On Tue, Apr 18, 2017 at 6:58 AM, Cankaya, Yilmaz <[log in to unmask]> wrote:

Dear All,

 

We are as Airbus DS CyberSecurity running projects with the aim of introducing some cyber security products mainly for defence and ICS industry.  

 

We want to use Linux OS in our products (hardware, software or even service) and therefore we are in the process of getting FOSS (Free Open Source Software) clearance for those products.   The product will be commercial and distributed to the customers in a hardware box with following conditions:


You'll want to check upstream to Red Hat Enterprise Linux licensing for almost all of the software, since Scientific Linux is a free rebuild of RHEL. That means that components which are *not* free software, open source software, or compatible with those licenses is not being included by our friends over at Fermi Lab who have been graciously hosting and publishing this work for the rest of us, and who've as best I can tell carefully stayed away from the small set of proprietary components RHEL includes.

1.       No visibility of OS and Trademark:  The product will be a hardware box and the OS will never we visible to the end user even in the documentation.  We do not (normal use)  expect any customer to interface with the product OS in any manner.   In  conjunction with this, we do not aim at using/displaying the trademark of the OS in any form.


That.... may require extra work. Gnome, for example, includes various trademarks, as does KDE, in its basic default configuration. What precisely are you planning to run on these boxes?
 

2.       No Source Code Change: The software running on the box  is developed from scratch with some shared libraries.  The licensing for those libraries is currently handled separately.  But, practically, we do not change any source code of another software or OS component. 


Out of personal curiosity, if you change source, do you publish or intend to publish your changes? One of the great opportunities with free software and open source software is the chance to enhance tools and fix issues, and to share those as active members of the open source security.
 

3.       OS changes:  We mainly change the network configuration, syslog configuration, OS startup configuration, security hardening (based on the recommendations of the to be used OS distribution) and add some folders and new files for our purpose under /opt and /etc.

You've my sympathies, I've certainly done this.

4.       Custom Repository:  We strictly differentiate between our own packages and Linux OS packages.  So, we will provide a custom repository for own packages.  OS updates and any other updates would be retrieved from one of the distribution repositories.

Sounds like you're trying to do things right, and legally.  Good for you! If you need some help with working structures for build environments for building suites of internal RPM's and their dependencies, I've a few examples of such over at https://github.com/nkadel/ you're welcome to look at.

 

SL 7.3 release notes given below

 

ftp://ftp.scientificlinux.org/linux/scientific/7x/x86_64/os/sl-release-notes.html#_packages_removed_from_upstream

 

states  “There is a new Scientific Linux End User License Agreement (EULA). The EULA now contains information about the U.S. Government contract under which Fermilab produces Scientific Linux”.

 

And the EULA allows

 

ftp://ftp.scientificlinux.org/linux/scientific/7x/x86_64/os/EULA

 

redistribution and commercial usage so long as GPL v2 is satisfied.   

 

We would be glad to use SL 7.3 as our choice of Linux OS but we need on our side to assure that this will not change in the upcoming releases or at least this EULA will be valid for all 7.x releases.  What are your comments on this?  Is there a communication partner by Fermi Lab that could assist us in this manner?

 

Thanks

 

 

Beste Grüße – Kind Regards,

 

Yilmaz Cankaya

Project-/Bid Manager

CyberSecurity

 

Willy-Messerschmitt-Straße 1

82024  Taufkirchen

Germany

T:   +49 (0) 89 3179 7609

E:   [log in to unmask]

 

www.airbusdefenceandspace.com ; www.cassidiancybersecurity.com

 

Cassidian Cybersecurity GmbH
Registered Office: Ottobrunn
District Court of Munich HRB 149698
Managing Director: Michael Gerhards

 


The information in this e-mail is confidential. The contents may not be disclosed or used by anyone other than the addressee. Access to this e-mail by anyone else is unauthorised.
If you are not the intended recipient, please notify Airbus immediately and delete this e-mail.
Airbus cannot accept any responsibility for the accuracy or completeness of this e-mail as it has been sent over public networks. If you have any concerns over the content of this message or its Accuracy or Integrity, please contact Airbus immediately.
All outgoing e-mails from Airbus are checked using regularly updated virus scanning software but you should take whatever measures you deem to be appropriate to ensure that this message and any attachments are virus free.

Friend, it's a bit awkward to be "confidential" and  "The contents may not be disclosed or used by anyone other than the addressee." with email to a public mailing list.