. Horst H. von Brand Usuario #22616 counter.li.org
Departamento de Informatica Fono: +56 32 654431
Universidad Tecnica Federico Santa Maria +56 32 654239
Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513

2001-10-24 18:00:55

by Riley Williams

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Hi Alan, Bert.

>> Are you saying that we can't divulge security problems in our own
>> software anymore for fear of being sued by affected parties?

> Not even affected parties - the government can do it too without
> anyone else and indeed even if their are contractual agreements
> between parties permitting the data to be released..

Even if there are contractual agreements REQUIRING the data to be
released between the parties (as currently exists between Lockheed
and the USAF that require the mutual release of certain sensitive
information), the government would have the right to prosecute both
the USAF for releasing the information and Lockheed for accessing
it once it had been released - even if nobody at Lockheed ever read
the information in question.

That is how ludicrous it is.

If the said bill ever becomes law, then the US will of necessity become
a third world nation. However, until the idiots sponsoring it get their
faces muddied, the rest of us have to act in just such an insane way!!!

> I hope to have the security stuff up on a non US citizen accessible
> site in time for 2.2.20 final

That's an impossibility!!! However, if you remove the word "citizen"
from that statement, then it becomes possible.

Best wishes from Riley (a US citizen living in England).

2001-10-24 19:01:30

by Riley Williams

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Hi Tudor.

> For reference, here is the full text of the DMCA subsection in
> question: (1201(2)):

> ``(2) No person shall manufacture, import, offer to the public,
> provide, or otherwise traffic in any technology, product, service,
> device, component, or part thereof, that-

> ``(A) is primarily designed or produced for the purpose of
> circumventing a technological measure that effectively controls
> access to a work protected under this title;

> ``(B) has only limited commercially significant purpose or use other
> than to circumvent a technological measure that effectively controls
> access to a work protected under this title;

> or

> ``(C) is marketed by that person or another acting in concert with
> that person with that person's knowledge for use in circumventing a
> technological measure that effectively controls access to a work
> protected under this title.

So...let me see if I understand this correctly...

When the US President vacates office to make room for his successor, he
can then be prosecuted for "otherwise trafficing" in a "service" that
"has only limited commercial significance or purpose...other than to
circumvent a technological measure..." because AS A PART OF HIS JOB as
President, he received information from his advisors relating to matters
of national security, but is now legally barred from knowing that
information by this act?

That should be fun to watch...

Best wishes from Riley.

2001-10-24 22:41:34

by Rik van Riel

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Mon, 22 Oct 2001, Alan Cox wrote:

> 2.2.20pre11
> o Security fixes
> | Details censored in accordance with the US DMCA

OK, the changelog is now online, though still in
accordance with the US DMCA (apologies to our
friends in the states):

http://thefreeworld.net/

kind regards,

Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/

http://www.surriel.com/ http://distro.conectiva.com/

2001-10-26 18:24:51

by Fabian Svara

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

Does all that actually mean that pages on the net which are generally accessible are subject to all the world's laws? That would actually make sense (as the net itself is ubiquitious), but is of course impossible...

Fabian Svara

2001-10-26 18:54:23

by Rik van Riel

[permalink] [raw]
Subject: Re: Linux 2.2.20pre10

On Fri, 26 Oct 2001, Fabian Svara wrote:

> Does all that actually mean that pages on the net which are
> generally accessible are subject to all the world's laws? That
> would actually make sense (as the net itself is ubiquitious),
> but is of course impossible...

Usually you only get arrested when you travel to the
country in question (eg. Dmitry Skylarov or people
criticising the chinese government), but sometimes a
country manages to get somebody extradited for things
which are put on a website (eg. Germany convicted an
Australian for putting neo-nazi stuff on his website).

Both the laws themselves and the legal precedents are
extremely unpredictable, the most sensible thing seems
to be to just not publish things to the country where
they are outlawed by putting some access control in
front of the goodies ;)

regards,

Rik
--
DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)

http://www.surriel.com/ http://distro.conectiva.com/

Subject: Re: Linux 2.2.20pre10

Dominik Kubla <[email protected]> writes:

>Because the mailing list is hosted in the US of A...

If this is ever a problem, I can offer a box on a 100 MBit pipe to the
various german interconnection points (DE-CIX, MAE-FFM, INXS) here in
Germany any second.

Regards
Henning
--
Dipl.-Inf. (Univ.) Henning P. Schmiedehausen -- Geschaeftsfuehrer
INTERMETA - Gesellschaft fuer Mehrwertdienste mbH [email protected]

Am Schwabachgrund 22 Fon.: 09131 / 50654-0 [email protected]
D-91054 Buckenhof Fax.: 09131 / 50654-20

Subject: Re: Linux 2.2.20pre10

"Richard B. Johnson" <[email protected]> writes:

>I believe that we should have sent a tactical nuclear cruise
>missile to Ben Laden's last known address. We can always apologize
>later. This would put future terrorists on notice that if you

>From this day on I promise to always firmly side with Al Viro. You're
a jerk. You just proved it one time too much.

I'm glad that I have the privilege of living in Europe and that people
like you don't have power in the U.S.

And your company builds bomb scanners? Do they know about your ideas?
Scary if you ask me.

Henning

--
Dipl.-Inf. (Univ.) Henning P. Schmiedehausen -- Geschaeftsfuehrer
INTERMETA - Gesellschaft fuer Mehrwertdienste mbH [email protected]

Am Schwabachgrund 22 Fon.: 09131 / 50654-0 [email protected]
D-91054 Buckenhof Fax.: 09131 / 50654-20