from the to-hell-with-gpl dept.
Grsecurity is a patch for the Linux kernel which, it is claimed, improves its security. It is a derivative work of the Linux kernel which touches the kernel internals in many different places. It is inseparable from Linux and can not work without it. it would fail a fair-use test (obviously, ask offline if you don’t understand). Because of its strongly derivative nature of the kernel, it must be under the GPL version 2 license, or a license compatible with the GPL and with terms no more restrictive than the GPL. Earlier versions were distributed under GPL version 2.
Currently, Grsecurity is a commercial product and is distributed only to paying customers. My understanding from several reliable sources is that customers are verbally or otherwise warned that if they redistribute the Grsecurity patch, as would be their right under the GPL, that they will be assessed a penalty: they will no longer be allowed to be customers, and will not be granted access to any further versions of Grsecurity. GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition.
By operating under their policy of terminating customer relations upon distribution of their GPL-licensed software, Open Source Security Inc., the owner of Grsecurity, creates an expectation that the customer’s business will be damaged by losing access to support and later versions of the product, if that customer exercises their re-distribution right under the GPL license. This is tantamount to the addition of a term to the GPL prohibiting distribution or creating a penalty for distribution. GPL section 6 specifically prohibits any addition of terms. Thus, the GPL license, which allows Grsecurity to create its derivative work of the Linux kernel, terminates, and the copyright of the Linux Kernel is infringed. The contract from the Linux kernel developers to both Grsecurity and the customer which is inherent in the GPL is breached.
Bruce Perens has a blog post on his site stating that the court has ordered Open Source Security, Inc. and Bradley Spengler to pay $259,900.50 to his attorneys. At issue was Bruce getting sued for pointing out that Grsecurity and their customers are involved in contributory infringement and breach of contract by deploying their product in conjunction with the Linux kernel under the no-redistribution policy employed by Grsecurity.
The court has ordered Open Source Security, Inc, and Bradley Spengler to pay $259,900.50 in legal fees to my attorneys, O’Melveny and Meyers. The court awarded about half what we asked for, courts usually do reduce awards. There is no new comment at this time, but please see my comment upon asking for the award of legal fees.
Here are all of the case documents.
Earlier on SN:
Bruce Perens Wants to Anti-SLAPP GRSecurity's Brad Spengler With $670,000 in Legal Bills (2018)
Grsecurity's Defamation Suit Against Bruce Perens Dismissed (2017)
Bruce Perens Warns of Potential Contributory Infringement Risk for Grsecurity Customers (2017)
El Reg reports
Linux kernel security biz Grsecurity's defamation lawsuit against open-source stalwart Bruce Perens has been dismissed, although the door remains open for a revised claim.
In June, Perens opined in a blog post that advised companies to avoid Grsecurity's Linux kernel security patches because it might expose them to claims of contributory infringement under the Linux kernel license, GPLv2.
Grsecurity then accused Perens of fearmongering to harm the firm's business, and sued him in July.
On [December 21], the judge hearing the case, San Francisco magistrate judge Laurel Beeler, granted [Perens'] motion to dismiss the complaint while also denying--for now--his effort to invoke California's anti-SLAPP law.
SLAPP stands for Strategic Lawsuit Against Public Participation, and describes legal complaints aimed at silencing public discourse and free speech. In 1992, California passed its anti-SLAPP statute to provide a defense against such legal bullying. Many other states and countries have similar laws.
In addition, Beeler denied Grsecurity's motion for summary judgment, which amounts to asking the judge to agree that the facts are so clear a ruling can be rendered without a trial.
"The court holds that Mr Perens's [sic] statements are opinions that are not actionable libel, dismisses the complaint with leave to amend, denies the anti-SLAPP motion without prejudice, and denies the motion for summary judgment", Judge Beeler ruled.
The page links to another article where Torvalds' opinion (similar in nature to Perens', but more colorful, as usual) was discussed in June.
From The Register:
After three years of legal wrangling, the defamation lawsuit brought by Brad Spengler and his company Open Source Security (OSS) against open-source pioneer Bruce Perens has finally concluded.... Spengler and OSS sued Perens for a June 2017 blog post in which Perens ventured the opinion that grsecurity, Open Source Security's Linux kernel security enhancements, could expose customers to potential liability under the terms of the General Public License (GPL).
OSS says that customers who exercise their rights to redistribute its software under the GPL will no longer receive software updates – the biz wants to be paid for its work, a problem not really addressed by the GPL. Perens, the creator of the open-source definition, pointed out that section six of the GPLv2 prohibits modifications of the license terms.
In December 2017, San Francisco magistrate judge Laurel Beeler determined that Perens had expressed an opinion as allowed under American law and dismissed the defamation claim. Perens then sought to recoup legal expenses under California's Anti-Strategic Lawsuits Against Public Participation (SLAPP) statute, [and] a month later he was awarded more than $526,000 in damages.
Spengler and OSS then appealed, and managed to get the award reduced to about $260,000, but not overturned.... Perens gets nothing personally for his trouble, but his legal team will be paid. O'Melveny & Myers LLP will receive $262,303.62 for the district court litigation (fees and costs) and $2,210.36 for the appeal (costs) while the Electronic Frontier Foundation will be paid $34,474.35 (fees) and $1,011.67 (costs) for its role in the appeal.
- Linux Kernel Patch Maker Says Court Case Was Only Way Out
- Court Orders Payment of $259,900.50 to Bruce Perens' Attorneys
- Bruce Perens Wants to Anti-SLAPP GRSecurity's Brad Spengler With $670,000 in Legal Bills
- Grsecurity's Defamation Suit Against Bruce Perens Dismissed
- Linux Kernel Hardeners Grsecurity Sue Open Source's Bruce Perens
- Bruce Perens Warns of Potential Contributory Infringement Risk for Grsecurity Customers