Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Monday September 07 2015, @08:31AM   Printer-friendly
from the the-GPL-is-open-to-interpretation dept.

Grsecurity® is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening that generally require no configuration. It has been actively developed and maintained for the past 14 years. Commercial support for grsecurity is available through Open Source Security, Inc.

In a big red block at the top of their home page is the following warning:

Important Notice Regarding Public Availability of Stable Patches
Due to continued violations by several companies in the embedded industry of grsecurity®'s trademark and registered copyrights, effective September 9th 2015 stable patches of grsecurity will be permanently unavailable to the general public. For more information, read the full announcement.

And I thought GRSecurity was based on the GPL'd work called "Linux". Guess I was wrong.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Interesting) by stormreaver on Monday September 07 2015, @11:31AM

    by stormreaver (5101) on Monday September 07 2015, @11:31AM (#233229)

    ...so I'll take any argument stating GPL can be commercial "if this or that" with a big ass grain of salt.

    I distribute some of my commercial products under the GPL, and it has not been a problem. My customers pay me to create a product, some of which was written using GPL'd components, for their internal use. I give them the complete source code under the GPL, and tell them of their rights and responsibilities. The clincher that makes this not a problem for them is that they don't have to share the source with anyone as long as they don't redistribute the software outside of their own company. Since that's something they won't do anyway, it's a non-issue. They come back to me for any and all improvements and bug fixes.

    Starting Score:    1  point
    Moderation   +2  
       Interesting=2, Total=2
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 2) by jimshatt on Monday September 07 2015, @12:01PM

    by jimshatt (978) on Monday September 07 2015, @12:01PM (#233244) Journal
    This works very well for custom-made software, and I don't think anyone has a problem with that model (I suppose that this was one of the main scenarios RMS and the FSF had in mind). For more generic software this model is a little harder to rationalize since there is incentive to share (opening up to the advantages of Open Source: many eyeballs and the likes).
  • (Score: 2) by JoeMerchant on Monday September 07 2015, @08:56PM

    by JoeMerchant (3937) on Monday September 07 2015, @08:56PM (#233428)

    Not saying anyone will ever make you change, but I think if you read the GPL carefully you will find that it demands that you make your modifications and improvements generally available - including to the original authors your work is based upon.

    Thing is, since they will never know that you have made these mods, the clause is basically un-enforceable, unless you go bragging about it on an internet forum or something.

    --
    🌻🌻 [google.com]
    • (Score: 0) by Anonymous Coward on Monday September 07 2015, @10:47PM

      by Anonymous Coward on Monday September 07 2015, @10:47PM (#233489)

      Could you explain that clause and how it works out.

      Because that is exactly what the grsecurity person has announced he is doing.

      Everyone is swearing this is A-OK.

    • (Score: 2) by stormreaver on Tuesday September 08 2015, @02:44AM

      by stormreaver (5101) on Tuesday September 08 2015, @02:44AM (#233583)

      Not saying anyone will ever make you change, but I think if you read the GPL carefully you will find that it demands that you make your modifications and improvements generally available....

      The GPL requires sources to be made available under any one of three circumstances, at my option. The one I choose under this model is the first one: providing full source code along with the compiled binary. At this point, my GPL obligations are fulfilled. I am under no obligation to provide sources to any one else.

      What you are probably referring to is option number 2: providing the binary, but not providing the sources. This option requires the sources to be made available to anyone who asks for them.

      • (Score: 2) by JoeMerchant on Tuesday September 08 2015, @03:24AM

        by JoeMerchant (3937) on Tuesday September 08 2015, @03:24AM (#233598)

        "Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying."

        Seems on its face to apply to all source, might not be requiring public availability... Their FAQ backs you up:

        Does the GPL require that source code of modified versions be posted to the public? (#GPLRequireSourcePostedPublic)

        The GPL does not require you to release your modified version, or any part of it. You are free to make modifications and use them privately, without ever releasing them. This applies to organizations (including companies), too; an organization can make a modified version and use it internally without ever releasing it outside the organization.

        But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the program's users, under the GPL.

        ---------------

        I'm used to distributing my products to multiple end users, effectively the public... it is different if you have a closed-end user base.

        --
        🌻🌻 [google.com]
        • (Score: 1) by cloud.pt on Tuesday September 08 2015, @11:34AM

          by cloud.pt (5516) on Tuesday September 08 2015, @11:34AM (#233715)

          @stormreaver JoeMerchant makes a good point: "But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the program's users, under the GPL."

          This seems pretty clear to me - commercial poison. Poison is a strong, pejorative word but I just want to state the fact it poisons your code. I'd say more, it's a form of distributed code virus, because whenever you stop using it privately, it stops being: 1. Private and 2. closed-source. Those are the rules, they're pretty clear.

          But let's focus on GRSecurity's use case: do they use it solely privately? It depends on your point of view (and that's what they're playing with). To me, since they provide it to different organizations with different missions as their own, I'd say it's pretty clear the use case stopped being "internal". But others (like GRSEcurity itself) are arguing their group of customers, together with GRSEcurity itself form a closed group which is the sole private "user" of the software, in it's "internal" fashion, it just so happens to involve a "binary/working code for money" exchange.

          You could also argue that a service provider (i.e. an employee) working internally for a single company, who uses GPL for an internal project, is also providing his own (originated out of his creativity) code for external use. I believe this is a flaw of GPL and should be clarified/modified under it's raison d'être for a next version - what is private? Is it for a single, indisputable purpose, or for a catch-all purpose of an organization?

          • (Score: 2) by stormreaver on Tuesday September 08 2015, @01:56PM

            by stormreaver (5101) on Tuesday September 08 2015, @01:56PM (#233771)

            @stormreaver JoeMerchant makes a good point: "But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the program's users, under the GPL."

            JoeMerchant has misread and misapplied the GPLv3. See my previous reply.

        • (Score: 2) by stormreaver on Tuesday September 08 2015, @01:53PM

          by stormreaver (5101) on Tuesday September 08 2015, @01:53PM (#233769)

          Seems on its face to apply to all source....

          Your quote is out of context. The section you quoted is describing how the source code must be provided to those who are eligible to receive it.

          Even if my product were GPLv3, which it isn't (it's GPLv2 only), that wouldn't change anything: under the correct circumstances, the GPL is a great tool for bringing a commercial product to market quickly. The whole point of my reply is to counter the misconception that the GPL is never usable for commercial software. It has its place and its uses for that purpose, if used correctly.

          • (Score: 0) by Anonymous Coward on Tuesday September 08 2015, @02:20PM

            by Anonymous Coward on Tuesday September 08 2015, @02:20PM (#233782)

            GPLv2 doesn't even have a no-revocation clause. Licenses are revokable at will. The only hope for a non-revokable GPLv2 is that it is somehow a contract (where the parties have never met and there seems to be no consideration on atleast one side of the "agreement"....)... in-which case since its not fully-integrated extrinsic evidince can be brought in to show that, no, the rights-holders never intended derivative works to be able to be closed.

            GPLv3 was published for a reason

      • (Score: 2) by stormreaver on Tuesday September 08 2015, @01:35PM

        by stormreaver (5101) on Tuesday September 08 2015, @01:35PM (#233762)

        I'm reposting this because I didn't end the quote correctly. Here is what it should have been:

        Not saying anyone will ever make you change, but I think if you read the GPL carefully you will find that it demands that you make your modifications and improvements generally available....

        The GPL requires sources to be made available under any one of three circumstances, at my option. The one I choose under this model is the first one: providing full source code along with the compiled binary. At this point, my GPL obligations are fulfilled. I am under no obligation to provide sources to any one else.

        What you are probably referring to is option number 2: providing the binary, but not providing the sources. This option requires the sources to be made available to anyone who asks for them.