Law means Linux security patches secret

The controversial Digital Millennium Copyright Act (DMCA) is spreading such fear among the open source community that a Linux kernel update will go out lacking information on security fixes.

An update to the widely used version 2.2 of the Linux kernel was released on Monday without detailed information on a number of security patches. According to Alan Cox, Linus Torvald's right hand man, the censorship was necessary to prevent the coders running into trouble with the DMCA.

The Act was designed to prevent the publication of code that is capable of circumventing security and copy protection schemes.

The law became infamous with the geek community after the arrest of Dmitry Sklyarov, who cracked the protection on Adobe's eBook Reader software. Previous to this it had attracted attention in the DeCSS DVD decryption software case.

In a posting to the Linux kernel developer newsgroup Cox said that, until the authorities realised the flaws in the DMCA, "US citizens will have to guess about security issues".

Cox seems to be saying that, because some security systems in Linux could be used to manage rights on copyrighted work, security information would have to be posted on a website that blocks access from US visitors.

However, other posters to the mailing list have said that Cox may be overreacting to the impact of the DMCA, and some have suggested that he may be using the open source community as a vehicle to protest at the Act.

In related news, Sony last week invoked the DMCA to force the closure of a site that details how to modify and enhance the software in the Aibo robotic dog.

In a letter to the webmaster of Aibohack.com, the electronics giant claimed that the contents of the site "contained Sony copyrighted software which you are copying and distributing in violation of Sony's rights".

"Your site provides the means to circumvent the copy protection protocol of Sony's Aibo Memory Stick to allow access to Sony Aibo-ware software which appears to have been created by copying and decrypting Sony's software," the company added.

The site has since been closed down and all files capable of modifying Aibo have been removed.