Slashdot Mirror
Did MS Lobbying Stop NSA Work On SELinux?
inquisitive points to this CNET story on how George Wash Univ. may help Linux gain certification under the Common Criteria, certification required for software to be used in some sensitive government roles. In the same story, though, is an interesting quote from another effort at bringing GPL'd software to the public sector: "'We didn't fully understand the consequences of releasing software under the GPL (General Public License),' said Dick Schafer, deputy director of the NSA. 'We received a lot of loud complaints regarding our efforts with SE Linux.'" Sources familiar with events said that aggressive Microsoft lobbying efforts have contributed to a halt on any further work. 'Microsoft was worried that the NSA's releasing open-source software would compete with American proprietary software,' said a source familiar with the complaints against the NSA who asked not to be identified."
To release source code under the GPL, you have to hold the copyright to the code.
The US Government (in this case represented by NSA) cannot hold a copyright, the law does not allow for it.
No copyright, no GPL, end of story.
But I have no doubt that M$ whined too.
Poul-Henning Kamp -- FreeBSD since before it was called that...
Does Torvalds own the copyright to the entire kernel? I wasn't aware that he had had all the contributers in the past send him copyright assignments (which is what the FSF does). I'm fairly sure different parts of the kernel are copyrighted by lots of different people.
And due to some of the wonderful properties of the GPL, you'd need to get every person who has contributed code into the kernel to agree to the exemption. Good luck.
Well, the U.S. government does place restrictions on one's right to give software away (in the case of strong cryptography). Hence OpenBSD is based in Canada.
But do these U.S. export restrictions apply to free software? The current crypto export regulations (section 740.13(e)) seem to grant an export License Exception for publicly available source code and object code compiled from publicly available source code provided that the original publisher of such code notifies crypt@bis.doc.gov (cc: enc@ncsc.mil) of the code's public availability. (Notification seems not to be required for mirrors.)
Hence Mozilla is based in the United States, where the only restriction on exporting OSI Certified(tm) open source encryption software is that it not implement a system primarily designed to restrict the fair use of a copyrighted work.
Will I retire or break 10K?
We the people of the United States, in order to form a more perfect union, establish justice, insure domestic tranquility, provide for the common defense, promote the general welfare, and secure the blessings of liberty to ourselves and our posterity, do ordain and establish this Constitution for the United States of America.
Writing server-type apps to live within the constraints of a mandatory access policy is tough. (Look at how much crap runs as root because people can't make it live within the UNIX permission structure, which is far less restrictive.) But it's the only approach that works, because the applications aren't trusted.
If you want to help, make some major application, like a mail program, work under SELinux, with as little trusted code as possible. Somebody was doing this for an FTP server, but those are of limited use. A mail server on SELinux would actually be useful.
pay much in tax.
Government projects are paid for by taxpayers, mostly individuals and small-to-medium sized companies, and it would be in their interest to have an alternative to Microsoft.
Look at it this way, with their monopoly Microsoft is about the only entity that can reliably squeeze money out of large corporations.
My 2 cents,
Michel
Fedora Project Contribut
Having worked there, I can tell you this: intercepting a US person is a SERIOUS infraction. Its not something you can do without running afoul of a lot of laws. The abuse done by the NSA during the Nixon years caused a lot of severe curbs (both open and classified) to be placed on the NSA, and those laws have serious teeth that will bite anyone violating them. As with the armed forces, there are a lot of very liberty minded folks working there to preserve your freedoms at the cost of their own. One example is that free speech is very limited once you hold certain accesses and clearances.
IMHO, you're in more danger from those folks at the FBI.
You really ought to do a seach on "USSID 18". I cant say anything confirming or denying, but there are some very interesting things that have been declassified out of Big Daddy DIRNSA's pockets.
Secondarily, its NSA/CSS. Ever hear of the CSS side of the house? I suggest you look it up before posting obvious biased off-base stuff thats based on a hokey movie [sneakers].
Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo! http://goo.gl/J9bkO
Mostly: GPLed software is often copyright by someone. Correct? If the govt makes patches, like SE Linux, they have contributed to someone else's copyright.
Not quite right.
Linux, for instance, is not all copyright Linus. In fact, most of Linux is not copyright Linus, because whenever someone else contributes a substantial portion, they own copyright on that portion (not Linus).
That's why folks writing GPLed software can't change the license (or offer an alternately-licensed version) if they accept other people's patches, unless they either rewrite all those patches themselves or require contributors to file a copyright assignment.
So the government can contribute to a GPLed project and still maintain their own, independant copyright. (That said, it makes more sense to release their patches into the public domain -- even if the derivative work, that being the patched product, must be GPLed).