SoylentNews is people
SoylentNews
from the the-GPL-is-open-to-interpretation dept.
Grsecurity® is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening that generally require no configuration. It has been actively developed and maintained for the past 14 years. Commercial support for grsecurity is available through Open Source Security, Inc.
In a big red block at the top of their home page is the following warning:
Important Notice Regarding Public Availability of Stable Patches
Due to continued violations by several companies in the embedded industry of grsecurity®'s trademark and registered copyrights, effective September 9th 2015 stable patches of grsecurity will be permanently unavailable to the general public. For more information, read the full announcement.
And I thought GRSecurity was based on the GPL'd work called "Linux". Guess I was wrong.
(Score: 2, Interesting) by Anonymous Coward on Monday September 07 2015, @03:27PM
Grsecurity is a 4MB patch of the linux kernel. For 14 years now Brad Spengler and "PaxTeam" have released
to the public a patch to the kernel that prevents buffer overflows, adds address space protection, adds
Access Control List functions, prevents various other security related errors (the programs are terminated
rather than allowed to write to protected memory or execute other flaws), aswell as various improvements
shell servers might find useful such as allowing a user to only see his own processes (unless he is in
a special group), and tracking the ipaddress associated with a particular process.
Now Brad Spengler has announced that there will be no more public distribution of the stable GRSecurity
patch of the linux kernel.
Some supporters of GRSecurity have claimed that GRSecurity is not even a derivative work of the linux kernel
and that Spengler may do whatever he wishes, including closing to code to all except those who pay him 200
dollars per month. Detractors contend that GRSecurity is a derivative work, and have noted that it is not likely that the thousands of linux code contributors intended that derivative works be closed in this manner. Detractors have also noted the differences between copyright grants and alienations based on property law and those based on contract law, and that the linux kernel is likely "licensed" under contract law and not "licensed" under property law (to use the term loosely), and that this has implications regarding the relevancy of the intentions of the parties. Detractors have also noted that the agreement is not likely to be deemed fully integrated. Supporters of GRSecurity have then claimed that the linux kernel's license (GPLv2) is just a "bare license". Detractors then noted that licenses (creatures of property law) can be rescinded by the licensor at-will (barring estoppel), and in that case any contributor to the Linux Kernel code could rescind Brad Spengler's permission to create derivative works of their code at will, and that the GRSecurity Supporters should hope that Linux (and the GPL) is "licensed" under a contract and not a bare license.
The whole situation stems from WindRiver, a subsidiary on Intel(R), mentioning that they use GRSecurity in their product. Brad Spengler wished for WindRiver to pay him a 200 dollars per month fee. Spengler then threatened to sue Intel under copyright law and trademark law. He, at that time, claimed that Intel was "violating the GPL" (a claim that has now been rescinded) and his trademark on the word "GRSecurity" (a claim which still stands but is currently not being pursued in court). Intel threatened to ask for legal cost reimbursement if Spengler brought this to court (Judges often reward this for spurious baseless claims to discourage excessive litigation).
It has been noted that Brad Spengler's copyright claim is more-or-less non-existent, and his trademark claim is very weak and near non-existent (thus the threat for reimbursement of fees). In trademark law one is barred from, within a field of endeavor, conflating another persons trademark with ones own product one created. Here WindRiver (a subsidiary of Intel(R)) simply noted that it used the grsecurity patch in it's product: It did not create a brand new piece of code and call that "GRSecurity": It simply used what Spengler provided.
In retaliation, Spengler has announced he is closing the stable grsecurity patch to all but those who pay him 200 dollars per month. (And notes that any other branch is not fit for human consumption)
--
More can be found at: grsecurity.org and http://grsecurity.net/announce.php [grsecurity.net]
The text of the announcement:
"Important Notice Regarding Public Availability of Stable Patches
Due to continued violations by several companies in the embedded industry of grsecurity®'s trademark and registered copyrights, effective September 9th 2015 stable patches of grsecurity will be permanently unavailable to the general public. For more information, read the full announcement."
(Score: 2) by hemocyanin on Monday September 07 2015, @03:58PM
Sounds like he missed a marketing opportunity. "You know [randomMovieStar] uses [randomProduct] -- now you can too!!"
(Score: 0) by Anonymous Coward on Monday September 07 2015, @10:30PM
Instead we get: . "You know [randomMovieStar] used [randomProduct] -- now no one can!"