Re: ITP: kernel-patch-selinux

[Manoj Srivastava]

>>"John" == John Galt <[EMAIL PROTECTED]> writes:

 John> First of all, I doubt that you're going to have too much
 John> trouble getting a response from SElinux.  They've been pretty
 John> good on responding to their mailinglist

I had sent in an informal request for clarification to the
 mailing list (and, after a mini-fiasco of not posting from the email
 address I was subscribed with, and reposting), and it has been
 forwarded to the lawyers in question (the ones who wanted the click
 through disclaimer). 

The post should be showing up on the SELinux list any time
 now. 

manoj
-- 
 Oh, and this is another kernel in that great and venerable
 "BugFree(tm)" series of kernels.  So be not afraid of bugs, but go
 out in the streets and deliver this message of joy to the
 masses. Linus, in the announcement for 1.3.27
Manoj Srivastava   <[EMAIL PROTECTED]>  
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Re: ITP: kernel-patch-selinux

[Russell Coker]

On Tue, 25 Sep 2001 00:12, John Galt wrote:
> First of all, I doubt that you're going to have too much trouble getting a
> response from SElinux.  They've been pretty good on responding to their
> mailinglist: which, I might add, I see more than one Debian Developer has
> contributed to, yet you have not.  It would behoove you to actually look
> as if you really cared before ITPing.

I've read some of the archives, although they are incomplete and poorly 
indexed.

Did you have a point with this or do you just want to write more flames and 
waste everyone's time as usual?

> Secondly, since Debian's warranty is "no warranty", I fail to see how the
> expression of that in a license makes it non-free.

They ask that people agree to conditions before download.  We have no 
facilities for showing the conditions before downloading, they could 
potentially disagree with this.

> Thirdly, isn't this a question for -legal?

I think this is now being handled adequately in private mail.  A developer 
who has had prior contact with the NSA people is now dealing with the matter.

> On Sat, 22 Sep 2001, Russell Coker wrote:
> >I intend to package the kernel patch for NSA Security Enhanced Linux.
> >
> >Below is all the details on licenses.  My interpretation of the below
> > license details (copied from the web site) is that the kernel patch is
> > under the GPL and everything is fine.
> >
> >However is the issue about "warranty exclusion" etc which requires
> > "agreement before download" going to force me to use non-free for my
> > package?
> >
> >I know I could ask upstream for clarification of this issue, however the
> > NSA takes a long time to prepare public statements, and I imagine that
> > things will take longer now than they would have a few weeks ago...
> >
> >
> >
> >License statement from http://www.nsa.gov/selinux/license.html :
> >
> >All source code found on this site is released under the same terms and
> >conditions as the original sources. For example, the patches to the Linux
> >kernel, patches to many existing utilities, and new programs and libraries
> >available here are released under the terms and conditions of the GNU
> > General Public License (GPL). The patches to some existing utilities and
> > libraries available here are released under the terms and conditions of
> > the BSD license.
> >
> >I downloaded the patch from http://www.nsa.gov/selinux/src-disclaim.html
> >which has the following disclaimer:
> >
> >Before downloading this software, you must accept the warranty exclusion
> > and limitation of liability which appears below.
> >
> >WARRANTY EXCLUSION
> >
> >I expressly understand and agree that this software is a non-commercially
> >developed program that may contain "bugs" (as that term is used in the
> >industry) and that it may not function as intended. The software is
> > licensed "as is". NSA makes no, and hereby expressly disclaims all,
> > warranties, express, implied, statutory, or otherwise with respect to the
> > software, including noninfringement and the implied warranties of
> > merchantability and fitness for a particular purpose.
> >
> >LIMITATION OF LIABILITY
> >
> >In no event will NSA be liable for any damages, including loss of data,
> > lost profits, cost of cover, or other special, incidental, consequential,
> > direct or indirect damages arising from the software or the use thereof,
> > however caused and on any theory of liability. This limitation will apply
> > even if NSA has been advised of the possibility of such damage. I
> > acknowledge that this is a reasonable allocation of risk.

-- 
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/   Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page

Re: ITP: kernel-patch-selinux

[John Galt]

First of all, I doubt that you're going to have too much trouble getting a
response from SElinux.  They've been pretty good on responding to their
mailinglist: which, I might add, I see more than one Debian Developer has
contributed to, yet you have not.  It would behoove you to actually look
as if you really cared before ITPing.

Secondly, since Debian's warranty is "no warranty", I fail to see how the
expression of that in a license makes it non-free.

Thirdly, isn't this a question for -legal?

On Sat, 22 Sep 2001, Russell Coker wrote:

>I intend to package the kernel patch for NSA Security Enhanced Linux.
>
>Below is all the details on licenses.  My interpretation of the below license
>details (copied from the web site) is that the kernel patch is under the GPL
>and everything is fine.
>
>However is the issue about "warranty exclusion" etc which requires "agreement
>before download" going to force me to use non-free for my package?
>
>I know I could ask upstream for clarification of this issue, however the NSA
>takes a long time to prepare public statements, and I imagine that things
>will take longer now than they would have a few weeks ago...
>
>
>
>License statement from http://www.nsa.gov/selinux/license.html :
>
>All source code found on this site is released under the same terms and
>conditions as the original sources. For example, the patches to the Linux
>kernel, patches to many existing utilities, and new programs and libraries
>available here are released under the terms and conditions of the GNU General
>Public License (GPL). The patches to some existing utilities and libraries
>available here are released under the terms and conditions of the BSD license.
>
>I downloaded the patch from http://www.nsa.gov/selinux/src-disclaim.html
>which has the following disclaimer:
>
>Before downloading this software, you must accept the warranty exclusion and
>limitation of liability which appears below.
>
>WARRANTY EXCLUSION
>
>I expressly understand and agree that this software is a non-commercially
>developed program that may contain "bugs" (as that term is used in the
>industry) and that it may not function as intended. The software is licensed
>"as is". NSA makes no, and hereby expressly disclaims all, warranties,
>express, implied, statutory, or otherwise with respect to the software,
>including noninfringement and the implied warranties of merchantability and
>fitness for a particular purpose.
>
>LIMITATION OF LIABILITY
>
>In no event will NSA be liable for any damages, including loss of data, lost
>profits, cost of cover, or other special, incidental, consequential, direct or
>indirect damages arising from the software or the use thereof, however caused
>and on any theory of liability. This limitation will apply even if NSA has
>been advised of the possibility of such damage. I acknowledge that this is a
>reasonable allocation of risk.
>
>

-- 
I can be immature if I want to, because I'm mature enough to make my own
decisions.

Who is John Galt?  [EMAIL PROTECTED]

Re: ITP: kernel-patch-selinux

[John Hasler]

 Russell Coker wrote:
> I intend to package the kernel patch for NSA Security Enhanced Linux. 
> Below is all the details on licenses.  My interpretation of the below license 
> details (copied from the web site) is that the kernel patch is under the GPL 
> and everything is fine.
> However is the issue about "warranty exclusion" etc which requires "agreement 
> before download" going to force me to use non-free for my package?

Note that http://www.nsa.gov/selinux/src-disclaim.html begins "Before
downloading this software..." and is titled "Legal Notices", not "License"
(and has "disclaim" in the URL).  I think that means that _you_ are
required to agree before downloading from their site.  Someone installing
your Debian package is not downloading from their site and so has no need
to read the notice.

http://www.nsa.gov/selinux/license.html makes it very clear that the
license terms are DFSG compliant.
-- 
John Hasler
[EMAIL PROTECTED]
Dancing Horse Hill
Elmwood, Wisconsin

Re: ITP: kernel-patch-selinux

[Wouter Verhelst]

On Mon, 24 Sep 2001, Eric Van Buggenhaut wrote:

> On Sat, Sep 22, 2001 at 05:36:26PM +0200, Russell Coker wrote:
> > I intend to package the kernel patch for NSA Security Enhanced Linux.
> > 
> > Below is all the details on licenses.  My interpretation of the below 
> > license 
> > details (copied from the web site) is that the kernel patch is under the 
> > GPL 
> > and everything is fine.
> > 
> > However is the issue about "warranty exclusion" etc which requires 
> > "agreement 
> > before download" going to force me to use non-free for my package?
> 
> Wouldn't it be OK if you simply include WARRANTY EXCLUSION and LIMITATION Of
> LIABILITY clauses in debian/copyright ?

I'm afraid you can't simply do that without permission of the original
authors. The reason you have to read this legal stuff before downloading
is that you can't deny having read it afterwards. If this is packaged, you
can do so. Lawyers won't like that...



-- 
wouter dot verhelst at advalvas dot be

"Human knowledge belongs to the world"
  -- From the movie "Antitrust"

rm -rf /bin/laden

Re: ITP: kernel-patch-selinux

[Eric Van Buggenhaut]

On Sat, Sep 22, 2001 at 05:36:26PM +0200, Russell Coker wrote:
> I intend to package the kernel patch for NSA Security Enhanced Linux.
> 
> Below is all the details on licenses.  My interpretation of the below license 
> details (copied from the web site) is that the kernel patch is under the GPL 
> and everything is fine.
> 
> However is the issue about "warranty exclusion" etc which requires "agreement 
> before download" going to force me to use non-free for my package?

Wouldn't it be OK if you simply include WARRANTY EXCLUSION and LIMITATION Of
LIABILITY clauses in debian/copyright ?

[...]


> WARRANTY EXCLUSION
>  
> I expressly understand and agree that this software is a non-commercially
> developed program that may contain "bugs" (as that term is used in the
> industry) and that it may not function as intended. The software is licensed
> "as is". NSA makes no, and hereby expressly disclaims all, warranties,
> express, implied, statutory, or otherwise with respect to the software,
> including noninfringement and the implied warranties of merchantability and
> fitness for a particular purpose.
>  
> LIMITATION OF LIABILITY
>  
> In no event will NSA be liable for any damages, including loss of data, lost
> profits, cost of cover, or other special, incidental, consequential, direct or
> indirect damages arising from the software or the use thereof, however caused
> and on any theory of liability. This limitation will apply even if NSA has
> been advised of the possibility of such damage. I acknowledge that this is a
> reasonable allocation of risk.
> 
> -- 
> http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
> http://www.coker.com.au/postal/   Postal SMTP/POP benchmark
> http://www.coker.com.au/projects.html Projects I am working on
> http://www.coker.com.au/~russell/ My home page
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 
> 
> 

-- 
Eric VAN BUGGENHAUT "Oh My God! They killed init! You Bastards!"
--from a /. post
\_|_/   Andago
   \/   \/  Av. Santa Engracia, 54
a n d a g o  |--E-28010 Madrid - tfno:+34(91)2041100
   /\___/\  http://www.andago.com
/ | \   "Innovando en Internet"
[EMAIL PROTECTED]

ITP: kernel-patch-selinux

[Russell Coker]

I intend to package the kernel patch for NSA Security Enhanced Linux.

Below is all the details on licenses.  My interpretation of the below license 
details (copied from the web site) is that the kernel patch is under the GPL 
and everything is fine.

However is the issue about "warranty exclusion" etc which requires "agreement 
before download" going to force me to use non-free for my package?

I know I could ask upstream for clarification of this issue, however the NSA 
takes a long time to prepare public statements, and I imagine that things 
will take longer now than they would have a few weeks ago...



License statement from http://www.nsa.gov/selinux/license.html :
 
All source code found on this site is released under the same terms and
conditions as the original sources. For example, the patches to the Linux
kernel, patches to many existing utilities, and new programs and libraries
available here are released under the terms and conditions of the GNU General
Public License (GPL). The patches to some existing utilities and libraries
available here are released under the terms and conditions of the BSD license.
 
I downloaded the patch from http://www.nsa.gov/selinux/src-disclaim.html
which has the following disclaimer:

Before downloading this software, you must accept the warranty exclusion and
limitation of liability which appears below.
 
WARRANTY EXCLUSION
 
I expressly understand and agree that this software is a non-commercially
developed program that may contain "bugs" (as that term is used in the
industry) and that it may not function as intended. The software is licensed
"as is". NSA makes no, and hereby expressly disclaims all, warranties,
express, implied, statutory, or otherwise with respect to the software,
including noninfringement and the implied warranties of merchantability and
fitness for a particular purpose.
 
LIMITATION OF LIABILITY
 
In no event will NSA be liable for any damages, including loss of data, lost
profits, cost of cover, or other special, incidental, consequential, direct or
indirect damages arising from the software or the use thereof, however caused
and on any theory of liability. This limitation will apply even if NSA has
been advised of the possibility of such damage. I acknowledge that this is a
reasonable allocation of risk.

-- 
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/   Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page