lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1533652452.5764.2.camel@HansenPartnership.com>
Date:   Tue, 07 Aug 2018 07:34:12 -0700
From:   James Bottomley <James.Bottomley@...senPartnership.com>
To:     Tycho Andersen <tycho@...ho.ws>, Kees Cook <keescook@...omium.org>
Cc:     "Tobin C . Harding" <me@...in.cc>, linux-api@...r.kernel.org,
        containers@...ts.linux-foundation.org,
        Akihiro Suda <suda.akihiro@....ntt.co.jp>,
        Oleg Nesterov <oleg@...hat.com>, linux-kernel@...r.kernel.org,
        "Eric W . Biederman" <ebiederm@...ssion.com>,
        Christian Brauner <christian.brauner@...ntu.com>,
        Andy Lutomirski <luto@...capital.net>
Subject: Re: [PATCH v4 0/4] seccomp trap to userspace

On Mon, 2018-08-06 at 20:44 -0600, Tycho Andersen wrote:
> Hi all,
> 
> Dinesh Subhraveti has claimed that some part of this series might be
> patented. While he has not furnished me with anything to confirm this
> claim, I'll put this series on hold.

Just on a general policy for handling things like this.

Firstly, never discuss specifics on a mailing list.  Patents are a
really tricky area where advice in confidence is needed and lack of
confidentiality usually only benefits the patent holder.

Secondly, vague threats (like this) can be safely ignored.  Thanks to
the terms of the GPL and the specific actions of OIN, we legitimately
have licences to a vast pool of patents, so we should assume for every
vague threat of the existence of a patent that we do legitimately
possess a licence until the threat is made specific.

Finally, if the vague threat becomes specific (which means citation of
patent by number and claim) you need to engage the resources we have at
our disposal to investigate.  Likely it will be OIN resources that do
this investigation, but the way to begin is to start with your
corporate counsel for contributions on behalf of a company.  If they're
on behalf of you as an individual, you can begin with Counsel which the
Linux Foundation will provide.

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ