Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 22 Oct 2001 18:22:20 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 22 Oct 2001 18:22:06 -0400 Received: from daytona.gci.com ([205.140.80.57]:56848 "EHLO daytona.gci.com") by vger.kernel.org with ESMTP id ; Mon, 22 Oct 2001 18:20:02 -0400 Message-ID: From: Leif Sawyer To: Rik van Riel , Alan Cox Cc: linux-kernel@vger.kernel.org Subject: RE: Linux 2.2.20pre10 Date: Mon, 22 Oct 2001 14:20:23 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org > Rik van Riel responds to: > On Mon, 22 Oct 2001, Craig Dickson wrote: > > Rik van Riel wrote: > > > > > Maybe Alan will allow publishing of the changelogs on > > > http://thefreeworld.net/ ? > > > > Earlier today he said he wanted to put them online in a way that > > US citizens couldn't get at them. That's simply not acceptable. > > It's perfectly fine with me ;) > > > Now, if he backs off to simply not including them in email, but > > publishing them on a non-US website that is freely accessible to > > Americans, that might be a reasonable compromise. > > We're working on implementing access control for > thefreeworld.net so the classified content won't > be available for citizens and inhabitants of the > USA. > > This is done so we won't be liable for publishing > things to the USA which would be illegal there. > > > Alan has done a great many wonderful things for the kernel, and > > it would indeed be very sad if he could not continue to do so. > > However, if he's unwilling to do the job completely, making > > changelogs and all other public information available without > > restrictions, then he is no longer doing a very important part > > of his job, and someone else should take over. > > So if the SSSCA gets approved and open source is outlawed > (because only software with 'approved security measures' > is allowed) Linux should stop entirely ? > > I don't agree that one US law, which hurts US citizens, > should also hurt the rest of the world. It's your country, > it's your law, it should only hurt you... Now i'm completely mystified. Since I'm a member of BugTraq, I get full disclosure of the bugs that make it there. Including the recent kernel bugs. Since I'm in the position to see the problem before the solution, I'd be happy to repost a summary of security-related changes to vger, provided of course that I'm able to correlate the changes with the advisories posted on BugTraq. Of course, if Alan wanted to cc me on the kernel updates with the full text of the changes, or if I had access to this new website, I'd still be willing to repost. Once a security issue is published to the global internet community (via BugTraq, vger, or any other method) with regards to the open-source componant of the linux kernel (i can't speak for non-GPL'd stuff of course) in a manner consistant with full-disclosure, then I see no legal issue with posting information that informs users of what fixes are made. -- Leif Sawyer -- Pi@4398680 leif@gci.net || lsawyer@gci.com || internic: LS2540 (907) 868 - 0116 || ICQ - 3749190 || http://home.gci.net/~leif Network & Security Engineer -- General Communication Inc. PGP Fingerprint: 77 C8 34 B8 FD BC C6 32 5F FE 93 4B AE 6C F7 4E -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GAT d+ s: a C+++(++)$ US++++$ UL++++$ P+++ L++(+++) E--- W+++ N+ o+ K w O- M- V PS+ PE Y+ PGP(+) t+@ 5- X R- tv b++(+++) DI++++ D++ G+ e(+)* h-- r++ y+ PP++++ HH++++ A19 NT{--} ------END GEEK CODE BLOCK------ Decode it! http://www.ebb.org/ungeek/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/