Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 22 Oct 2001 15:55:59 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 22 Oct 2001 15:55:42 -0400 Received: from dsl-64-192-150-245.telocity.com ([64.192.150.245]:50194 "EHLO mail.communicationsboard.net") by vger.kernel.org with ESMTP id ; Mon, 22 Oct 2001 15:55:37 -0400 Message-ID: <010a01c15b33$79fedc90$2a040a0a@zeusinc.com> From: "Tom Sightler" To: "Tudor Bosman" , In-Reply-To: <86256AED.0065BD5D.00@smtpnotes.altec.com> <20011022121447.A5618@frood.pikka.net> Subject: Re: Linux 2.2.20pre10 Date: Mon, 22 Oct 2001 15:55:17 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org > In conclusion, I tried to make two points in the above rant: > > 1. A description of a security hole is constitutionally protected > speech, and as such cannot be construed as violating the sections of the > DMCA. If such description fits the definition of "technology, product, > service, device, component, or part thereof", then we're in big trouble, > because source code itself is much closer to the definition of a > "product" than a description of the source code. > > 2. A description of a security hole, or unpatched source code, or even > exploit code do not meet the criteria set forward by the DMCA for > illegal circumvention devices. Very good point indeed. I would like for someone, anyone, to explain to me exactly how disclosing security issues in open code would ever violate the DMCA. Alan stated that it comes from a legal opinion, I would like to see this opinion and know who it was from. Partially because I am from South Carolina, the same state as SSSCA co-author Sen Hollings. I would love to be able to spell out this "doomsday" can't publish security issues scenario and hear his response, but I just don't see it in the DMCA. I would love for someone to enlighten me on how they came to this conclusion with an intelligent sentance other than "that what the DMCA says." Where does it say that? How can you interpret that? Everyone wants to bring up the Sklyarov case, but he didn't just expose the weakness of the code, his company actively sold a product for financial gain that circumvented the protection. While I still don't think the Sklyarov himself should be the target, it has very little similarity to any open source products like Linux. To meet the criteria for criminal prosecution under DMCA you must violate the rules "willfully and for purposes of commercial advantage or private financial gain." This is the only case in which the government can pursue you without another parties involvement. Later, Tom - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/