Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Monday September 07 2015, @08:31AM   Printer-friendly
from the the-GPL-is-open-to-interpretation dept.

Grsecurity® is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening that generally require no configuration. It has been actively developed and maintained for the past 14 years. Commercial support for grsecurity is available through Open Source Security, Inc.

In a big red block at the top of their home page is the following warning:

Important Notice Regarding Public Availability of Stable Patches
Due to continued violations by several companies in the embedded industry of grsecurity®'s trademark and registered copyrights, effective September 9th 2015 stable patches of grsecurity will be permanently unavailable to the general public. For more information, read the full announcement.

And I thought GRSecurity was based on the GPL'd work called "Linux". Guess I was wrong.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Interesting) by Anonymous Coward on Monday September 07 2015, @09:22AM

    by Anonymous Coward on Monday September 07 2015, @09:22AM (#233201)

    based on the GPL'd work called "Linux". Guess I was wrong.

    You are wrong. Copyleft covers copying ONLY. The copyright holder retains all other rights, including the right to choose whether to distribute and to whom to distribute. The GPL clearly mandates that source be provided ONLY to recipients of binaries. If you do not buy binaries and you do not receive binaries, you have absolutely no right to receive sources.

    From TFA:

    Therefore, two weeks from now, we will cease the public dissemination of the stable series and will make it available to sponsors only.

    So, if you want patches, buy them from Grsecurity or negotiate to buy them from a sponsor. If you are lucky then someone might be willing to sell to you. But the GPL does NOT EVER guarantee you free shit for free, which is what you seem to want "because Linux."

    Starting Score:    0  points
    Moderation   +5  
       Insightful=1, Interesting=3, Informative=1, Total=5
    Extra 'Interesting' Modifier   0  

    Total Score:   5  
  • (Score: 3, Interesting) by Anonymous Coward on Monday September 07 2015, @09:41AM

    by Anonymous Coward on Monday September 07 2015, @09:41AM (#233203)

    Therefore, two weeks from now, we will cease the public dissemination of the stable series and will make it available to sponsors only.

    The GPL does NOT EVER guarantee you free shit for free, which is what you seem to want "because Linux."

    But the GPL does promise that you can do what you like with it, without any restriction other than preserving GPL terms. So, it only takes one person to subscribe to their "improvements", and publish them for everyone to use.

    Personally, I' take the view that if their "improvements" to the kernel were uncontroversially beneficial, they would have been absorbed into mainstream code already, so I'm not intending to use them.

    • (Score: -1, Flamebait) by Anonymous Coward on Monday September 07 2015, @09:52AM

      by Anonymous Coward on Monday September 07 2015, @09:52AM (#233204)

      But the GPL does promise that you can do what you like with it, without any restriction other than preserving GPL terms. So, it only takes one person to subscribe to their "improvements", and publish them for everyone to use.

      That's why the market value of Free Software is $0.00 and Linux users are smelly freetard neckbeards who beg on street corners.

      • (Score: 0) by Anonymous Coward on Monday September 07 2015, @10:51PM

        by Anonymous Coward on Monday September 07 2015, @10:51PM (#233493)

        beggars in IN make over 100k, AND they have neckbeards!

      • (Score: 0) by Anonymous Coward on Monday September 07 2015, @11:13PM

        by Anonymous Coward on Monday September 07 2015, @11:13PM (#233508)

        >That's why the market value of Free Software is $0.00 and Linux users are smelly freetard neckbeards who beg on street corners.
        They make a deal with a devil and then wish not to give him his due when it turns out that the deal was exactly as stated:
        We give you something for "free", you give us the best years of your lives.

    • (Score: 4, Insightful) by ThePhilips on Monday September 07 2015, @10:03AM

      by ThePhilips (5677) on Monday September 07 2015, @10:03AM (#233205)

      But the GPL does promise that you can do what you like with it, without any restriction other than preserving GPL terms. So, it only takes one person to subscribe to their "improvements", and publish them for everyone to use.

      Yes.

      But recall the whole RHEL vs CentOS debacle.

      RedHat sells lots of of GPLed components to the RHEL customers. And even though they are GPLed, you would rarely, if ever, find them for free download on the net.

      Personally, I' take the view that if their "improvements" to the kernel were uncontroversially beneficial, they would have been absorbed into mainstream code already, so I'm not intending to use them.

      That discussion is more than a decade old.

      GrSecurity patches (and similar) are very intrusive, and generally trade performance for a promise of higher security. It's not just couple of places patched or a loadable module a-la AppArmor or SELinux. They patch and change lots of code, including the very low-level routines, making the kernel as a whole harder to develop and maintain.

      OTOH, the security people also not very eager. The fame of merging it into the mainline would fade quickly. While by maintaining their own patchsets, they have something akin to a product, and an associated with it service to sell.

  • (Score: 0) by Anonymous Coward on Monday September 07 2015, @10:10AM

    by Anonymous Coward on Monday September 07 2015, @10:10AM (#233207)

    Also, the Linux=GPL snark is utterly irrelevant unless GRSecurity is being distributed as a binary without sources. Which it isn't. They're playing the game to the rules. They're pissed off by big guys who aren't.

    I know they can't name names, but would be interested in knowing who to sneer at.

  • (Score: 3, Informative) by stormreaver on Monday September 07 2015, @11:23AM

    by stormreaver (5101) on Monday September 07 2015, @11:23AM (#233226)

    Copyleft covers copying ONLY.

    Copyright, and therefore copyleft, covers copying, modification, and distribution.

    The GPL clearly mandates that source be provided ONLY to recipients of binaries. If you do not buy binaries and you do not receive binaries, you have absolutely no right to receive sources.

    Provided that GRSecurity distributes the entire kernel with their patches to its customers, there's no problem. There is a problem, though, if GRSecurity distributes only its patches to its customers without the rest of the kernel sources, or if GRSecurity tries to prohibit its paying customers from making the patches publicly available.

    • (Score: 0) by Anonymous Coward on Monday September 07 2015, @11:36AM

      by Anonymous Coward on Monday September 07 2015, @11:36AM (#233230)

      There's no problem with distributing patches alone without the rest of the kernel sources, as long as GRSecurity offers to provide the rest of the kernel sources to anyone who asks for them. And no, GRSecurity can't prohibit paying customers from making the patches publicly available, but they can jack up the price until customers don't want to give away for free something that they paid a lot of money for.

      • (Score: 0) by Anonymous Coward on Monday September 07 2015, @07:35PM

        by Anonymous Coward on Monday September 07 2015, @07:35PM (#233392)

        > but they can jack up the price until customers don't want to give away for free something that they paid a lot of money for.

        The presupposes that there is an actual set of prices at the intersection of "too expensive to give away" and "cheap enough to buy."
        I doubt it.

      • (Score: 0) by Anonymous Coward on Monday September 07 2015, @10:52PM

        by Anonymous Coward on Monday September 07 2015, @10:52PM (#233496)

        > And no, GRSecurity can't prohibit paying customers from making the patches publicly available, but they can jack up the price until customers don't want to give away for free something that they paid a lot of money for.

        Ever heard of "bad faith".

        No?

        Ever heard of "frustration of purpose"

        No?

        You seem to be forgetting the thousands of copyright holders who aren't spengler who own the work from which this patch is derived.

        Oh but you think there's no agreement between spengler and they now, don't you? Ok, so then there is just a bare license, not an irrevokable agreement between the linux copyright holders and spengler, and they can revoke that license. Is that what you want?

  • (Score: 0) by Anonymous Coward on Monday September 07 2015, @10:42PM

    by Anonymous Coward on Monday September 07 2015, @10:42PM (#233484)

    GRsecurity is a derivative work. Why that matters is discussed way below.

    Copyright allows you to restrict a work, what area of the law allows you to grant permission?
    Property and Contract law.

    The significance of this is discussed in other posts below.

    Suffice to say: either spengler's license to modify linux can be revoked at will (barring estoppel) if he has permission as a license (property law), or extrinsic evidence that bears on the agreement (such as the intention of the parties, usage in trade of terms, course of dealings, etc) can be brought in to discover the full effect of the agreement (remeber: no integration clause here) since we would be proceeding under contract law (which is what you want if you want what linux is licensed under to be irrevokable). We can discover if all X contributors to linux intended derivative works to be closed in this manner, what the usage in trade was of these terms, what the course of dealings were vis a vis spengler and the linux rightsholders up till this time. Etc. It all bears to what the actual agreement is (if there is any to begin with).

    If he has neither (another possibility), then his "grant" to modify the linux source code is just completely invalid from the start.

    And before you dismiss all this, please study the basis of the law onwhich you base you documents and agreements.
    Just because your techi friends repeat some dogma about OSS "license"s, doesn't mean they have a firm basis in law.

    Guess why it takes years to get a law degree.