Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Sunday February 16 2020, @02:22PM   Printer-friendly
from the no-way-out dept.

https://www.itwire.com/open-source/linux-kernel-patch-maker-says-court-case-was-only-way-out.html

The head of security firm Open Source Security, Brad Spengler, says he had little option but to file a lawsuit against open source advocate Bruce Perens, who alleged back in 2017 that security patches issued for the Linux kernel by OSS violated the licence under which the kernel is distributed.

The case ended last week with Perens coming out on the right side of things; after some back and forth, a court doubled down on its earlier decision that OSS must pay Perens' legal costs as awarded in June 2018.

The remainder of the article is an interview with Brad Spengler about the case and the issue.

iTWire contacted Spengler soon after the case ended, as he had promised to speak at length about the issue once all legal issues were done and dusted. Queries submitted by iTWire along with Spengler's answers in full are given below:

Previously:
Court Orders Payment of $259,900.50 to Bruce Perens' Attorneys


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Immerman on Monday February 17 2020, @04:23PM (8 children)

    by Immerman (3985) on Monday February 17 2020, @04:23PM (#959197)

    Except that they *aren't* adding any extra terms and conditions to the license - they give you the code, you can do whatever you want with it (within the terms of the GPL). But if you redistribute, you terminate your contract with GRSecurity and they don't give you any future updates.

    Their contract puts no limitations on what you can do with the code they distribute, unless you want to maintain your business relationship with them. And the GPL says nothing about guaranteeing continued access to future updates from the original source, so they are almost certainly within the letter of the law - despite clearly violating the spirit. And one of the downsides of having a legal system rather than a justice system, is that the letter of the law is generally all that matters.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 1) by khallow on Monday February 17 2020, @06:06PM (7 children)

    by khallow (3766) Subscriber Badge on Monday February 17 2020, @06:06PM (#959230) Journal

    But if you redistribute, you terminate your contract with GRSecurity and they don't give you any future updates.

    Which again doesn't terminate GRSecurity's obligations under the GPL 2.0 license [opensource.org].

    And the GPL says nothing about guaranteeing continued access to future updates from the original source

    Look at section 5 and 7. It says nothing about your "guaranteeing", but it does say that if you for whatever reason don't comply with the requirements of the GPL, then you lose the right to use, modify, or distribute the code. That would include distributing those patches.

    5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.

    [...]

    7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.

    • (Score: 2) by Immerman on Monday February 17 2020, @08:38PM (6 children)

      by Immerman (3985) on Monday February 17 2020, @08:38PM (#959271)

      But (it sounds like) they *aren't* putting any other restrictions on redistributing the code - that's the point. They give you the code under the GPL, and freely acknowledge that you can redistribute it under the same terms. Nothing in their contract limits that in any way.

      Basically, there's nothing stopping someone from entering into a GRSecurity contract, getting the code, and immediately sharing that code with the world. The code itself is completely free of any non-GPL requirements, and neither you, nor anyone downstream, will face any legal difficulties for doing so, as GRSecurity freely acknowledges your rights to do so.

      Doing so terminates your contract with GRSecurity - but that's an independent business agreement, and in no way impairs your rights with respect to the GPLed code that they have already provided you.

      If the contract with GRSecurity obligated you to not redistribute the code they provide, or imposed any other license limitations, then that would be a clear violation of the GPL - but it doesn't. You're free to redistribute their GPLed code - you just voluntarily terminate your contract in the process so that you won't get any future software from them. And nothing in the GPL explicitly states that other, unrelated (future performance) business agreements can't depend on your actions with GPLed code. Nothing in the GPL obligates them to continue doing business with you.

      I'm sure lawyers could argue interminably over the details, but that's the point - GRSecurity has found a slimy way to skirt the limits of the GPL so that they aren't in clear violation. The fact that they (presumably, since they're still in business) haven't been pressured or sued by any major Linux stakeholders would suggest that the stakeholders' lawyers agree that it wouldn't be a cut-and-dried case, but instead a potentially long and expensive trial with a murky outcome.

      • (Score: 0) by Anonymous Coward on Monday February 17 2020, @09:00PM

        by Anonymous Coward on Monday February 17 2020, @09:00PM (#959284)

        i don't even think it's slimy anymore. i probably did at one time. it's just a way to make sure you (OSS, in this case) aren't enabling your competitors. They are still getting Free Software and they can do what they want with it, but if they want to copy it and create their own competing company, you don't have to help them do it going forward. It's definitely an interesting option for commercial Free Software. People who think FOSS should be all volunteer won't like any of that though.

      • (Score: 1) by khallow on Monday February 17 2020, @09:53PM (4 children)

        by khallow (3766) Subscriber Badge on Monday February 17 2020, @09:53PM (#959309) Journal

        They give you the code under the GPL, and freely acknowledge that you can redistribute it under the same terms. Nothing in their contract limits that in any way.

        Except of course, they cut off the supply if they catch you doing it. Which is a limit, contrary to assertion.

        • (Score: 2) by Immerman on Monday February 17 2020, @10:09PM (3 children)

          by Immerman (3985) on Monday February 17 2020, @10:09PM (#959317)

          It is a limit, but it's NOT a limit on your rights under the GPL - just on your future business dealing with them, which aren't covered by the GPL

          • (Score: 1) by khallow on Monday February 17 2020, @10:37PM

            by khallow (3766) Subscriber Badge on Monday February 17 2020, @10:37PM (#959333) Journal

            but it's NOT a limit on your rights under the GPL

            But it is a limit on OSS's rights under the GPL.

          • (Score: 0) by Anonymous Coward on Tuesday February 18 2020, @07:02AM (1 child)

            by Anonymous Coward on Tuesday February 18 2020, @07:02AM (#959463)

            >It is a limit, but it's NOT a limit on your rights under the GPL - just on your future business dealing with them, which aren't covered by the GPL

            OSS is not allowed to proffer /any/, A_N_Y, additional terms OTHER than the GPL when distributing a derivative work of a GPL'd work. They are NOT allowed to make ANY "contract": they can ___ONLY___ give the terms of the GPL: that is IT.

            They have put forth the GPL AND additional terms. That is FORBIDDEN by the linux copyright holders under section 6 and 4 of the GPL.
            They do NOT have a license for linux kernel ANYMORE. That's RIGHT NOW.

            Get it through your FUCKING head you MORON.
            Linux Kernel is NOT their property. The Linux Kernel devs HAVE __BANNED__ certain business practices, regarding their Work. This is ONE of those banned practices.

            • (Score: 2) by Immerman on Tuesday February 18 2020, @03:29PM

              by Immerman (3985) on Tuesday February 18 2020, @03:29PM (#959540)

              >OSS is not allowed to proffer /any/, A_N_Y, additional terms OTHER than the GPL when distributing a derivative work of a GPL'd work.
              And they are not doing so - they're providing the source to their derivative patches under the GPL2.