from the the-GPL-is-open-to-interpretation dept.
Grsecurity® is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening that generally require no configuration. It has been actively developed and maintained for the past 14 years. Commercial support for grsecurity is available through Open Source Security, Inc.
In a big red block at the top of their home page is the following warning:
Important Notice Regarding Public Availability of Stable Patches
Due to continued violations by several companies in the embedded industry of grsecurity®'s trademark and registered copyrights, effective September 9th 2015 stable patches of grsecurity will be permanently unavailable to the general public. For more information, read the full announcement.
And I thought GRSecurity was based on the GPL'd work called "Linux". Guess I was wrong.
Translation (Score:5, Insightful)
"We don't like to be plagiarized, so we're not giving our stuff away anymore. It's to expensive to defend our trademark and copyright, so we're changing the rules of the game."
I kinda think these guys have an inflated sense of their own importance. Personally, I've never used their products. I guess I can probably survive the rest of my life without their product.
https://www.linuxcounter.net/cert/522398.png
Makes no sense (Score:2, Insightful)
They complained that a company took unstable code and called it "grsecurity" code (which it was). Now they are limiting access to the stable code, while leaving the unstable code available..
..so that exact situation can still happen. What.
Also:
> stable patches of grsecurity will be permanently unavailable to the general public
I'm sure the people who care about having access to the source code they are running the binaries of will take this gracefully.
Copyleft is NOT Public Domain (Score:5, Interesting)
based on the GPL'd work called "Linux". Guess I was wrong.
You are wrong. Copyleft covers copying ONLY. The copyright holder retains all other rights, including the right to choose whether to distribute and to whom to distribute. The GPL clearly mandates that source be provided ONLY to recipients of binaries. If you do not buy binaries and you do not receive binaries, you have absolutely no right to receive sources.
From TFA:
So, if you want patches, buy them from Grsecurity or negotiate to buy them from a sponsor. If you are lucky then someone might be willing to sell to you. But the GPL does NOT EVER guarantee you free shit for free, which is what you seem to want "because Linux."
Re:Copyleft is NOT Public Domain (Score:4, Insightful)
But the GPL does promise that you can do what you like with it, without any restriction other than preserving GPL terms. So, it only takes one person to subscribe to their "improvements", and publish them for everyone to use.
Yes.
But recall the whole RHEL vs CentOS debacle.
RedHat sells lots of of GPLed components to the RHEL customers. And even though they are GPLed, you would rarely, if ever, find them for free download on the net.
Personally, I' take the view that if their "improvements" to the kernel were uncontroversially beneficial, they would have been absorbed into mainstream code already, so I'm not intending to use them.
That discussion is more than a decade old.
GrSecurity patches (and similar) are very intrusive, and generally trade performance for a promise of higher security. It's not just couple of places patched or a loadable module a-la AppArmor or SELinux. They patch and change lots of code, including the very low-level routines, making the kernel as a whole harder to develop and maintain.
OTOH, the security people also not very eager. The fame of merging it into the mainline would fade quickly. While by maintaining their own patchsets, they have something akin to a product, and an associated with it service to sell.
Parent
How to un'GPL 101 (Score:1, Disagree)
Personally, I find the hypocrisy of this amusing: they just unGPL'd their Linux modifications arguing that other parties abused their own GPL license. I'm not super-duper-savvy about the inner workings of a GPL license, but the general feeling which I abide to has always been that GPL is commercial poison, thus I will never include such stuff in my professional endeavors (unless I'm working on FOSS software professionally, which I usually don't :/ ).
I believe that is exactly what the makers of GPL, the FSF, intended it for when specifically crafting it for the GNU Project, so I'll take any argument stating GPL can be commercial "if this or that" with a big ass grain of salt.
Re:How to un'GPL 101 (Score:4, Interesting)
...so I'll take any argument stating GPL can be commercial "if this or that" with a big ass grain of salt.
I distribute some of my commercial products under the GPL, and it has not been a problem. My customers pay me to create a product, some of which was written using GPL'd components, for their internal use. I give them the complete source code under the GPL, and tell them of their rights and responsibilities. The clincher that makes this not a problem for them is that they don't have to share the source with anyone as long as they don't redistribute the software outside of their own company. Since that's something they won't do anyway, it's a non-issue. They come back to me for any and all improvements and bug fixes.
Parent
Punishes everyone because of big corporation (Score:1)
What a way to punish a billion dollar corporation, take i out on the rest of the community, many common everyday users, who don't have anything to do with the billion dollar corporation. This action, if i am not mistaken, it appears will not have any effect on the big corporation, it mainly will hurt small individual users.
The rundown: (Score:2, Interesting)
Grsecurity is a 4MB patch of the linux kernel. For 14 years now Brad Spengler and "PaxTeam" have released
to the public a patch to the kernel that prevents buffer overflows, adds address space protection, adds
Access Control List functions, prevents various other security related errors (the programs are terminated
rather than allowed to write to protected memory or execute other flaws), aswell as various improvements
shell servers might find useful such as allowing a user to only see his own processes (unless he is in
a special group), and tracking the ipaddress associated with a particular process.
Now Brad Spengler has announced that there will be no more public distribution of the stable GRSecurity
patch of the linux kernel.
Some supporters of GRSecurity have claimed that GRSecurity is not even a derivative work of the linux kernel
and that Spengler may do whatever he wishes, including closing to code to all except those who pay him 200
dollars per month. Detractors contend that GRSecurity is a derivative work, and have noted that it is not likely that the thousands of linux code contributors intended that derivative works be closed in this manner. Detractors have also noted the differences between copyright grants and alienations based on property law and those based on contract law, and that the linux kernel is likely "licensed" under contract law and not "licensed" under property law (to use the term loosely), and that this has implications regarding the relevancy of the intentions of the parties. Detractors have also noted that the agreement is not likely to be deemed fully integrated. Supporters of GRSecurity have then claimed that the linux kernel's license (GPLv2) is just a "bare license". Detractors then noted that licenses (creatures of property law) can be rescinded by the licensor at-will (barring estoppel), and in that case any contributor to the Linux Kernel code could rescind Brad Spengler's permission to create derivative works of their code at will, and that the GRSecurity Supporters should hope that Linux (and the GPL) is "licensed" under a contract and not a bare license.
The whole situation stems from WindRiver, a subsidiary on Intel(R), mentioning that they use GRSecurity in their product. Brad Spengler wished for WindRiver to pay him a 200 dollars per month fee. Spengler then threatened to sue Intel under copyright law and trademark law. He, at that time, claimed that Intel was "violating the GPL" (a claim that has now been rescinded) and his trademark on the word "GRSecurity" (a claim which still stands but is currently not being pursued in court). Intel threatened to ask for legal cost reimbursement if Spengler brought this to court (Judges often reward this for spurious baseless claims to discourage excessive litigation).
It has been noted that Brad Spengler's copyright claim is more-or-less non-existent, and his trademark claim is very weak and near non-existent (thus the threat for reimbursement of fees). In trademark law one is barred from, within a field of endeavor, conflating another persons trademark with ones own product one created. Here WindRiver (a subsidiary of Intel(R)) simply noted that it used the grsecurity patch in it's product: It did not create a brand new piece of code and call that "GRSecurity": It simply used what Spengler provided.
In retaliation, Spengler has announced he is closing the stable grsecurity patch to all but those who pay him 200 dollars per month. (And notes that any other branch is not fit for human consumption)
--
More can be found at: grsecurity.org and http://grsecurity.net/announce.php [grsecurity.net]
The text of the announcement:
"Important Notice Regarding Public Availability of Stable Patches
Due to continued violations by several companies in the embedded industry of grsecurity®'s trademark and registered copyrights, effective September 9th 2015 stable patches of grsecurity will be permanently unavailable to the general public. For more information, read the full announcement."
Short rundown (Score:0)
Spengler announced he is closing grsecurity, he will only distribute to those who pay him 200 dollars per month
grsecurity is a derivative work of the linux kernel, which has 10000s of rights holders
Spengler only has permission to modify the linux kernel at the grace of those rights holders
either: through bare license (property law), or contract (contract law)
licenses can be revoked at any time by the rights holder, provided he is not estopped from doing so
thus a plaintiff, if linux is merely licensed (if the GPL and agreement is not a contract), can simply bar him and then seek statutory damages if he continues to create derivative works (100k+ per violation)
if the GPL and the agreement which allows Spengler to modify the copyrighted work is a contract, then we proceede under contract law
here first we look to if the document is fully integrated or not, the linux documentation, and the GPL makes no mention of this
but since the linux kernel is under GPL, it's ok to distribute copies of his work for a fee, as long as the source code is published isn't it?
He is not publishing the source code.
He is keeping it closed, except to people who pay 200 a month
since there is no integration clause we can likely bring in extrinsic evidence to show that the rights holders never intended that someone may close a derivative work as such
when a contract is not fully integrated, evidence to the intentions of the parties, their state of mind, usage in trade of terms, etc can be brought in, even if they contradict the written terms of the agreement.
Now, if the GPL is neither a license, and if it also does not satisfy the elements of a contract (perhaps there is no meeting of the minds, or more likely one party has not given anything up), then Spengler is simply violating copyright
A useful discussion and Further discussions: (Score:0)
http://oxwugzccvk3dk6tj.onion/tech/res/346860.html [oxwugzccvk3dk6tj.onion]
http://pipedot.org/pipe/K33M [pipedot.org]
11:01 -!- Irssi: Starting query in OFTC with secondparty
11:01 [secondparty] hello
11:01 [secondparty] I'm sorry I don't understand what is reproached to grsec team?
11:04 [Prty1] read the links
11:05 [Prty1] Spengler announced he is closing grsecurity, he will only distribute to those who pay him 200 dollars per month
11:05 [Prty1] grsecurity is a derivative work of the linux kernel, which has 10000s of rights holders
11:05 [Prty1] Spengler only has permission to modify the linux kernel at the grace of those rights holders
11:06 [Prty1] either: through bare license (property law), or contract (contract law)
11:06 [Prty1] licenses can be revoked at any time by the rights holder, provided he is not estopped from doing so
11:07 [Prty1] thus a plaintiff, if linux is merely licensed (if the GPL and agreement is not a contract), can simply bar him and then seek statutory damages if he continues to
create derivative works (100k+ per violation)
11:08 [Prty1] if the GPL and the agreement which allows Spengler to modify the copyrighted work is a contract, then we proceede under contract law
11:08 [Prty1] here first we look to if the document is fully integrated or not, the linux documentation, and the GPL makes no mention of this
11:09 [secondparty] but since the linux kernel is under GPL, it's ok to distribute copies of his work for a fee, as long as the source code is published isn't it?
11:11 [Prty1] He is not publishing the source code.
11:11 [Prty1] He is keeping it closed, except to people who pay 200 a month
11:11 [secondparty] oh I see
11:11 [Prty1] anyway
11:12 [Prty1] since there is no integration clause
11:12 [Prty1] we can likely bring in extrisic evidence to show that the rights holders never intended that someone may close a derivative work as such
11:13 [Prty1] when a contract is not fully integrated, evidence to the intentions of the parties, their state of mind, usage in trade of terms, etc can be brought in, even if
they contradict the written terms of the agreement.
11:14 [Prty1] Now, if the GPL is neither a license, and if it also does not satisfy the elements of a contract (perhaps there is no meeting of the minds, or more likely one
party has not given anything up), then Spengler is simply violating copyright
11:14 [secondparty] i see
11:14 [secondparty] I'm so sad :(
11:14 [Prty1] He, and all of free/opensource software, may very well be relying only on good will, which Spengler clearly is violated
11:15 [Prty1] secondparty try to get the message through to spengler, and ask him to change course. He may dismiss this as "trolling" but I've been through lawschool, graduated,
he has not.
11:17 [secondparty] I will
11:18 [secondparty] are you sure selling a patch for a GPL software without publishing source code is an infridgement to the GPL?
11:18 [secondparty] I mean he doesn't publish the linux kernel code along with his patches, just the patches themselves
11:19 [Prty1] secondparty the agreement, if one exists, may extend to more than the language within the document (GPL)
11:19 [Prty1] He is, if you will, "hanging on a technicality", and perhaps not the actual agreement between he and the parties
11:19 [Prty1] often this is known as "bad faith"
11:21 [Prty1] The FSF is not a party to this agreement, nor is the "GPL" (it is not the GPL that is being infringed against, it is the rights holders to the copyrighted work).
The GPL is a document adopted by the rightsholders to, in part, describe the relationship between the parties.
11:22 [secondparty] what kind of law school have you followed? Is it specialized in software, open source license etc?
11:23 [Prty1] secondparty the granting of permission to use a copyrighted work is based on either property law or contract law
11:24 [Prty1] Under property
Discussion of legal arguments with GRSec Supporter (Score:0)
-!- Irssi: Starting query in OFTC with ryao
23:14 [ryao] If you are an attorney, then here is some advice. Others in the channel know that the trademark case is weak. We just keep our
mouths shut.
23:15 [cylinder] I don't.
23:15 [cylinder] Because once you stop publishing grsec, I'm not on your side.
23:15 [ryao] How is that?
23:15 [cylinder] Linux is worthless without grsec.
23:16 [ryao] I don't understand how his mind works. I am not going to tell him what is right and wrong as he is smart enough to learn the
hard way.
23:16 [cylinder] (Atleast on the net)
23:16 [ryao] You cannot force him to provide you with patches.
23:16 [cylinder] If he learns the hard way he'll just quit grsec dev completely
23:17 [cylinder] He can be forced to stop working on derivative works of linux alltogether, even in his own home.
23:17 [ryao] Arguing in the channel isn't going to help.
23:17 [cylinder] If he doesn't have permission, then statutory damages apply.
23:17 [ryao] Ah, yeah. The GPL has a clause about something like that, but only if he violates it.
23:17 [ryao] Can you claim that he is in violation?
23:18 [cylinder] ryao is the GPL a fully integrated document?
23:18 [ryao] My understanding is yes.
23:18 [cylinder] It isn't
23:18 [ryao] Have you read it?
23:18 [cylinder] no integration clause.
23:18 [cylinder] yes
23:18 [cylinder] v2
23:18 [ryao] Okay. Maybe I do not understand what a fully integrated document is.
23:18 [cylinder] ryao in lay terms, the document claims it covers all bases of the agreement etc
23:19 [cylinder] you need an integration clause for that
23:19 [ryao] Okay. Then no.
23:19 [cylinder] also your contract then usually is about a book in length
23:20 [cylinder] ok, then we can bring in extrinsic evidence to define the terms of the agreement between the various rights holders to
linux, and spengler.
23:20 [cylinder] basically: filling in all that the document leaves out
23:20 [ryao] Hmm.. I don't see the clause I recall about revoking rights. Tha tmust be under something else.
23:20 [cylinder] (it can even be adverse to the written text of the document, at times)
23:21 [ryao] Quite frankly, I think Spengler's trademark case is weak because he failed to file for a trademark.
23:21 [cylinder] If the rightsholders did not intend for derivative works to beable to be closed in this case, and this can be shown, then
spengler is in violation of their copyright
23:21 [cylinder] and liable for statutory damages
23:21 [ryao] I also think he is upset mostly about the patches being integrated without proper updates to resolve issues.
23:22 [cylinder] now that is _IF_ the GPL is a contract
23:22 [cylinder] if it's just a license, any one of them can revoke spenglers permission at will
23:22 [ryao] My understanding is that you can make any derived works you want and do whatever you want with them provided that you do not
redistribute them.
23:22 [cylinder] (unless estopped)
23:22 [ryao] s/derived/derivative/
23:22 [cylinder] ryao yes I know, that's the lay interpretation.
23:22 [cylinder] and I'm telling you it's wrong.
23:22 [ryao] If he makes derivative works and attempts to attach additioanl terms, that is a problem.
23:23 [ryao] How is that wrong?
23:23 [cylinder] because you don't take into account the foundations of how one grants permission
23:23 [cylinder] Copyright restricts the right of others to copy or modify the work.
23:23 [cylinder] by what operation
Chat with a knowlegable person (Score:0)
20:51 -!- Channel #nottor created Mon Sep 15 22:59:50 2008
20:51 [ greg] We've been discussing locating plaintiffs to bring suit on the issue of Brad Spengler of GRSecurity once he closes his derivative work (with some new discussions):
20:51 [ greg] https://soylentnews.org/article.pl?sid=15/09/07/040206 [soylentnews.org] http://pipedot.org/pipe/KPRX [pipedot.org]
20:51 [ greg] http://oxwugzccvk3dk6tj.onion/tech/res/346860.html [oxwugzccvk3dk6tj.onion] http://pipedot.org/pipe/K33M [pipedot.org]
20:51 [ greg] If you've not been taught the law, don't try to debate the legal merits of the case and show yourself to be a lay fool, please.
20:51 [ virus] matt green from john hopkins unleashed his ph.d's students and himself and could not find an issue with crpyto
20:51 -!- Irssi: Join to #nottor was synced in 14 secs
20:51 [ coderman_] "bring suit on the issue of Brad Spengler of GRSecurity" ?
20:51 [ cacahuatl] Yeah, they were here yesterday flooding it
20:51 [ coderman_] is this like suing Theo under tort?
20:51 [ Wax] the khan academy lawyer is back
20:51 [ coderman_] :P
20:52 [ virus] lol
20:52 [ cacahuatl] They say that Linux contributers can sue him
20:52 [ virus] for?
20:52 [ cacahuatl] mumble mumble mumble
20:52 [ coderman_] Gee Pee Elll violashionz
20:52 [ greg] virus: read the links, the case is set out there.
20:53 [ cacahuatl] it's a case that doesn't improve anything
20:53 [ greg] the people here don't know the difference between a license and a contract.
20:53 [ virus] no seriously for what giving a shit about linux security when the kernel dev's themselves don't
20:53 [ cacahuatl] just for greedy law students to try and make money
20:53 [ greg] virus: Spengler has announced he is closing the stable patch.
20:53 [ coderman_] greg wants help grinding this axe
20:53 * coderman_ *sparks fly*
20:53 [ wgreenhouse] greg: I have been taught the law and think the case is without merit. The "contract theory of copyright" argument is blown apart by federal preemption; something that is adjudicated by a federal court as a copyright license stands or falls on that basis; you don't get to try it again as a state-law contract. Res judicata.
20:54 [ wgreenhouse] greg: also you have no damages yet, even hypothetical ones.
20:54 [ greg] if Linux is merely licensed, then any rightsholder can revoke it
20:54 [ virus] greg: i read that a week or so ago but it was because of lack of funds and the abuse of commercial interest with the product no?
20:54 [ greg] wgreenhouse: statutory damages.
20:54 [ ncl] I wonder why people keep taking him seriously when he's been spamming this for days
20:54 -!- tdruiva [~tdruiva@0SGAADOT8.tor-irc.dnsbl.oftc.net] has quit [Quit: Leaving]
20:54 [ coderman_] [greg] the truthiness of my agitation shall be leverage enough! bow to me, Mad Spender!
20:54 -!- tdruiva [~tdruiva@relay2.tor.maximilian-jacobsen.com] has joined #nottor
20:54 [ greg] wgreenhouse: Contract theory of copyright helps brad slightly, bare license is fine.
20:55 [ wgreenhouse] greg: None yet. You only have damages if requests for source are not honored; at the moment, and based on my reading of GRSec's "ultimatum," it looks like they'd simply direct you to the git repo.
20:55 [ wgreenhouse] which is a valid response to GPL requirement that source be available on request
20:55 [ greg] grsec is a derivative work.
20:55 [ wgreenhouse] it doesn't have to be made available in your preferred form, i.e. .patch files.
20:55 [ cacahuatl] Ask yourself: Who wants to see grsec fail?
20:55 [ greg] the stable patches are a derivative work.
20:55 [ cacahuatl] Then ponder on "greg"s motives :P
20:55 [ wgreenhouse] greg: I concede that. The question is if they are infringing derivative works. Right now, they are not.
20:55 [ greg] the git repo is another version of
Imagine (Score:0)
Imagine if someone claimed copyrightable works and the alienation thereof, had nothing to do with property law, and infact were not property, and they just kept banging on that.
You try to explain to them that there is realty, personal property, and intellectual property (copyrighted works specifically), and that you grant rights to these via license (under property law) or contract.
And that licenses are revokable at the will of the licensor.
And that v2 of the GPL does not have a no-revokation clause, so you really want to argue it's a contract (which it isn't...), otherwise spengler's permission to modify the linux kernel can be revoked at will by any plaintiff (linux kernel contributor).
Then the person you're talking to says "you can't copyright land", and just keeps repeating that and "hahaha".
#grsecurity
irc.oftc.net
Derivative works. (Score:0)
US 1976 Copyright Act
SS 304(c)(6)(A)
"A derivative work prepard under authority of the grant before its termination may continue to be utilizd under the trms of the grant after its termination, but this privledge does not extnd to th preparation after the termination of other derivative works based upon the copyrightd work covered by the terminated grant."
IE: Once the permission to modify linux is revoked, no furthur work on grsecurity may commence: it's over.
Response (Score:0)
Still not one legal counter argument presented! Just handwaves that even put in scare quotes the idea of revocation, something central and fundamental to the issuance of licenses in property law.
>So, again, your 'revocation' is fundamentally incompatible with the GPL. Nothing grsecurity is doing is violating the GPL, and your fantasy land 'revocation' would itself be a violation of the GPL.
"I, a lay techi faggot said so, and thus it is so, I don't need years of training in the law: I'm a genius, look at these square glasses!"
Why you're wrong has been stated above, you have yet to refute any of it with legal arguments. All you've done is cite press releases with no information, and a case that is not on-point at all (derrrr it be using duhh same lycennsue sooo derrrrrrr it must ddeeeuuuuuhhhhhh be speakin dUUUHHHH to eheheh dee same issueee EHHhhshsh) Yea, we get it, you're not a student of the law. You are just a lay piece of shit FUCK.
> 6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
The ability of a copyright holder to rescind a license is not a restriction on the recipient: it is a right, as of law, of the rights-holder. Secondly the You spoken of here is not the original copyright holder but the manufacturer of the derivative work or a intermediary recipient. A license is a grant from the rightsholder to others to use his property, this document is read as if the rightsholder was speaking it to you (or whomever the second party is). Basic stuff, obvious from the language.
As I said, no training in the law on your side, you're even citing things that do not help you at all since you do not understand their basis.
Sorry SJW piece of shit. You didn't go through law school, you don't even know the edges of the law, and you are wrong. You can believe the FSF all you want; they have an interest in hiding the truth. I'd be happy for your whole edifice to crumble as that would hurt you pro-women's rights, anti-marry-young-girls pieces of filth.
>I try not to put too much effort into arguing with the schizophrenic on anonymous imageboards, especially you MikeeUSA.
Not a legal argument you piece of shit. Not one. Just handwaves and insults. :)