from the opinions-are-like-noses:-everybody-has-one dept.
El Reg reports
Linux kernel security biz Grsecurity's defamation lawsuit against open-source stalwart Bruce Perens has been dismissed, although the door remains open for a revised claim.
In June, Perens opined in a blog post that advised companies to avoid Grsecurity's Linux kernel security patches because it might expose them to claims of contributory infringement under the Linux kernel license, GPLv2.
Grsecurity then accused Perens of fearmongering to harm the firm's business, and sued him in July.
On [December 21], the judge hearing the case, San Francisco magistrate judge Laurel Beeler, granted [Perens'] motion to dismiss the complaint while also denying--for now--his effort to invoke California's anti-SLAPP law.
SLAPP stands for Strategic Lawsuit Against Public Participation, and describes legal complaints aimed at silencing public discourse and free speech. In 1992, California passed its anti-SLAPP statute to provide a defense against such legal bullying. Many other states and countries have similar laws.
In addition, Beeler denied Grsecurity's motion for summary judgment, which amounts to asking the judge to agree that the facts are so clear a ruling can be rendered without a trial.
"The court holds that Mr Perens's [sic] statements are opinions that are not actionable libel, dismisses the complaint with leave to amend, denies the anti-SLAPP motion without prejudice, and denies the motion for summary judgment", Judge Beeler ruled.
The page links to another article where Torvalds' opinion (similar in nature to Perens', but more colorful, as usual) was discussed in June.
Grsecurity is a patch for the Linux kernel which, it is claimed, improves its security. It is a derivative work of the Linux kernel which touches the kernel internals in many different places. It is inseparable from Linux and can not work without it. it would fail a fair-use test (obviously, ask offline if you don’t understand). Because of its strongly derivative nature of the kernel, it must be under the GPL version 2 license, or a license compatible with the GPL and with terms no more restrictive than the GPL. Earlier versions were distributed under GPL version 2.
Currently, Grsecurity is a commercial product and is distributed only to paying customers. My understanding from several reliable sources is that customers are verbally or otherwise warned that if they redistribute the Grsecurity patch, as would be their right under the GPL, that they will be assessed a penalty: they will no longer be allowed to be customers, and will not be granted access to any further versions of Grsecurity. GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition.
By operating under their policy of terminating customer relations upon distribution of their GPL-licensed software, Open Source Security Inc., the owner of Grsecurity, creates an expectation that the customer’s business will be damaged by losing access to support and later versions of the product, if that customer exercises their re-distribution right under the GPL license. This is tantamount to the addition of a term to the GPL prohibiting distribution or creating a penalty for distribution. GPL section 6 specifically prohibits any addition of terms. Thus, the GPL license, which allows Grsecurity to create its derivative work of the Linux kernel, terminates, and the copyright of the Linux Kernel is infringed. The contract from the Linux kernel developers to both Grsecurity and the customer which is inherent in the GPL is breached.
In late June, noted open-source programmer Bruce Perens warned that using Grsecurity's Linux kernel security could invite legal trouble.
"As a customer, it's my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog.
The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may have helped him draft that post, for defamation and business interference.
Grsecurity offers Linux kernel security patches on a paid-for subscription basis. The software hardens kernel defenses through checks for common errors like memory overflows. Perens, meanwhile, is known for using the Debian Free Software Guidelines to draft the Open Source Definition, with the help of others.
Linus Torvalds, who oversees the Linux kernel, has called Grsecurity's patches "garbage".
... (read the rest at the register)
Bruce Perens has a blog post on his site stating that the court has ordered Open Source Security, Inc. and Bradley Spengler to pay $259,900.50 to his attorneys. At issue was Bruce getting sued for pointing out that Grsecurity and their customers are involved in contributory infringement and breach of contract by deploying their product in conjunction with the Linux kernel under the no-redistribution policy employed by Grsecurity.
The court has ordered Open Source Security, Inc, and Bradley Spengler to pay $259,900.50 in legal fees to my attorneys, O’Melveny and Meyers. The court awarded about half what we asked for, courts usually do reduce awards. There is no new comment at this time, but please see my comment upon asking for the award of legal fees.
Here are all of the case documents.
Earlier on SN:
Bruce Perens Wants to Anti-SLAPP GRSecurity's Brad Spengler With $670,000 in Legal Bills (2018)
Grsecurity's Defamation Suit Against Bruce Perens Dismissed (2017)
Bruce Perens Warns of Potential Contributory Infringement Risk for Grsecurity Customers (2017)