Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!deimos.cis.ksu.edu!uxc!csd4.milw.wisc.edu!indri!nic.MR.NET!thor.acc.stolaf.edu!mike From: mike@thor.acc.stolaf.edu (Mike Haertel) Newsgroups: comp.unix.wizards Subject: Re: GNU, security, and RMS Message-ID: <2322@thor.acc.stolaf.edu> Date: 3 Jun 89 04:48:46 GMT References: <106326@sun.Eng.Sun.COM> <422@ladcgw.ladc.bull.com> <13688@ncoast.ORG> <15812@vail.ICO.ISC.COM> Reply-To: mike@stolaf.edu Organization: St. Olaf College, Northfield, MN Lines: 53 Since everyone is making such a big deal about `security and RMS' I thought I would try to clarify things a bit. I am employed by the Free Software Foundation, and I have known Richard for about a year. Perhaps this will stop all the wasted bandwidth in useless speculation. In article <15812@vail.ICO.ISC.COM> rcd@ico.ISC.COM (Dick Dunn) writes: >I've seen several postings which seem to assert that the GNU folks won't be >interested in security because that's somehow at odds with free software. Security is not at odds with free softare, but . . . >Is there some other part >of the FSF philosophy (or RMS' personal philosophy, or whatever) that says >that security is a Bad Thing? Yes. I (almost) quote RMS: `I do not believe there should be security among the users of a computer system.' (He posted (approximately) this statement to one of the GNU newsgroups sometime back, when someone was complaining that the default emacs Makefile installs things 777 mode.) >>...(On the other hand, the lack >> of security that RMS prefers would be the biggest stumbling block in getting >> people to *use* GNU... > >This is what really makes me wonder--*does* RMS really prefer a lack of >security, or are we/you/they putting words in his mouth? RMS *really prefers* a lack of security. (He doesn't mind a bit of auditing though, to see who last changed a source file . . .) The GNU system will of course support the UNIX ownership and protection mechanisms, but I find it highly unlikely whether we at the FSF will implement anything more. Other people can if they like, and we might even redistribute it along with other non-FSF user-contributed software. But it's a pretty sure bet that even if we distribute such a system we will never support it in any way. As for my beliefs on the subject: (1) Anyone who thinks a UNIX-compatible system can be `secure' has some serious delusions. Timing windows and covert channels abound. (2) There should not be security among the users of a computer system. The principal use I have seen security put to has been the self- aggrandizement of system administrators at the expense of the user community. (I agree that in some situations it is reasonable to have security to keep out outsiders, though.) -- Mike Haertel ``There's nothing remarkable about it. All one has to do is hit the right keys at the right time and the instrument plays itself.'' -- J. S. Bach