https://www.itwire.com/open-source/linux-kernel-patch-maker-says-court-case-was-only-way-out.html
The head of security firm Open Source Security, Brad Spengler, says he had little option but to file a lawsuit against open source advocate Bruce Perens, who alleged back in 2017 that security patches issued for the Linux kernel by OSS violated the licence under which the kernel is distributed.
The case ended last week with Perens coming out on the right side of things; after some back and forth, a court doubled down on its earlier decision that OSS must pay Perens' legal costs as awarded in June 2018.
The remainder of the article is an interview with Brad Spengler about the case and the issue.
iTWire contacted Spengler soon after the case ended, as he had promised to speak at length about the issue once all legal issues were done and dusted. Queries submitted by iTWire along with Spengler's answers in full are given below:
Previously:
Court Orders Payment of $259,900.50 to Bruce Perens' Attorneys
(Score: 0) by Anonymous Coward on Monday February 17 2020, @11:06AM
Redhat vs OpenSourceSecurity:
>How is Brad's contract different than RedHat's?
He completely hides behind cost of bringing an enforcement suit against him (though most people don't know that and assume "no suit, must be legal"), he also relies on the ignorance people have regarding the RedHat(now IBM) situation:
1) RedHat owns much of the copyrightable material in the Linux Kernel. If another copyright owner sued them, there could be repercussions under a non-joint-work jurisprudence (current) (ie: RH might rescind the license to their work from plaintiff, plaintiff would then have to argue they couldn't do that: that plaintiff had paid RH some consideration, plaintiff would say their own work on the kernel was consideration for RH's licensing them their works, or plaintiff would perhaps try to show the kernel was a joint-work with them thus they can do with the joint-work as they please, etc)
1b) RedHat _could_ attempt to argue the kernel is a joint work (and if you're a copyright owner in a joint work you can license the whole as you wish to whom you wish) if push came to shove, and this would be a case of first impression here. I could see a court viewing online-collaborative-ongoing software projects as joint-works. This isn't the law now, but I could imagine that being a ruling. It might be difficult to argue against.
2) RedHat distributes ALL of it's changes as source, ITSELF, any restrictions regarding those contracted with RedHat seem moot in the eyes of the other copyright holders, since they and the public relieve all of these changes. Which is what they want from the Licensing decision they made regarding their Work, in earnest. With GrSecurity Brad Spengler is _successfully_ making sure NOONE gets the changes back to the copyright holders, or the public: and he does so via an in-writing direct violation of the Copyright License that the linux kernel copyright owners set their work(s) under.
It's quite different.
>Can you publicly post the OSS terms?
https://new.perens.com/wp-content/uploads/sites/4/2017/06/grsecstablepatchaccessagreement_additionalterms.pdf [perens.com]