| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: seth at tautology.org (Seth Alan Woolley) Subject: Cisco's stolen code On Thu, May 27, 2004 at 08:41:27AM +1000, Brad Griffin wrote: > Now that this code is stolen, anyone who has a copy of that code is a > suspected thief until such time as they show that they did not steal > it, or that they are not an accomplice or have not received stolen > property. Holders of the code must (if necessary) show that they are > holding the code legitimately. Innocent until proven guilty is a foreign concept to you? What's this meaningless "must (if necessary)" banter mean? You were accusing me of being the lawyer, remember? > Copyright has three parts of stuff all to do with stealing property and > does *not* apply here (not where I come from at least). Words are not property. I refer: http://www.gnu.org/philosophy/words-to-avoid.html#TOCIntellectualProperty Citizens have a "right" to employment under the Full Employment Acts of 1964, 1978, etc. in the US, too. There's a lot of stolen property in that case, under Greenspan's desk. > That's called Receiving Stolen Property. No, it is not. Nobody ever took their temporary, state-enforced monopoly right to control duplication by receiving a copy of something after it has been duplicated already. Somebody else received that right. I already posted the USC on the subject. The court can mandate that the code from a particular infringement be destroyed, and that's the extent of it. I pity all the purchasers of MS-DOS 6.0 and 6.2. The stolen "rights" from Stac Electronics should brand them all pirates! Personally, I wouldn't touch the CISCO code with one of those aforementioned ten foot barge poles. However, auditors, if they so choose and plan how they receive the code well, can hold themselves harmless under US law for disclosing security flaws. Tough break for CISCO, and that ends up being a security implication: combine Kerckhoffs Principle with the poorer security of security by obscurity, and soon there shall be a fallout from the forthcoming flaws auditors are sure to find. The beauty of it all is that CISCO can't do a damned thing about it, despite the wishes of WIPO. -- Seth Alan Woolley [seth at positivism.org], SPAM/UCE is unauthorized Key id EF10E21A = 36AD 8A92 8499 8439 E6A8 3724 D437 AF5D EF10 E21A http://smgl.positivism.org:11371/pks/lookup?op=get&search=0xEF10E21A Security Team Leader Source Mage GNU/Linux http://www.sourcemage.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040526/2141edbf/attachment.bin
Powered by blists - more mailing lists