Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Saturday February 10 2018, @01:08AM   Printer-friendly
from the slapp-me-again,-I-like-it dept.

http://www.theregister.co.uk/2018/02/08/bruce_perens_grsecurity_anti_slapp/
http://perens.com/2018/02/08/bruce-perens-seeks-mandatory-award-of-legal-fees-for-his-defense-in-open-source-security-inc-and-bradley-spengler-v-bruce-perens/

Having defeated a defamation claim for speculating that using Grsecurity's Linux kernel hardening code may expose you to legal risk under the terms of the GPLv2 license, Bruce Perens is back in court.

This time, he's demanding Bradley Spengler – who runs Open Source Security Inc and develops Grsecurity – foots his hefty legal bills, after Spengler failed to successfully sue Perens for libel.

Perens, a noted figure in the open source community, and his legal team from O'Melveny & Myers LLP – as they previously told The Register – want to be awarded attorneys' fees under California's anti-SLAPP statute, a law designed to deter litigation that aims to suppress lawful speech.

That deterrence takes the form of presenting unsuccessful litigants with the bill for the cost of defending against meritless claims.

"Plaintiffs Open Source Security, Inc. and Bradley Spengler sued Defendant Bruce Perens to bully him from expressing his opinions that Plaintiffs' business practices violate Open Source licensing conditions and to discourage others from expressing the same opinions," Perens' latest filing, submitted to a US district court in San Francisco today, declared.

"Rather than allowing the public to judge Plaintiffs' contrary opinions through public debate, Plaintiffs tried to 'win' the argument on this unsettled legal issue by suing him."

[...]

Perens is asking for $667,665.25 in fees, which covers 833.9 hours expended on the litigation by numerous attorneys and a $188,687.75 success fee agreed upon to allow Perens to retain representation he might not otherwise have been able to afford.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Informative) by Anonymous Coward on Saturday February 10 2018, @01:19PM (15 children)

    by Anonymous Coward on Saturday February 10 2018, @01:19PM (#635993)

    >""" Their attempt to dodge this was by saying that their customers were paying for a subscription service which provided them with patches.
    >They were at liberty to distribute the patches if they wanted to, but doing so would terminate their subscription. This meant that they weren't
    >technically violating the GPL - people didn't give up any of the rights that the GPL gave them. If they exercised them then they would retain the
    >rights to all of the GrSecurity patches that they'd received already, they just wouldn't get any more. """

    Incorrect. The GPLv2 forbids the imposition of additional terms. GRSecurity imposed an additional term. No you cannot be "cute" by placing the additional term in a separate writing, verbal agreement, or course of doing business: it is an additional term no-matter how you memorialize it (or even if you choose not to memorialize it).

    The act of adding an additional term in-and-of-itself is a violation of the license grant.

    Starting Score:    0  points
    Moderation   +2  
       Interesting=1, Informative=1, Total=2
    Extra 'Informative' Modifier   0  

    Total Score:   2  
  • (Score: 3, Interesting) by requerdanos on Saturday February 10 2018, @02:36PM (5 children)

    by requerdanos (5997) Subscriber Badge on Saturday February 10 2018, @02:36PM (#636005) Journal

    They were at liberty to distribute the patches if they wanted to, but doing so would terminate their subscription. This meant that they weren't technically violating the GPL

    Incorrect. The GPLv2 forbids the imposition of additional terms. GRSecurity imposed an additional term. No you cannot be "cute" by placing the additional term in a separate writing, verbal agreement, or course of doing business: it is an additional term no-matter how you memorialize it (or even if you choose not to memorialize it).

    This is perhaps the best explanation I've read so far about why the "Dude even though they are violating, they totally are not, man, they violate the license in the next paragraph so it doesn't count!" folks are not correct wrt the GPL. Such statements may be in "modern presidential" style, but license violations count as license violations.

    Additional terms? You're in violation of the GPL.

    GRSecurity's strategy? Additional terms (a specific penalty if you exercise specific rights under the GPL).

    GRSecurity's PR? Yeah, there are additional terms, but after we penalized you, you still did something allowed under the GPL so we're totally not violating it and besides we'll sue you.

    [GP:] The problem for GrSecurity was that most people didn't think that this was a good deal

    The problem for GRSecurity is that their clever violate-the-GPL-and-say-we-aren't scheme was revealed in a very public way.

    • (Score: 0) by Anonymous Coward on Saturday February 10 2018, @03:58PM (2 children)

      by Anonymous Coward on Saturday February 10 2018, @03:58PM (#636024)

      >The problem for GRSecurity is that their clever violate-the-GPL-and-say-we-aren't scheme was revealed in a very public way.

      By who? Who was complaining about it so much that Perens had to chome in (yes, chome in, a stronger form of chime. like chime but with BASS)

      • (Score: 2) by requerdanos on Saturday February 10 2018, @05:12PM (1 child)

        by requerdanos (5997) Subscriber Badge on Saturday February 10 2018, @05:12PM (#636059) Journal

        By who?

        You seem to be a dozen or so messages into this rant about your friend, why don't you just go marry him? Maybe you two at least get a room? Leave us out of it?

        Sure, there are a couple here yapping that GRSecurity does no wrong because their violation is wearing attractive clothing, but by and large, this discussion is being held among a group of people who respect the GPL, and recognize its violations regardless of who's pointing them out.

        If there were people who criticized your friend, and they were *wrong* on the *internet*, then I am sorry for the hurt feelings you've suffered, but we don't control that here. Get therapy or make a meme or something constructive.

        Wanting to marry children, goats, space aliens, or rock outcroppings are not mainstream positions, acknowledged, but someone who holds such a position and also notices a GPL violation has in the end noticed a GPL violation, and the GPL violation is the noteworthy bit in the context of software (as opposed to "marriage flexibility") freedom. Among different surroundings, it might be different.

        I guess what I am trying to say is "My! That's interesting. Run along, now."

        • (Score: 0) by Anonymous Coward on Monday February 12 2018, @08:38AM

          by Anonymous Coward on Monday February 12 2018, @08:38AM (#636611)

          Before Bruce Perens published his article, everyone was saying MikeeUSA's analysis was wrong.
          You might notice that Bruce Perens article has the same rhyme and meter, in places, as MikeeUSA's emails to Bruce Perens (which can be seen on the public debian mailing lists) on the issue from a week prior to the publication.

          Only after Bruce Perens published the points MikeeUSA made did anyone* in the opensource community acknowledge it's correctness.
          Most laughed at MikeeUSA claiming he was neither a programmer nor a lawyer, and then repeated their own argument about since the additional term is not penned into the very text of the GPL file all is kosher.
          They also said that no one who likes cute young girls and accepts (Devarim chapter 22, verse 28, hebrew) child marriage of girls as fine, could ever have the mental capacity to be a programmer or attorney.

          *Other than other lawyers.

    • (Score: 0) by Anonymous Coward on Monday February 12 2018, @08:48AM

      by Anonymous Coward on Monday February 12 2018, @08:48AM (#636613)

      It would be nice if a linux kernel rights holder would sue GRSecurity and Brad Spengler for the copyright violation.
      Brad Spengler already attacked one of the old original FOSS luminaries (A set which includes: RMS, ESR, Bruce Perens, Prof. E. Moglen).
      Is not turnabout fair play?

    • (Score: 0) by Anonymous Coward on Monday February 12 2018, @08:50AM

      by Anonymous Coward on Monday February 12 2018, @08:50AM (#636614)

      "The problem for GRSecurity is that their clever violate-the-GPL-and-say-we-aren't scheme was revealed in a very public way."

      Who campaigned for this to be revealed?

  • (Score: 3, Interesting) by TheRaven on Saturday February 10 2018, @05:52PM (8 children)

    by TheRaven (270) on Saturday February 10 2018, @05:52PM (#636074) Journal
    They weren't imposing additional terms to the code that you received under the GPL. You were free to take their patches and use them under the terms of the GPL. If you did distribute them, then nothing happened to your rights to the code that you had already received under the terms of the GPL. You retained the rights granted to you under the GPL, you retained the obligations that the GPL placed you under, and no others applied. You just wouldn't be given any more code under the terms of the GPL by GrSecurity.

    The extra terms were not related to the code that you received under the GPL. They only applied to code that you had not yet received, and as soon as you did receive the code then the only terms that applied to that patch set were those present in the GPL.

    I am completely free, under the GPL, to give you code for free and charge you for bug fixes or new features. That is something that Stallman not only accepts, but actively encourages and is inherent to the business model of companies like Red Hat. Similarly, if you don't want to pay me for fixes or features then you are free to ask someone else to implement them instead. I am free to impose any terms that I like in the contract that I agree with you for writing new code, because that's independent of the license under which I give you the code. At any point, either of us may terminate the agreement under which I provide you with new code. You still retain the rights that I have granted to you for existing code.

    --
    sudo mod me up
    • (Score: 0) by Anonymous Coward on Sunday February 11 2018, @11:32PM (7 children)

      by Anonymous Coward on Sunday February 11 2018, @11:32PM (#636489)

      this is the correct analysis. i don't think it needed to come to this, though. i think grsecurity could have came up with a donation/business model that worked instead of being lazy about it then getting mad at people for not just donating blindly until some unknown threshold of financial appreciation had been reached. this is what happens when programmers do the business, the PR and the marketing, i guess.

      • (Score: 0) by Anonymous Coward on Monday February 12 2018, @08:27AM (6 children)

        by Anonymous Coward on Monday February 12 2018, @08:27AM (#636609)

        No it is not. And yes, I am a lawyer.

        The license agreement is not between the distributor and the code, nor the distributee and the code, nor the licensee and the code.
        The license agreement is between the licensee and the licensor, and the licensor and the distributee (and the licensor and the distributee).

        The license forbids the addition of any additional terms be imposed upon the relationship between the licensee and the further distributee regarding their relationship arising around the licensed article (the code).
        GRSecurity no only imposes a no-distribution term upon said relationship (a relationship only existing in relation to the licensed article (the code)), it threatens the distributee with a penalty if the distributee violates the additional no-distribution term.

        Yes. GRSecurity is violating the license grant by adding an additional term to the agreement between the parties (between itself and the further distributes).

        • (Score: 0) by Anonymous Coward on Monday February 12 2018, @08:29AM (5 children)

          by Anonymous Coward on Monday February 12 2018, @08:29AM (#636610)

          *not only

          No it is not. And yes, I am a lawyer.

          The license agreement is not between the distributor and the code, nor the distributee and the code, nor the licensee and the code.
          The license agreement is between the licensee and the licensor, and the licensor and the distributee (and the licensor and the distributee).

          The license forbids the addition of any additional terms be imposed upon the relationship between the licensee and the further distributee regarding their relationship arising around the licensed article (the code).
          *GRSecurity not only imposes a no-distribution term upon said relationship (a relationship only existing in relation to the licensed article (the code)), it threatens the distributee with a penalty if the distributee violates the additional no-distribution term.

          Yes. GRSecurity is violating the license grant by adding an additional term to the agreement between the parties (between itself and the further distributes).

          • (Score: 2) by TheRaven on Monday February 12 2018, @11:03AM (4 children)

            by TheRaven (270) on Monday February 12 2018, @11:03AM (#636630) Journal
            If you were a lawyer, then you would know that you shouldn't be giving legal advice to someone who is not your client, though perhaps that's why you are anonymous. You would also know that the GPL doesn't prohibit adding extra terms, it requires that the recipient receives the same rights that you receive, which is not quite the same thing. The recipient does receive the same rights to the Linux kernel + GrSecurity that GrSecurity receives to the Linux kernel. They are also granted an extra right to future work by GrSecurity in exchange for a consideration (money and a promise not to distribute the GrSecurity code).
            --
            sudo mod me up
            • (Score: 0) by Anonymous Coward on Tuesday February 13 2018, @01:16PM (3 children)

              by Anonymous Coward on Tuesday February 13 2018, @01:16PM (#637088)

              >You would also know that the GPL doesn't prohibit adding extra terms, it requires that the recipient receives the same rights that you receive, which is not quite the same thing.

              From section 6:
              "You may not impose any further
              restrictions on the recipients' exercise of the rights granted herein."

              The text of the grant disagrees. You may not impose any further restrictions...
              IE: No additional terms.

              GrSecurity requires distributees to agree to it's no-distribution restriction, in writing.

              (Also note:)
              (4. You may not copy, modify, sublicense, or distribute the Program
              except as expressly provided under this License. )

              >If you were a lawyer, then you would know that you shouldn't be giving legal advice to someone who is not your client, though perhaps that's why you are anonymous.
              Trying to threaten me because you don't like what I say?
              I am a lawyer. I am a programmer. Deny it all you want.
              Who do you think induced the action you see occuring?
              Why do you think said arguments were accepted?
              Is it because "I'm not a lawyer" and "don't know what I'm talking about" or is it because I am an attorney and I do know what I'm talking about?

              >If you were a lawyer, then you would know
              Sometimes one must act for the greater good. Sometimes one must inform lay-people of their legal rights... so that they may know that they have them in the first place.

              ----
              " 4. You may not copy, modify, sublicense, or distribute the Program
              except as expressly provided under this License. Any attempt
              otherwise to copy, modify, sublicense or distribute the Program is
              void, and will automatically terminate your rights under this License.
              However, parties who have received copies, or rights, from you under
              this License will not have their licenses terminated so long as such
              parties remain in full compliance."

              " 6. Each time you redistribute the Program (or any work based on the
              Program), the recipient automatically receives a license from the
              original licensor to copy, distribute or modify the Program subject to
              these terms and conditions. You may not impose any further
              restrictions on the recipients' exercise of the rights granted herein.
              You are not responsible for enforcing compliance by third parties to
              this License."

              • (Score: 2) by TheRaven on Tuesday February 13 2018, @02:13PM (2 children)

                by TheRaven (270) on Tuesday February 13 2018, @02:13PM (#637107) Journal

                You would also know that the GPL doesn't prohibit adding extra terms, it requires that the recipient receives the same rights that you receive, which is not quite the same thing.

                From section 6: "You may not impose any further restrictions on the recipients' exercise of the rights granted herein." The text of the grant disagrees. You may not impose any further restrictions... IE: No additional terms.

                No, it says exactly what I said. You may not restrict their rights, but that's not what GrSecurity is doing. As the recipient of their patches, you are free to exercise the terms of the GPL. If you do so, then they will no longer sell you future versions of their code, but you retain all of the the rights granted to you by the GPL to the code that you have received.

                " 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance."

                Again, this does not contradict what GrSecurity was doing. They gave you the code under the GPL, you are free to exercise the rights under the GPL. They also have a contract with you to give you new versions of the code. If you distribute the code, then they will not give you future versions. This kind of thing isn't even unusual in contract law: here are a set of terms that you may exercise at any time, if you exercise the terms in contract A then we reserve the right to terminate contract B.

                --
                sudo mod me up
                • (Score: 0) by Anonymous Coward on Tuesday February 13 2018, @02:59PM

                  by Anonymous Coward on Tuesday February 13 2018, @02:59PM (#637120)

                  Stick to code, kid.

                  GPLv2 forbids additional terms added to the agreement between the licencee and those to whom the licensee distributes the work (or derivative work). (distributees)
                  Terms can be memorialized or not. They can be verbal, be evinced by a course of business dealings, or be in a writing.
                  Here the additional terms added to the agreement were in a writing (they are memorialized).

                  You, a programmer, believe that the paper that the GPL v2 is printed on is "the agreement" (or the file in which the text of the GPL v2 resides). This shows your inadequacy in dealing with even slightly abstract topics.

                  Stick to code. Nothing personal.

                • (Score: 0) by Anonymous Coward on Tuesday February 13 2018, @03:05PM

                  by Anonymous Coward on Tuesday February 13 2018, @03:05PM (#637123)

                  Incorrect. The GPLv2 forbids the imposition of additional restrictive terms. GRSecurity imposed an additional restrictive term. No you cannot be "cute" by placing the additional term in a separate writing, verbal agreement, or course of doing business: it is an additional term no-matter how you memorialize it (or even if you choose not to memorialize it).
                  And yes: IAAL.

                  "You may not restrict their rights, but that's not what GrSecurity is doing."
                  Yes it is. GrSecurity is assessing a penalty for the exercise of a explicitly permitted action. It is a restriction and a violation of the license grant.
                  Argue all you want. You are not a lawyer. I am. You are simply wrong.