Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Sunday February 16 2020, @02:22PM   Printer-friendly
from the no-way-out dept.

https://www.itwire.com/open-source/linux-kernel-patch-maker-says-court-case-was-only-way-out.html

The head of security firm Open Source Security, Brad Spengler, says he had little option but to file a lawsuit against open source advocate Bruce Perens, who alleged back in 2017 that security patches issued for the Linux kernel by OSS violated the licence under which the kernel is distributed.

The case ended last week with Perens coming out on the right side of things; after some back and forth, a court doubled down on its earlier decision that OSS must pay Perens' legal costs as awarded in June 2018.

The remainder of the article is an interview with Brad Spengler about the case and the issue.

iTWire contacted Spengler soon after the case ended, as he had promised to speak at length about the issue once all legal issues were done and dusted. Queries submitted by iTWire along with Spengler's answers in full are given below:

Previously:
Court Orders Payment of $259,900.50 to Bruce Perens' Attorneys


Original Submission

Related Stories

Court Orders Payment of $259,900.50 to Bruce Perens' Attorneys 10 comments

Bruce Perens has a blog post on his site stating that the court has ordered Open Source Security, Inc. and Bradley Spengler to pay $259,900.50 to his attorneys. At issue was Bruce getting sued for pointing out that Grsecurity and their customers are involved in contributory infringement and breach of contract by deploying their product in conjunction with the Linux kernel under the no-redistribution policy employed by Grsecurity.

The court has ordered Open Source Security, Inc, and Bradley Spengler to pay $259,900.50 in legal fees to my attorneys, O’Melveny and Meyers. The court awarded about half what we asked for, courts usually do reduce awards. There is no new comment at this time, but please see my comment upon asking for the award of legal fees.

Here are all of the case documents.

Earlier on SN:
Bruce Perens Wants to Anti-SLAPP GRSecurity's Brad Spengler With $670,000 in Legal Bills (2018)
Grsecurity's Defamation Suit Against Bruce Perens Dismissed (2017)
Bruce Perens Warns of Potential Contributory Infringement Risk for Grsecurity Customers (2017)


Original Submission

Grsecurity Maker Finally Coughs Up $300k to Foot Bruce Perens' Legal Bill 23 comments

From The Register:

After three years of legal wrangling, the defamation lawsuit brought by Brad Spengler and his company Open Source Security (OSS) against open-source pioneer Bruce Perens has finally concluded.... Spengler and OSS sued Perens for a June 2017 blog post in which Perens ventured the opinion that grsecurity, Open Source Security's Linux kernel security enhancements, could expose customers to potential liability under the terms of the General Public License (GPL).

OSS says that customers who exercise their rights to redistribute its software under the GPL will no longer receive software updates – the biz wants to be paid for its work, a problem not really addressed by the GPL. Perens, the creator of the open-source definition, pointed out that section six of the GPLv2 prohibits modifications of the license terms.

In December 2017, San Francisco magistrate judge Laurel Beeler determined that Perens had expressed an opinion as allowed under American law and dismissed the defamation claim. Perens then sought to recoup legal expenses under California's Anti-Strategic Lawsuits Against Public Participation (SLAPP) statute, [and] a month later he was awarded more than $526,000 in damages.

Spengler and OSS then appealed, and managed to get the award reduced to about $260,000, but not overturned.... Perens gets nothing personally for his trouble, but his legal team will be paid. O'Melveny & Myers LLP will receive $262,303.62 for the district court litigation (fees and costs) and $2,210.36 for the appeal (costs) while the Electronic Frontier Foundation will be paid $34,474.35 (fees) and $1,011.67 (costs) for its role in the appeal.

Previously:


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1) 2
  • (Score: 2) by hendrikboom on Sunday February 16 2020, @02:44PM (73 children)

    by hendrikboom (1125) Subscriber Badge on Sunday February 16 2020, @02:44PM (#958795) Homepage Journal

    So I still don't know if the courts ruled that GRsecurity was in violation of the GLP, or merely that it was wrong to sue Perens for pointing out legal problems that may or may not exist.

    • (Score: 2) by barbara hudson on Sunday February 16 2020, @03:02PM (4 children)

      by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Sunday February 16 2020, @03:02PM (#958801) Journal
      Tactically, you prefer to be the one defending. If someone has a problem, are they willing to go to the expense of suing? If not, you just ignore them. That eventually counts as a win because observers say "so why don't you sue?" Of course, if you can prove the other party is in the wrong and that they have resources to pay an award, then it's just a question of what do YOU want to do?

      In this case, though, who really gives a shit? Nerd fight is nerd fight.

      --
      SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
      • (Score: -1, Troll) by Anonymous Coward on Sunday February 16 2020, @03:47PM (3 children)

        by Anonymous Coward on Sunday February 16 2020, @03:47PM (#958812)

        Proving my point every single day. [soylentnews.org]

        Please don't stop. You bring amusement to my life. Thank you!

        Good on you!

        • (Score: 1, Offtopic) by barbara hudson on Sunday February 16 2020, @04:18PM (2 children)

          by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Sunday February 16 2020, @04:18PM (#958820) Journal

          I'm so happy that I can add a glimmer of purpose to your sordid existence. After all, I understand, haters gonna hate.

          No one left to hate
          In your neighborhood
          Who ya gonna hate?
          Barbara Hudson!

          You're a lonely nerd
          Stuck in incel land
          Who you gonna hate?
          Barbara Hudson

          But I ain't 'fraid of no trolls
          I ain't 'fraid of no trolls.
          Yeah yeah yeah yeah!!!

          You got stupid memes
          Running through your head
          Who can you hate?
          Barbara Hudson

          You're a weak little man
          Wanking on the can
          Thinking trans woman
          Barbara Hudson

          Too bad I ain't 'fraid of no troll
          Nope, I ain't 'fraid of no troll
          Yeah yeah yeah yeah!!!

          --
          SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
    • (Score: 5, Interesting) by FatPhil on Sunday February 16 2020, @03:14PM (54 children)

      by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Sunday February 16 2020, @03:14PM (#958804) Homepage
      They determined that what Bruce said was not a malicious falsity. There's no explicit statement that it's true, that I can see.

      But the whole case was a farce anyway -
      """
      Posted on June 28, 2017 by Bruce
      Warning: Grsecurity: Potential contributory infringement and breach of contract risk for customers

      It’s my strong opinion that your company should avoid the Grsecurity product sold at grsecurity.net because it presents a contributory infringement and breach of contract risk.
      """

      *STRONG OPINION*.

      You don't get much more protected speach than that. It's certainly true that he held and still holds that strong opinion. It was my strong opinion ages back, when I was an active kernel contributor for a commercial entity (and thus with IP issues left right and centre) that the GRSecurity licence was a gross violation of the GPL, and when Spanglypants decided to sue, he was just being a nob (I even agree with Bruce's SLAPP complaint). I'm glad the court system saw sense in this case, it so often doesn't.

      Linus (and the Linux Foundation) now have a very strong don't go to court approach to violations, they try to use velvet gloves wherever possible, so the truthiness of Bruce's conclusion will never be decided in court.
      --
      Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
      • (Score: -1, Flamebait) by Anonymous Coward on Sunday February 16 2020, @03:19PM

        by Anonymous Coward on Sunday February 16 2020, @03:19PM (#958806)

        Except when his strapped up wife gives him the fuck. Then he's just the household duck.

      • (Score: 5, Insightful) by Thexalon on Sunday February 16 2020, @03:33PM (48 children)

        by Thexalon (636) on Sunday February 16 2020, @03:33PM (#958807)

        This has all the hallmarks of a SLAPP suit: The goal wasn't to win damages because there was never much chance of it, it was to punish Perens for saying something that hurt his company's bottom line. Perens didn't say anything that was provably untrue, but was sued for libel anyways, in an effort to force Perens to spend time and legal resources defending his statement. And I'm not surprised in the slightest that the payment of Perens' attorney's fees has been delayed for over a year, and won't be surprised if it somehow mysteriously never gets paid.

        And no, Mr Spengler, this wasn't the "only way out": You have always had a way out: Release your patches under the GPL like you're supposed to, and switch to selling support or something like that. You didn't, because you wanted to take from the commons of GPL stuff while not giving back, which is what the GPL was specifically designed to prevent. Or, if all else fails, you also had the option of shutting down your business and doing something else with your life.

        --
        The only thing that stops a bad guy with a compiler is a good guy with a compiler.
        • (Score: 3, Informative) by KilroySmith on Sunday February 16 2020, @04:20PM (44 children)

          by KilroySmith (2113) on Sunday February 16 2020, @04:20PM (#958822)

          >>> Release your patches under the GPL like you're supposed to, and switch to selling support or something like that.
          Well, having read TFA, Spengler says specifically that, in his view, the patches ARE released under the GPL. Anyone who receives them is free to provide them to anyone else.
          Doing so terminates your support and updates contract with GRSecurity, so you'll no longer receive support and upgrades in the future, though. Perhaps Spengler is simply lying through his teeth; perhaps not. I'd love to hear a summary of Perens' opinion relative to this.

          The GPL ties the hands of GRSecurity in many ways, but forcing them to forever support a customer that they no longer wish to do business with isn't one of those ties, IMHO.

          • (Score: 3, Informative) by khallow on Sunday February 16 2020, @04:38PM (5 children)

            by khallow (3766) Subscriber Badge on Sunday February 16 2020, @04:38PM (#958828) Journal

            Doing so terminates your support and updates contract with GRSecurity, so you'll no longer receive support and upgrades in the future, though. Perhaps Spengler is simply lying through his teeth; perhaps not. I'd love to hear a summary of Perens' opinion relative to this.

            Sounds like it's not GPL then. GPL doesn't impose restrictions on one's ability to redistribute the code. And what happens if I just don't tell OSS that I'm redistributing the code under their GPL? I bet they have a reporting requirement which would also be a violation of the GPL.

            The GPL ties the hands of GRSecurity in many ways, but forcing them to forever support a customer that they no longer wish to do business with isn't one of those ties, IMHO.

            Do you really think a business applying a penalty to exercising GPL rights as you describe in your prior quote is equivalent to a business being required to forever support a customer?

            • (Score: 2) by Immerman on Monday February 17 2020, @04:14PM (4 children)

              by Immerman (3985) on Monday February 17 2020, @04:14PM (#959194)

              Isn't that exactly what they said? You *are* free to redistribute the code - but exercising that freedom terminates your contract with GRSecurity, so that they'll no longer provide you with any future updates.

              Slimy, but arguably a legal way to circumvent the spirit of the GPL. After all, the GPL doesn't guarantee access to *future* updates, just the ability to redistribute the code you already have. If you want to continue doing business with GRSecurity, then you have to obey their non-license contract requirements.

              • (Score: 1) by khallow on Monday February 17 2020, @05:56PM (2 children)

                by khallow (3766) Subscriber Badge on Monday February 17 2020, @05:56PM (#959228) Journal

                You *are* free to redistribute the code - but exercising that freedom terminates your contract with GRSecurity, so that they'll no longer provide you with any future updates.

                The problem is that GRSecurity in turn modified Linux kernel code and thus, is subject to the license requirements of the kernel code. That happens to be GPL 2. Thus, GRSecurity's modifications of the code are in turn also required to be distributed under GPL 2.0 without that constraint above, or they lose permission to modify the kernel code for their products.

                • (Score: 0) by Anonymous Coward on Monday February 17 2020, @08:39PM (1 child)

                  by Anonymous Coward on Monday February 17 2020, @08:39PM (#959272)

                  are you thick? no one is arguing that they are not required to release their code under the gpl. The argument is that they are not obligated to provide future updates or support if you violate their contract by redistributing. A "restriction" of the right to redistribute does not include me not giving you ponies for christmas until you die, ffs. An actual restriction would be me telling you you have to pay me $100 every time you redistribute, or you have to write a letter to every major newspaper/website explaining what a douche you are, every time you redistribute. Me saying "do what you want in regards to redistribution, but don't expect me to help you in the future" is not the same fucking thing, and evidently RMS has already acknowledged this.

                  • (Score: 1) by khallow on Monday February 17 2020, @09:52PM

                    by khallow (3766) Subscriber Badge on Monday February 17 2020, @09:52PM (#959307) Journal

                    The argument is that they are not obligated to provide future updates or support if you violate their contract by redistributing.

                    Which as has been repeatedly noted is a violation of the GPL 2.0 license for the Linux kernel.

                    A "restriction" of the right to redistribute does not include me not giving you ponies for christmas until you die, ffs.

                    Why in the world do you think that is relevant? Sure, you are right in that no one can force you to distribute code based on GPL 2.0 licensed code. But once you decide to distribute derivative code or programs (here, Linux kernel modifications), you have to follow the rules as outlined in the license.

                    An actual restriction would be me telling you you have to pay me $100 every time you redistribute, or you have to write a letter to every major newspaper/website explaining what a douche you are, every time you redistribute.

                    Nope. The GRSecurity example is an actual restriction as well. Because if you don't follow the rules about not redistributing the code, you don't get the pony. That's a straightforward actual restriction on use.

                    Me saying "do what you want in regards to redistribution, but don't expect me to help you in the future" is not the same fucking thing

                    Not all actual restrictions are the same fucking thing. There's an immense variety of ploys for restriction how you do things, that can range from the very explicit and straightforward to the very underhanded and covert. The GRSecurity example falls towards the former side. Now you know, right?

              • (Score: 0) by Anonymous Coward on Tuesday February 18 2020, @05:40PM

                by Anonymous Coward on Tuesday February 18 2020, @05:40PM (#959601)

                You *are* free to redistribute the code - but ...

                If your "free" comes with a "but" you're probably not free to do it.

                For the tried and true car analogy, I'm "free" to drive at 120 MPH on the freeway, but exercising that freedom may result in a speeding ticket. Still, I'm "free" to try, right?

          • (Score: 4, Insightful) by Anonymous Coward on Sunday February 16 2020, @04:42PM (9 children)

            by Anonymous Coward on Sunday February 16 2020, @04:42PM (#958830)

            The GPL ties the hands of GRSecurity in many ways, but forcing them to forever support a customer that they no longer wish to do business with isn't one of those ties, IMHO.

            Their product is a patch to the Linux kernel, making it a derivative work of the kernel, and thus the only reason why they can even distribute it all it is thanks to the GPL itself. It sounds like what they say is: "we distribute our patches to you under the GPL, but if you even try to exercise these other rights you supposedly have under it, we will stop giving you support and updates". That rather sounds a hell of a lot like they're adding extra terms to the license, prohibited by GPL section 6. It's not a matter of forcing them to forever support anyone. It's that they're adding extra terms and conditions to the redistribution of their patches in violation of the GPL.

            • (Score: 2) by Immerman on Monday February 17 2020, @04:23PM (8 children)

              by Immerman (3985) on Monday February 17 2020, @04:23PM (#959197)

              Except that they *aren't* adding any extra terms and conditions to the license - they give you the code, you can do whatever you want with it (within the terms of the GPL). But if you redistribute, you terminate your contract with GRSecurity and they don't give you any future updates.

              Their contract puts no limitations on what you can do with the code they distribute, unless you want to maintain your business relationship with them. And the GPL says nothing about guaranteeing continued access to future updates from the original source, so they are almost certainly within the letter of the law - despite clearly violating the spirit. And one of the downsides of having a legal system rather than a justice system, is that the letter of the law is generally all that matters.

              • (Score: 1) by khallow on Monday February 17 2020, @06:06PM (7 children)

                by khallow (3766) Subscriber Badge on Monday February 17 2020, @06:06PM (#959230) Journal

                But if you redistribute, you terminate your contract with GRSecurity and they don't give you any future updates.

                Which again doesn't terminate GRSecurity's obligations under the GPL 2.0 license [opensource.org].

                And the GPL says nothing about guaranteeing continued access to future updates from the original source

                Look at section 5 and 7. It says nothing about your "guaranteeing", but it does say that if you for whatever reason don't comply with the requirements of the GPL, then you lose the right to use, modify, or distribute the code. That would include distributing those patches.

                5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.

                [...]

                7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.

                • (Score: 2) by Immerman on Monday February 17 2020, @08:38PM (6 children)

                  by Immerman (3985) on Monday February 17 2020, @08:38PM (#959271)

                  But (it sounds like) they *aren't* putting any other restrictions on redistributing the code - that's the point. They give you the code under the GPL, and freely acknowledge that you can redistribute it under the same terms. Nothing in their contract limits that in any way.

                  Basically, there's nothing stopping someone from entering into a GRSecurity contract, getting the code, and immediately sharing that code with the world. The code itself is completely free of any non-GPL requirements, and neither you, nor anyone downstream, will face any legal difficulties for doing so, as GRSecurity freely acknowledges your rights to do so.

                  Doing so terminates your contract with GRSecurity - but that's an independent business agreement, and in no way impairs your rights with respect to the GPLed code that they have already provided you.

                  If the contract with GRSecurity obligated you to not redistribute the code they provide, or imposed any other license limitations, then that would be a clear violation of the GPL - but it doesn't. You're free to redistribute their GPLed code - you just voluntarily terminate your contract in the process so that you won't get any future software from them. And nothing in the GPL explicitly states that other, unrelated (future performance) business agreements can't depend on your actions with GPLed code. Nothing in the GPL obligates them to continue doing business with you.

                  I'm sure lawyers could argue interminably over the details, but that's the point - GRSecurity has found a slimy way to skirt the limits of the GPL so that they aren't in clear violation. The fact that they (presumably, since they're still in business) haven't been pressured or sued by any major Linux stakeholders would suggest that the stakeholders' lawyers agree that it wouldn't be a cut-and-dried case, but instead a potentially long and expensive trial with a murky outcome.

                  • (Score: 0) by Anonymous Coward on Monday February 17 2020, @09:00PM

                    by Anonymous Coward on Monday February 17 2020, @09:00PM (#959284)

                    i don't even think it's slimy anymore. i probably did at one time. it's just a way to make sure you (OSS, in this case) aren't enabling your competitors. They are still getting Free Software and they can do what they want with it, but if they want to copy it and create their own competing company, you don't have to help them do it going forward. It's definitely an interesting option for commercial Free Software. People who think FOSS should be all volunteer won't like any of that though.

                  • (Score: 1) by khallow on Monday February 17 2020, @09:53PM (4 children)

                    by khallow (3766) Subscriber Badge on Monday February 17 2020, @09:53PM (#959309) Journal

                    They give you the code under the GPL, and freely acknowledge that you can redistribute it under the same terms. Nothing in their contract limits that in any way.

                    Except of course, they cut off the supply if they catch you doing it. Which is a limit, contrary to assertion.

                    • (Score: 2) by Immerman on Monday February 17 2020, @10:09PM (3 children)

                      by Immerman (3985) on Monday February 17 2020, @10:09PM (#959317)

                      It is a limit, but it's NOT a limit on your rights under the GPL - just on your future business dealing with them, which aren't covered by the GPL

                      • (Score: 1) by khallow on Monday February 17 2020, @10:37PM

                        by khallow (3766) Subscriber Badge on Monday February 17 2020, @10:37PM (#959333) Journal

                        but it's NOT a limit on your rights under the GPL

                        But it is a limit on OSS's rights under the GPL.

                      • (Score: 0) by Anonymous Coward on Tuesday February 18 2020, @07:02AM (1 child)

                        by Anonymous Coward on Tuesday February 18 2020, @07:02AM (#959463)

                        >It is a limit, but it's NOT a limit on your rights under the GPL - just on your future business dealing with them, which aren't covered by the GPL

                        OSS is not allowed to proffer /any/, A_N_Y, additional terms OTHER than the GPL when distributing a derivative work of a GPL'd work. They are NOT allowed to make ANY "contract": they can ___ONLY___ give the terms of the GPL: that is IT.

                        They have put forth the GPL AND additional terms. That is FORBIDDEN by the linux copyright holders under section 6 and 4 of the GPL.
                        They do NOT have a license for linux kernel ANYMORE. That's RIGHT NOW.

                        Get it through your FUCKING head you MORON.
                        Linux Kernel is NOT their property. The Linux Kernel devs HAVE __BANNED__ certain business practices, regarding their Work. This is ONE of those banned practices.

                        • (Score: 2) by Immerman on Tuesday February 18 2020, @03:29PM

                          by Immerman (3985) on Tuesday February 18 2020, @03:29PM (#959540)

                          >OSS is not allowed to proffer /any/, A_N_Y, additional terms OTHER than the GPL when distributing a derivative work of a GPL'd work.
                          And they are not doing so - they're providing the source to their derivative patches under the GPL2.

          • (Score: 5, Informative) by Arik on Sunday February 16 2020, @05:06PM (27 children)

            by Arik (4543) on Sunday February 16 2020, @05:06PM (#958841) Journal
            "Well, having read TFA, Spengler says specifically that, in his view, the patches ARE released under the GPL. Anyone who receives them is free to provide them to anyone else.
            Doing so terminates your support and updates contract with GRSecurity, so you'll no longer receive support and upgrades in the future, though."

            That's exactly what he argues. He thinks he's found a loophole, and he's sticking to it.

            But the GPL *explicitly* forbids this.

            "4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance."

            "6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License."

            He's imposing further restrictions, in violation of 6, which means he no longer has a license under 4, by the plain language of GPL2.

            "forcing them to forever support a customer that they no longer wish to do business with"

            That's probably the best argument that can possibly be made here. It's still pretty weak though. No one's forcing them to do business with anyone. But given that their entire business is based on their access to linux under the GPL, violating it seems like a monumentally bad idea.
            --
            If laughter is the best medicine, who are the best doctors?
            • (Score: 2, Disagree) by KilroySmith on Sunday February 16 2020, @06:01PM (26 children)

              by KilroySmith (2113) on Sunday February 16 2020, @06:01PM (#958856)

              >>> He's imposing further restrictions
              I guess you and I will have to disagree on this. In my view, GRSecurity is not imposing any further restrictions on the code that has been distributed - the recipient and the community can redistribute under the GPL as required. The only thing that changes is the business relationship between GRSecurity and their customer, a relationship that the GPL is silent about.

              • (Score: 2) by Arik on Sunday February 16 2020, @06:39PM (2 children)

                by Arik (4543) on Sunday February 16 2020, @06:39PM (#958867) Journal
                I'm rather at a loss to even respond to that. It's hard to think of a clearer case. I suspect your theory wouldn't survive the first meeting with the judge.
                --
                If laughter is the best medicine, who are the best doctors?
                • (Score: 2) by FatPhil on Monday February 17 2020, @12:14AM (1 child)

                  by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Monday February 17 2020, @12:14AM (#958945) Homepage
                  I'm with you, and khallow, and obviously Bruce and the judge, on this - thanks for your useful contributions to the thread. Hating to be devils advocate, I'm sure there is a way to achieve almost everything that mr spanglypants wants through a a clear (perhaps clean room, different companies) separation of the patches and the support contracts. He should have hired a more savvy lawyer when setting up his business(es) in the first place.

                  There are often sneaky ways round the GPL. I remember distributing .o files, including ones that had stubbed implementations of functions in a GPL library just so that I didn't have to release my source for a while. Wanna run my code? link it to the real GPL library yourself.

                  Nowadays I wouldn't bother, but I was dabbling in a pretty competitive field and didn't want to lose my edge.
                  --
                  Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
                  • (Score: 4, Interesting) by stormwyrm on Monday February 17 2020, @12:38AM

                    by stormwyrm (717) on Monday February 17 2020, @12:38AM (#958949) Journal
                    IIRC, NeXT tried to do that with GCC, but the FSF warned them that was still a GPL violation. Apparently NeXT legal agreed, and that's the reason why GCC wound up with an Objective-C front end. And why Steve Jobs hated the GPL.
                    --
                    Numquam ponenda est pluralitas sine necessitate.
              • (Score: 0) by Anonymous Coward on Monday February 17 2020, @05:43AM (4 children)

                by Anonymous Coward on Monday February 17 2020, @05:43AM (#959043)

                I don't understand why these nerds can't get this. You're utterly correct. The terms of the GPL are with respect to code rights, NOT with respect to business dealings. GRSecurity isn't in any way removing their right to share the code - only stating a consequence in business if they do.

                Ooh ooh I've got it! Here's a clearer example! So excited it's bolded!
                Imagine:
                * you're the release channel for security patches
                * and one of your downstreams starts dumping into the wild as 0days
                * The project and your patches are GPLed.
                Are you required to keep them in your early distribution list? Of course not!
                Are they blocked from rereleasing and GPLed code they get their hands on, from you or from your downstreams or from anywhere else? Of course not!

                Arik, wise up - you get it from the example, I hope.

                • (Score: 0) by Anonymous Coward on Monday February 17 2020, @08:52AM

                  by Anonymous Coward on Monday February 17 2020, @08:52AM (#959080)

                  Your parents tell you that you can drive the car as long as you pay your own gas an insurance. Elsewhere they tell you that if you miss your 11:59 PM curfew you are punished in the future. The car agreement are with respect to driving rights, no with respect to curfew. They are in no way removing your right to drive the car after midnight, only stating the consequence in future punishments if you do.

                • (Score: 0) by Anonymous Coward on Monday February 17 2020, @11:03AM (2 children)

                  by Anonymous Coward on Monday February 17 2020, @11:03AM (#959104)

                  >The terms of the GPL are with respect to code rights, NOT with respect to business dealings

                  Wrong, the GPL governs business dealings with a nexus to the copyrighted Work. It explicitly forbids classes of business dealings with regard to the Work, which is a right of the Copyright holder (aslong as the ban does not impinge public policy (ie: discrimination against protected class)). Grsecurity is in violation of section 4 and 6. You are not allowed to add additional terms between you and the down-stream distributees that impinge on the permissions granted by the Copyright holder. You're simply not allowed to enter into, or proffer such additional terms between you and your customer: your license is voided once you poffer such terms.

                  And, yes, I am a lawyer:
                  https://s1.desu-usergeneratedcontent.xyz/g/image/1581/75/1581752208084.jpg [desu-usergeneratedcontent.xyz]
                  #ProtectFreeSoftware
                  #EnforceGPL

                  • (Score: 0) by Anonymous Coward on Monday February 17 2020, @09:08PM (1 child)

                    by Anonymous Coward on Monday February 17 2020, @09:08PM (#959287)

                    "You are not allowed to add additional terms between you and the down-stream distributees that impinge on the permissions granted by the Copyright holder."

                    and they're not. the downstream distributees can distribute to their hearts content, but OSS doesn't have to deal with them anymore.

                    and no, i'm not a fucking shitweasel.

                    • (Score: 1) by khallow on Monday February 17 2020, @10:51PM

                      by khallow (3766) Subscriber Badge on Monday February 17 2020, @10:51PM (#959340) Journal

                      but OSS doesn't have to deal with them anymore.

                      Sorry, according to the GPL license, they do. I find it interesting how this conversation goes. The Perens side quotes the relevant clauses which OSS is in violation of and explains how those are violations. The OSS side just has vague feelings that certain restrictions aren't really restrictions. Nothing is ever justified except with bizarre non sequiturs (like claiming this is equivalent to forcing OSS to distribute code to everyone forever). One side uses reason. The other side does not.

                      By your tools of reason, you shall be known.

              • (Score: 1) by khallow on Monday February 17 2020, @06:20PM (17 children)

                by khallow (3766) Subscriber Badge on Monday February 17 2020, @06:20PM (#959233) Journal

                In my view, GRSecurity is not imposing any further restrictions on the code that has been distributed - the recipient and the community can redistribute under the GPL as required.

                Then why would the subscription be terminated, if there were indeed no further restrictions on the code that was distributed? It obviously is a further restriction whether you choose to view it that way or not.

                What's missing here is that GRSecurity is constrained by the GPL 2.0 license on the Linux kernel. They do not have the option to impose these additional restrictions on what can be distributed (as Arik noted), because otherwise they aren't allowed to distribute those changes at all. That is, their code and their subscription both inherit the GPL 2.0 restrictions from the Linux kernel. They aren't allowed by the license to term subscriptions for people who redistribute their code.

                • (Score: 2) by Immerman on Monday February 17 2020, @08:42PM (16 children)

                  by Immerman (3985) on Monday February 17 2020, @08:42PM (#959275)

                  Would redistributing the code put you in violation of any license or contract? No.

                  It would terminate the contract in accordance with its voluntary termination clause - but that's a restriction on the business agreement, not on the code.

                  • (Score: 1) by khallow on Monday February 17 2020, @09:54PM (15 children)

                    by khallow (3766) Subscriber Badge on Monday February 17 2020, @09:54PM (#959310) Journal

                    Would redistributing the code put you in violation of any license or contract? No.

                    It puts OSS in violation of the GPL 2.0 license on the Linux kernel.

                    • (Score: 2) by Immerman on Monday February 17 2020, @10:20PM (14 children)

                      by Immerman (3985) on Monday February 17 2020, @10:20PM (#959326)

                      How, exactly?

                      If you had a GRSecurity contract, got their GPL2 patches, and gave them to me - *I* would see no limitations, the license is completely unchanged GPL2.

                      *You* would lose access to future updates from GRSecurity - but future updates aren't covered by the GPL.

                      • (Score: 1) by khallow on Monday February 17 2020, @10:43PM (13 children)

                        by khallow (3766) Subscriber Badge on Monday February 17 2020, @10:43PM (#959338) Journal

                        *You* would lose access to future updates from GRSecurity

                        There we go. The restriction/limit/etc that someone won't acknowledge as such.

                        - but future updates aren't covered by the GPL.

                        Of course, they are covered by the GPL. The GPL doesn't force you to engage in GPL-covered activities, such as releasing modifications of GPL licensed programs, but when you do, you have to comply with the license, even if it's an activity in the future.

                        • (Score: 2) by Immerman on Monday February 17 2020, @11:18PM (12 children)

                          by Immerman (3985) on Monday February 17 2020, @11:18PM (#959345)

                          Is the limit/restriction/etc on the licensed code? Or on your ability to redistribute it? No, you can redistribute to your hearts content under the exact same license, exactly as it requires.

                          There are *consequences* for distributing the code, but no *limitations or restrictions* on doing so. Exact language matters in law.
                          >Of course, they are covered by the GPL.

                          No, they aren't, because they don't exist yet.
                          They will probably exist eventually, and when they do, they will probably be released under the GPL (though it's always theoretically possible that alternate licenses might be negotiated with all the upstream contributors.)

                          But giving you code under the GPL today, doesn't put any obligation on me to give you more GPL code in the future.

                          • (Score: 1) by khallow on Tuesday February 18 2020, @12:06AM (11 children)

                            by khallow (3766) Subscriber Badge on Tuesday February 18 2020, @12:06AM (#959361) Journal

                            Is the limit/restriction/etc on the licensed code? Or on your ability to redistribute it? No, you can redistribute to your hearts content under the exact same license, exactly as it requires.

                            Why are you still asking when it's been explained to you? For example, here [soylentnews.org]

                            [KilroySmith:]In my view, GRSecurity is not imposing any further restrictions on the code that has been distributed - the recipient and the community can redistribute under the GPL as required.

                            [khallow:]Then why would the subscription be terminated, if there were indeed no further restrictions on the code that was distributed? It obviously is a further restriction whether you choose to view it that way or not.

                            What's missing here is that GRSecurity is constrained by the GPL 2.0 license on the Linux kernel. They do not have the option to impose these additional restrictions on what can be distributed (as Arik noted), because otherwise they aren't allowed to distribute those changes at all. That is, their code and their subscription both inherit the GPL 2.0 restrictions from the Linux kernel. They aren't allowed by the license to term subscriptions for people who redistribute their code.

                            or here

                            [KilroySmith:] The GPL ties the hands of GRSecurity in many ways, but forcing them to forever support a customer that they no longer wish to do business with isn't one of those ties, IMHO.

                            [AC:]Their product is a patch to the Linux kernel, making it a derivative work of the kernel, and thus the only reason why they can even distribute it all it is thanks to the GPL itself. It sounds like what they say is: "we distribute our patches to you under the GPL, but if you even try to exercise these other rights you supposedly have under it, we will stop giving you support and updates". That rather sounds a hell of a lot like they're adding extra terms to the license, prohibited by GPL section 6. It's not a matter of forcing them to forever support anyone. It's that they're adding extra terms and conditions to the redistribution of their patches in violation of the GPL.

                            Further examples, here [soylentnews.org] and here [soylentnews.org]. These are all posts you replied to.

                            You even agree [soylentnews.org] at one point.

                            [barbara hudson:]Back in the 80s I'm sure I wasn't the only one modifying binaries with a hex editor. If I were to do that today I could redistribute the binaries and never give the source because there is no source, never was.

                            [Immerman:]Except that the instant you distribute you're violating copyright law - unless you have a license that allows you to distribute. As some kid sharing stuff with friends in the pre-napster days, you were unlikely to get caught, but that doesn't make it any more legal.

                            Do that with any proprietary software, and the original copyright holder will be fully within their legal rights to come down on you like a ton of bricks for copyright infringement

                            Do that with GPLed software - and either you provide the source code on demand as required by the license, or the original copyright holder will be fully within their legal rights to come down on you like a ton of bricks for copyright infringement.

                            The GPL is the only thing allowing you to redistribute the code legally, so if you're not 100% in compliance with the license - including providing source code on demand, then you're automatically guilty of copyright infringement.

                            Sounds like GRSecurity isn't obviously violating the letter of the GPL, assuming they really do provide the source code on demand. But they're certainly violating the spirit.

                            And don't constrain the recipient's rights under the GPL, which OSS does. Sorry, the GPL does more than just require access to source code on demand, it requires that you don't put constraints on distribution, even the relatively mild ones here, on downstream recipients of modified code. And yes, anything where even a relatively mild negative consequence/penalty follows redistribution, is a constraint/restriction/limit which is not allowed by the GPL 2.0 license.

                            • (Score: 2) by Immerman on Tuesday February 18 2020, @01:22AM (10 children)

                              by Immerman (3985) on Tuesday February 18 2020, @01:22AM (#959379)

                              You seem to be operating under the assumption that putting constraints on future business transaction is equivalent to putting constraints on the licensed software. I don't see it, except in spirit. And the law is defined by the letter, not the spirit.

                              I sell you a copy of ImmerOffice, and give you the full source code under the GPL. At that point I have fulfilled my legal obligation under the GPL.

                              I then tell you that if you redistribute that code, I won't do business with you any more.

                              I have not in any way revoked or limited any of the rights I already granted you, I have simply put conditions on you doing business with me in the future.

                              It certainly violates the spirit of the GPL, especially for a product where regular updates are essential to the functionality, but nothing in the GPL actually requires me to continue doing business with you. I haven't altered what you can legally do with the software I already sold you in any way. I've only conditionally limited your ability to continue doing business with me.

                              • (Score: 1) by khallow on Tuesday February 18 2020, @01:45AM (4 children)

                                by khallow (3766) Subscriber Badge on Tuesday February 18 2020, @01:45AM (#959389) Journal

                                You seem to be operating under the assumption that putting constraints on future business transaction is equivalent to putting constraints on the licensed software.

                                At first, I thought I understood what you were saying. The GPL 2.0 license does put constraints on present and future business transactions when they impinge on the license. But you seem to be claiming that "putting constraints on the licensed software" was something we were discussing? We weren't. We were discussing how the GPL 2.0 license constrains (or as you claim, doesn't constrain) OSS's restrictions on use of their product (since it is a modification of the Linux kernel which makes the GRSecurity subject to the GPL 2.0 license requirements), like penalizing customers who exercise a GPL prerogative to distribute GPL licensed code.

                                The software itself is not constrained.

                                • (Score: 2) by Immerman on Tuesday February 18 2020, @02:13AM (3 children)

                                  by Immerman (3985) on Tuesday February 18 2020, @02:13AM (#959396)

                                  >The GPL 2.0 license does put constraints on present and future business transactions when they impinge on the license.
                                  Where, exactly, in the GPL2 does it put limitations on future transactions?

                                  >But you seem to be claiming that "putting constraints on the licensed software" was something we were discussing?
                                  Yes, we are. That's what the GPL is all about. So long as I give you the source code under the same GPL license that I received it, with no furtter limitations or restrictions on what you can do with it, my obligations under the GPL are fulfilled.

                                  I sold you ImmerOffice, a derivative work of GPL2 software. I gave you the source under the exact same GPL2 license as I received the upstream version under. My obligations under the GPL2 license that I received from upstream are completely satisfied. You can spread that source and software far and wide, and there's nothing I can do about it.

                                  Nothing I do from that point forward matters to *that* GPL-bound transaction. You have the source, you can do whatever you want with it (subject to GPL2). But I am under no obligation to do any further business with you.

                                  A year later you want to buy the latest version from me. I can sell it to you or not - that's completely up to me. If I choose to only sell the latest version to people who didn't redistribute the previous version, that in no way limits your ability to redistribute the previous version. It only limits your ability to get access to the current version.

                                  • (Score: 1) by khallow on Tuesday February 18 2020, @03:44AM (2 children)

                                    by khallow (3766) Subscriber Badge on Tuesday February 18 2020, @03:44AM (#959422) Journal

                                    Where, exactly, in the GPL2 does it put limitations on future transactions?

                                    There's no time limit on any of the limitations listed in the GPL 2.0. The whole thing applies to the indefinite future.

                                    But you seem to be claiming that "putting constraints on the licensed software" was something we were discussing?

                                    Yes, we are. That's what the GPL is all about. So long as I give you the source code under the same GPL license that I received it, with no furtter limitations or restrictions on what you can do with it, my obligations under the GPL are fulfilled.

                                    You mention no such way that GPL puts constraints on the licensed software. In reality, it puts constraints instead on the use, modification, ownership, distribution, etc of the software.

                                    I sold you ImmerOffice, a derivative work of GPL2 software. I gave you the source under the exact same GPL2 license as I received the upstream version under. My obligations under the GPL2 license that I received from upstream are completely satisfied. You can spread that source and software far and wide, and there's nothing I can do about it.

                                    Nothing I do from that point forward matters to *that* GPL-bound transaction. You have the source, you can do whatever you want with it (subject to GPL2). But I am under no obligation to do any further business with you.

                                    False. If you have continued to distribute future modifications of ImmerOffice which continue to be derivative from GPL code, then you continue to be subject to the terms of the GPL of the original code. And contrary to your assertion, you remain under obligation from that GPL license to do such things as provide access to your code for anyone, even those whom you don't do business with.

                                    What other contract can be voided merely because there is a future?

                                    • (Score: 2) by Immerman on Tuesday February 18 2020, @03:13PM (1 child)

                                      by Immerman (3985) on Tuesday February 18 2020, @03:13PM (#959535)

                                      >You mention no such way that GPL puts constraints on the licensed software. In reality, it puts constraints instead on the use, modification, ownership, distribution, etc of the software.

                                      Yes - either you adhere to the terms of the GPL2, or you can't redistribute. The GPL2 grants you a bunch of new rights - but only so long as you adhere to its limitations (full source release, no new license restrictions, etc on downstream code.) Use and modification are actually completely unrestricted, your GPL2 obligations are only triggered by distribution. Which is why Google can run their own custom version of Linux and other GPL2 software within their organization without sharing the source. As I recall that's one of the many things GPL3 changed.

                                      >If you have continued to distribute future modifications of ImmerOffice which continue to be derivative from GPL code, then you continue to be subject to the terms of the GPL of the original code. And contrary to your assertion, you remain under obligation from that GPL license to do such things as provide access to your code for anyone, even those whom you don't do business with.

                                      Actually, no. Read the GPL2 very carefully - you're only required to provide the GPL2ed source to people to whom you distribute the derivative work*. Most people make the source available to everyone out of convenience (if customers can re-share it anyway, why bother with all the trouble of limiting access), but e.g. if you sold shrink-wrapped GPL2 software bundled with the complete source on the same DVD as the software, then your obligations have been fully met and you don't need to do make the source available in any other form.

                                      If I sell you ImmerOffice v1, then I am required to give you the full source to ImmerOffice v1 under the GPL2 either bundled or upon request. However, I have no obligation to provide you source code to v2 unless I have provided you with that version of the software. If I refuse to sell v2 you, then I don't have to give you the source to v2. Anyone I *do* sell to is still entitled to get the GPL2 source, and can give it to you freely - but that has nothing to do with me. Except that I would then refuse to sell them v3 or provide them with the source to that version.

                                      *Clause 3 of the GPL2

                                      3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
                                              a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
                                              b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
                                              c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)

                                      Hmm...I hadn't actually remembered the "any third party" bit on subsection (b) - It would seem that if I don't provide you the source up front, bundled with the software, then I would indeed have to make it available to everyone. However, so long as I bundled the source, I'm home free. And in the case of a patch... well the patch is almost certainly delivered in source form to begin with, is it not?

                                      • (Score: 1) by khallow on Tuesday February 18 2020, @06:20PM

                                        by khallow (3766) Subscriber Badge on Tuesday February 18 2020, @06:20PM (#959613) Journal
                                        Indeed, let's read the GPL 2 carefully. Arik [soylentnews.org] did that and came up with sections 4 and 6, which override your permissive interpretation of section 3.

                                        you're only required to provide the GPL2ed source to people to whom you distribute the derivative work*.

                                        And you are also "only" required to "not impose any further restrictions on the recipients' exercise of the rights granted herein". Sorry, but OSS's gimmick of not doing business with you if you exercise the right to redistribute is a restriction and would covered by the license. They are limited by the license as to what restrictions they can impose on their customers, section 3 notwithstanding.

                              • (Score: 0) by Anonymous Coward on Tuesday February 18 2020, @07:16AM (4 children)

                                by Anonymous Coward on Tuesday February 18 2020, @07:16AM (#959465)

                                >You seem to be operating under the assumption that putting constraints on future business transaction is equivalent to putting constraints on the licensed software. I don't see it, except in spirit. And the law is defined by the letter, not the spirit.

                                When using some other Copyright holder's Work licensed to you under the terms of version 2 of the GPL: The GPL governs you, the licensee's business dealings with any future distributees where there is a nexus with the GPL'd work. It _FORBIDS_ you to engage in any contracting that adds ANY addtional terms between YOU and the Distributee. See section 6 and 4. You simply are NOT allowed to create such contracts between you the licensee and the distributees. When you DO create such a contract, your license is /IMMEDIATLY/ revoked (section 4). The MOMENT you offer additional terms, in a situation where the GPL'd Work (of another) is implicated.

                                >I sell you a copy of ImmerOffice, and give you the full source code under the GPL. At that point I have fulfilled my legal obligation under the GPL

                                . Wrong.

                                >I then tell you that if you redistribute that code, I won't do business with you any more.

                                You have now violated section 6 and section 4 of the GPL. The Copyright owners forbid such business dealings, weather you like it or not, mr american buisnesss man. The Copyrighted Work is NOT your property, it is NOT your posession, it is the COPYRIGHT OWNERS PROPERTY, and he may RESCIND your PERMISSION to use HIS PROPERTY at his LEASURE. Here he has chosen to rescind the license when you implicate his Work in a negative covenant inconsistent with the proffered terms.

                                >I have not in any way revoked or limited any of the rights I already granted you, I have simply put conditions on you doing business with me in the future.

                                Wrong: you have engaged in behavior forbidden by the Owner of the Copyrighted work, and have lost your PERMISSION to use his work, as stated in section 4. You no-longer have a license and hence-forth are implicated in Copyright infringement.

                                >It certainly violates the spirit of the GPL, especially for a product where regular updates are essential to the functionality, but nothing in the GPL actually requires me to continue doing business with you. I haven't altered what you can legally do with the software I already sold you in any way. I've only conditionally limited your ability to continue doing business with me.

                                It violates the text of section 6 and section 4. And yes, I am a lawyer. You should be sued in such a case. The Copyrighted work is NOT your property. It is NOT an item you have title to. You merely have permission to use another's property (like if you were /licensed/ to walk over someone's land), which is revoked at the owners leisure. The owner has stated that the permission is revoked if you add any additional terms between you and anyone you distribute the Work (or any derivative there-of) to. Which you have done so. No more license.

                                • (Score: 2) by Immerman on Tuesday February 18 2020, @03:26PM (2 children)

                                  by Immerman (3985) on Tuesday February 18 2020, @03:26PM (#959539)

                                  Where does it say you can't add any further terms to the transaction? It says you can't add any further *restrictions* to the

                                  [Section] 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.

                                  So long as I provide you the full source under GPL2, then I'm putting no further restrictions on you redistributing it as you see fit. Threatening to refuse to do any further business with you if you exercise those rights, doesn't actually restrict your rights - it just restricts your future business dealings with me. You're perfectly free to flip me off and redistribute the source I gave you.

                                  I don't see that section 4 is directly relevant, until we establish that I have indeed violated section 6.

                                  • (Score: 0) by Anonymous Coward on Wednesday February 19 2020, @02:42AM (1 child)

                                    by Anonymous Coward on Wednesday February 19 2020, @02:42AM (#959757)

                                    >Where does it say you can't add any further terms to the transaction? It says you can't add any further *restrictions* to the

                                    > 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void,

                                    Grsecurity is a modification of the Program. They are modifying the Program, and sublicensing it, with added terms. They are in violation.

                                    Additionally, A consequence, aswell as A negative covenant, is a restriction.

                                    >You may not impose any further restrictions on the recipients' exercise of the rights granted herein.

                                    They are violating the license on two counts, not just one count.

                                    • (Score: 2) by Immerman on Wednesday February 19 2020, @03:55AM

                                      by Immerman (3985) on Wednesday February 19 2020, @03:55AM (#959781)

                                      Their argument is that there are no added terms. The patch is provided under the GPL2, which means you can redistribute it freely.

                                      You won't be able to business with them anymore if you do, but that doesn't limit your ability to redistribute in any way.

                                • (Score: 2) by Immerman on Tuesday February 18 2020, @03:48PM

                                  by Immerman (3985) on Tuesday February 18 2020, @03:48PM (#959549)

                                  I suppose the question boils down to - does my threat to stop doing business with you in the future constitute a restriction on your rights to the GPL source I just gave you - or does it only constitute a restriction on our future business relationship?

                                  I could certainly see a court case going either way - but it could be a very long and protracted battle. Aftrer all, I am giving you the full source nder the GPL2, and you and anyone downstream are completely free to redistribute it. Unlike more typical clear-cut GPL violations, where the the full source of the derivative work is not made available under the GPL, and the infringer thus clearly has no license to redistribute the code.

        • (Score: 0) by Anonymous Coward on Monday February 17 2020, @09:34AM (2 children)

          by Anonymous Coward on Monday February 17 2020, @09:34AM (#959093)

          >You didn't, because you wanted to take from the commons of GPL stuff while not giving back, which is what the GPL was specifically designed to prevent. Or, if all else fails, you also had the option of shutting down your business and doing something else with your life.

          The GPL is completely toothless. No one ever sues anyone to enforce it.
          Spengler knows he isn't going to get sued, because an enforcement action in federal court would cost about $600,000 in legal fees for the plantiff to bring the enforcement suit.
          Yes, Spengler is BLATANTLY violating section 6 of version 2 of the GPL.
          He is violating the copyright on the linux kernel, he and his employees (Mathias Krause) are violating the copyright on GCC, with their plugins (assuming these are non-seperable works (which is RMS's view)).
          But he KNOWS he will not get sued.

          Also they have made over 1000 dollars off of this direct infringement, so they are also criminally liable.
          But he is confident he won't be prosecuted either.

          The GPL is TOOTHLESS.
          Because no one ever enforces it.
          It won't change until he is sued, like Cisco was sued. But the FSF threw out RMS so what likelyhood is there of that?

          • (Score: 1) by khallow on Monday February 17 2020, @10:06PM

            by khallow (3766) Subscriber Badge on Monday February 17 2020, @10:06PM (#959314) Journal

            The GPL is completely toothless. No one ever sues anyone to enforce it.

            Which only serves to illustrate your ignorance on the matter. For example, this story [qz.com]mentions two such lawsuits. I found several more lawsuits mentioned in a cursory search [duckduckgo.com].

            But he KNOWS he will not get sued.

            We'll see what comes of this. He's already lost at least a quarter of a million dollars (plus his own legal fees) on legal games. It might not come to a lawsuit, unless he feels he hasn't lost enough money yet.

            It won't change until he is sued, like Cisco was sued.

            Like here [arstechnica.com]? So you know of a lawsuit that was decided in favor of the GPL, and you still posted all that? I find it bizarre that you can make these absolute claims when you already know of counterexamples.

          • (Score: 2) by Immerman on Monday February 17 2020, @11:31PM

            by Immerman (3985) on Monday February 17 2020, @11:31PM (#959348)

            >The GPL is completely toothless. No one ever sues anyone to enforce it.

            Actually they do, but not often, because they don't have to.

            In almost every case, when someone is informed that they are violating the GPL and need to get into compliance they very rapidly do so. For the simple reason that the moment they ask their lawyers about it, they're informed that they have absolutely no leg to stand on. Without the GPL, they have no license to redistribute the code, and are in clear violation of copyright law with all the extreme fines and prison terms that makes them vulnerable to. Full compliance with the license is the *only* thing protecting them from blatant copyright infringement charges. And from the moment their violation is pointed out to them, all further distribution becomes willful infringement, and susceptible to enhanced damages. Not hard to find a lawyer that will work on consignment when the case is that clear cut, and the penalties that high.

      • (Score: 0) by Anonymous Coward on Monday February 17 2020, @09:19AM

        by Anonymous Coward on Monday February 17 2020, @09:19AM (#959088)

        >Linus (and the Linux Foundation) now have a very strong don't go to court approach to violations, they try to use velvet gloves wherever possible, so the truthiness of Bruce's conclusion will never be decided in court.

        That is not necessarily true. I don't know if you're ignorant or not, but neither Linus nor the Linux Foundation own the linux kernel copyrights in-toto. Linus never required copyright assignment. Any copyright holder who's work is touched by grsecurity can sue them for direct copyright infringement. That is potentially 1000s of claimants (which can be joined into one suit). Neither Linus nor the Linux Foundation would have any say.

        I don't know why you say there can't be a court battle? You're just wrong.

      • (Score: 0) by Anonymous Coward on Monday February 17 2020, @09:25AM (2 children)

        by Anonymous Coward on Monday February 17 2020, @09:25AM (#959090)

        Grsecurity is also violating the GCC copyrights with their GCC plugins with their no-redistribution clause (which is forbidden by the GPL), atleast following the RMS's opinion on the non-separability of plugins.

        Look: you can do business or not business with "whomever" you want, with you work. The same doesn't apply when you are subject to the copyright protections of other entities. They can say "no, you cannot engage in these acts with out work". Which the GPL states explicitly: no additional restrictions (GRSecurity blatantly adds such a restriction in writing)

        They should be sued by the FSF, and by the Linux Kernel copyright holders. Regardless of what Linus and the "linux foundation" want.

        • (Score: 0) by Anonymous Coward on Monday February 17 2020, @09:14PM (1 child)

          by Anonymous Coward on Monday February 17 2020, @09:14PM (#959288)

          "with their no-redistribution clause (which is forbidden by the GPL)"

          uhh, i don't think they modified the goddamn GPL when they distribute their modified kernel to their customers. lol.

          what they did, i believe, is not sell their kernel to anyone who doesn't sign a business contract that says if you redistribute this contract is severed.

          • (Score: 0) by Anonymous Coward on Tuesday February 18 2020, @11:54AM

            by Anonymous Coward on Tuesday February 18 2020, @11:54AM (#959495)

            uhh, i don't think they modified the goddamn GPL when they distribute their modified kernel to their customers. lol.

            You are an idiot.
            The GPL forbids adding additional restrictive terms between the licensee and whomever he distributes the GPL'd program to.
            It is not merely "you can't pen in additional terms on this piece of paper, lolZZZZ"
            It is: You may not add any additional terms at all between you and the recipient, weather they are on this piece of paper, or spoken, or on another piece of paper, or simply understood.

            Do you understand, fucking retard?

    • (Score: 1) by khallow on Sunday February 16 2020, @04:32PM (12 children)

      by khallow (3766) Subscriber Badge on Sunday February 16 2020, @04:32PM (#958825) Journal
      It never is the point of the courts to rule whether an opinion is right or not.
      • (Score: 1) by khallow on Sunday February 16 2020, @04:57PM (11 children)

        by khallow (3766) Subscriber Badge on Sunday February 16 2020, @04:57PM (#958835) Journal
        Hrmm, I bet I'm wrong on that somehow - never is a terrible word to use. But in general there's usually defenses against libel/slander that don't depend on the opinion being true (or when those defenses don't exist, the rightness of the opinion doesn't really matter either).
        • (Score: 0) by Anonymous Coward on Monday February 17 2020, @01:22AM (10 children)

          by Anonymous Coward on Monday February 17 2020, @01:22AM (#958960)

          An opinion is something that is it impossible to prove either the truth or the falsity of at the time it is made with the facts reasonably available. For example, "I think Microsoft is purposefully putting exploits in Windows" is an opinion when a random toddler says it but a mixed statement when Bill Gates says it and a statement of fact when Satya Nadella says it. The difference is the facts, expertise, special understanding, and perspectives available to the respective speakers. It is worth noting that some things are legally considered not to be pure statements because the very fact they are being made implies facts available to the speaker, such as "I think he has an STI" or "In my opinion, he is a thief."

          But in this case, none of those apply. There is no possible way for Perens's statement to be determined factually. No court has ruled on it, he has no legal expertise in interpretation of law, and the GPL has never been litigated in regards extrinsic restrictions. That is why, if you look at what OSS is asking, they want the Court to decide that they are not violating the GPL, and then make Perens liable for saying the false statements because he should have known he was communicating false facts in his "opinion" because such statements are false now.

          • (Score: 1) by khallow on Monday February 17 2020, @03:00AM (9 children)

            by khallow (3766) Subscriber Badge on Monday February 17 2020, @03:00AM (#959000) Journal

            But in this case, none of those apply. There is no possible way for Perens's statement to be determined factually. No court has ruled on it, he has no legal expertise in interpretation of law, and the GPL has never been litigated in regards extrinsic restrictions. That is why, if you look at what OSS is asking, they want the Court to decide that they are not violating the GPL, and then make Perens liable for saying the false statements because he should have known he was communicating false facts in his "opinion" because such statements are false now.

            Sure, there is. You already mentioned litigating the GPL with respect to this. That would be a necessary and sufficient test of the opinion. And Perens probably is knowledgeable enough to testify as an expert witness in such a case, meaning that he would have the necessary legal expertise in interpretation of law. And of course, a statement isn't a false fact, if it merely takes a lot of effort to test it!

            We can also exercise those gray cells and reason. The security "patches" are based on modifying the Linux kernel which is licensed under the GPL v.2.0 [opensource.org]. That license has clauses like:

            4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

            Making patches for said Program is modifying the Program (the Linux kernel) as per the license. OSS is thus subject to its terms.

            and (since it's low lying fruit) for Barbara Hudson who claimed that extreme circumstances could void the need for compliance with the license:

            7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all.For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.

            • (Score: 0) by Anonymous Coward on Monday February 17 2020, @03:53AM (4 children)

              by Anonymous Coward on Monday February 17 2020, @03:53AM (#959012)

              Perens, at the time he made the statements, had no possible way to determine with the facts available to him whether it was illegal or not. Until a court rules, the judgment is final, and the appeals exhausted, no one actually knows whether or not it is illegal. Unless Perens secretly has a time machine, he does not possess the facts necessary to rule on it. Even OSS's attorneys aren't saying it has been established. That is why they want a miniature trial to make that determination, and why they are arguing so hard to try and turn the defamation claim into other torts.

              Just listen to the exchange between OSS and the judges at oral arguments [uscourts.gov]. You'll see that the entire rebuttal is over whether or not the statement is true. Combined with the grilling OSS got on their open, you can see the clear picture of what that would paint, all sorts of experts and people giving their opinion would open themselves up to retroactive liability for offering their opinions on any sort of dispute, let alone a legal interpretation one.

              • (Score: 1) by khallow on Monday February 17 2020, @12:25PM (3 children)

                by khallow (3766) Subscriber Badge on Monday February 17 2020, @12:25PM (#959127) Journal

                Perens, at the time he made the statements, had no possible way to determine with the facts available to him whether it was illegal or not. Until a court rules, the judgment is final, and the appeals exhausted, no one actually knows whether or not it is illegal. Unless Perens secretly has a time machine, he does not possess the facts necessary to rule on it. Even OSS's attorneys aren't saying it has been established. That is why they want a miniature trial to make that determination, and why they are arguing so hard to try and turn the defamation claim into other torts.

                And OSS is paying Perens's legal fees because it was an idiotic lawsuit.

                Just listen to the exchange between OSS and the judges at oral arguments [uscourts.gov]. You'll see that the entire rebuttal is over whether or not the statement is true. Combined with the grilling OSS got on their open, you can see the clear picture of what that would paint, all sorts of experts and people giving their opinion would open themselves up to retroactive liability for offering their opinions on any sort of dispute, let alone a legal interpretation one.

                Why should I listen to that exchange? Who made what arguments? What "grilling" was doing and what is the "clear picture"?

                • (Score: 0) by Anonymous Coward on Monday February 17 2020, @09:51PM (2 children)

                  by Anonymous Coward on Monday February 17 2020, @09:51PM (#959306)

                  I see what is going on, you think I think this suit has merit. I do not. You seem to think that Perens will win because it will turn out to be correct, and therefore is correct now. I think Perens will win because this is covered by the opinion privilege. No court has decided a similar set of facts related to the GPL. This means that legally the truth of falsity of the statement is currently undetermined. So the legal analysis is whether all the facts he based it on were true, which are basically the text of the GPL, that OSS accepted the GPL, and that OSS has a patch agreement that affects access to future source if users exercise rights under the GPL to distribute patches, and that no court has determined whether an extrinsic restriction of this kind counts with the GPL.

                  Here is a baseball analogy. The very last pitch of the game the score is 0-0, bases loaded, 3 balls, 2 strikes, pitcher throws a pitch, the batter doesn't swing, and the catcher catches it. The universe is looped at that point for the duration of the pitch rewinds and replays repeatedly showing the same pitch. Except for for everyone but people in a particular town, and there is a house where some people are watching the game, One kid says, "Well we lost, that looks like a strike to me." Agreeing, a guy's wife tears up his betting slip calling him an idiot for losing their money. That guy goes to the kid and demands the kid pay him back his lost money because he thinks it is a ball and they won and therefore the kid cost him the money. They and everyone else can argue until the cows come home, they can go to the field and measure the pitch with surveying equipment, they can do whatever they want, but it doesn't matter. With the facts available that the time, it is impossible to tell.

                  It all comes down to how the particular umpire and video review system sees the strike zone and whether any part of the ball enters that pentagonal prism. That pitch isn't "officially" a strike or a ball until the officials make the call. In our analogy, OSS is the guy with the torn up slip asking and is asking for the court to start the normal flow of time, have the call of strike or ball made officially, and then hold the kid liable for the lost money if it turns out the kid is wrong.

                  The reason why this is important is because OSS basically wants to destroy the entire concept of voicing a legal opinion. Company A and Company B having a contract dispute? No one better say who they think is right, otherwise they'd be potentially liable to the other once the court rules. Saying publicly that you don't think a justification defense applies to a murder case? Better hope the jury agrees with you, otherwise you'd be liable if they don't. As those examples make clear, the entire idea of legal commentary is out the window or seriously curtailed under a system where that is allowed.

                  • (Score: 1) by khallow on Monday February 17 2020, @10:10PM (1 child)

                    by khallow (3766) Subscriber Badge on Monday February 17 2020, @10:10PM (#959318) Journal
                    I said:

                    And OSS is paying Perens's legal fees because it was an idiotic lawsuit.

                    You said:

                    I see what is going on, you think I think this suit has merit.

                    • (Score: 1) by khallow on Monday February 17 2020, @10:53PM

                      by khallow (3766) Subscriber Badge on Monday February 17 2020, @10:53PM (#959342) Journal
                      Apologies. I read "you think" not "you think I think".
            • (Score: 2) by Immerman on Monday February 17 2020, @11:36PM (3 children)

              by Immerman (3985) on Monday February 17 2020, @11:36PM (#959349)

              >If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all
              But you can. You get code from GRSecurity - and you're absolutely free to immediately redistribute it under the exact same GPL2 terms you received it under.

              • (Score: 0) by Anonymous Coward on Tuesday February 18 2020, @12:07PM (2 children)

                by Anonymous Coward on Tuesday February 18 2020, @12:07PM (#959497)

                Grsecurity's work is a non-seperable derivative work of the linux kernel, which is licensed under version 2 of the GPL.
                Do you understand this, dumbfuck? No? good.

                Grsecurity is NOT permitted to create derivative works of a copyrighted work by default: it is a violation of the Copyright owners rights.
                Do you understand this, dumbfuck? No? good.

                Grsecurity is ONLY permitted to create derivative works of a copyrighted work IF they get permission (license) to do so from the Copyright owner.
                Do you understand this, dumbfuck? No? good.

                This permission, regarding making non-seperable derivative works of the linux kernel, is called version 2 of the GPL.
                Do you understand this, dumbfuck? No? good.

                Version 2 of the GPL forbids a licensee, or creator of a derivative work, from, when distributing the derivative work, adding any additional terms in the agreement between him and whoever he is distributing the derivative work. See sections 6 and section 4.
                Do you understand this, dumbfuck? No? good.

                Grsecurity has chosen to add additional terms when distributing it's non-seperable derivative work of the linux kernel (and GCC aswell, they wanted to be through). Here are those additional terms: https://new.perens.com/wp-content/uploads/sites/4/2017/06/grsecstablepatchaccessagreement_additionalterms.pdf [perens.com]
                (including the "no redistribution or else" term proffered)
                Do you understand this, dumbfuck? No? good.

                Section 4 of the GPL version 2 revokes the licensee's (Grsecurity) permission to create and distribute derivative works.
                Do you understand this, dumbfuck? No? good.

                • (Score: 2) by Immerman on Tuesday February 18 2020, @02:27PM (1 child)

                  by Immerman (3985) on Tuesday February 18 2020, @02:27PM (#959521)

                  GRSecurity's patches ARE RELEASED UNDER GPL2 and can be freely redistributed.

                  If you distribute them, then GRSecuity will no longer do business with you - but that in no way limits your rights to distribute the code they've already sold you, which is the only thing the GPL2 covers.

                  • (Score: 0) by Anonymous Coward on Wednesday February 19 2020, @02:24AM

                    by Anonymous Coward on Wednesday February 19 2020, @02:24AM (#959749)
                    Hi, The GPLv2 license on the Linux Kernel (and GCC) forbids the offering of additional terms when distributing the Program or any derivative work.

                    The act of including an additional term such as
                    "you promise not to redistribute the work to 3rd parties, if you do we will not do any further business with you and will not refund your money" when distributing the work to a distributee, is such an additional term. The GPL governs the dealings you may and may not have with regard to the Linux Kernel and any derivative you make of it.
                    Such terms offered is a violation of the GPLv2.

                    Which is exactly what GRSecurity is doing: yes they're violating

                    If you distribute them, then GRSecuity will no longer do business with you - but that in no way limits your rights to distribute the code they've already sold you, which is the only thing the GPL2 covers.

                    Grsecurity violates the linux kernel and GCC licenses /when/ it offers the additional terms: terms who's purpose is to restrict the redistribution of the derivative work

  • (Score: 2) by hendrikboom on Sunday February 16 2020, @02:45PM

    by hendrikboom (1125) Subscriber Badge on Sunday February 16 2020, @02:45PM (#958798) Homepage Journal

    Of course I meant GPL instead of GLP.

  • (Score: 5, Interesting) by Arik on Sunday February 16 2020, @04:11PM (26 children)

    by Arik (4543) on Sunday February 16 2020, @04:11PM (#958817) Journal
    I actually found this interesting, though it's clearly a one-side fluff piece it makes one thing clear.

    Brad Spengler is a special kind of stupid. He not only lost in court, he lost so badly he had to pay the other parties attorney's fees! And yet the very next thing he does is this 'interview' where he just doubles down on his mistakes. Clearly a person who lives in a bubble made out of his own kool-aid, if I may mix my metaphors just a bit.

    You can see that breath-taking disconnect from reality right from the first paragraph of "responses."

    "Indeed, I do believe that had anyone else prominent in the community spoken up to defend our reputation, it may not have ultimately been necessary to pursue a case of defamation."

    No one in the community spoke up to defend your reputation, Mr Spengler, because your reputation in the community is indefensible. The sheer chutzpah embodied in this line of thought is nigh unbelievable. You're not a member of our community, you're a parasite that's attached itself to us.

    "Why neither the FSF nor SFC called out Perens when he was the clear outlier here, I don't know. "

    There's a simple answer - because he's not the "outlier." But Spengler is clearly either incapable of conceiving the truth, or incapable of admitting to it. I suppose only he really knows which is the case.

    There's a weird conspiracy theory bit about how all his troubles are caused by some purported "online troll" - I'm not sure where he thinks that's going to take him but I guess anything to distract from the facts is a good thing for him right now. Then he wanders off into this insane rambling bit where he's imagining Perens apologizing to him. Just when you think this guy can't possibly be a bigger arse, he steps up to the challenge and proves you wrong.

    He even gets around to attacking Linus eventually:

    "We had actually had someone meet Linus at a conference to ask him if he would correct that statement, knowing the way in which it was being misleadingly reported, but he would not. Again, nothing we can do about that.""

    Well no shit, he wasn't going to 'correct' that statement because it was not incorrect. The expectation is utterly absurd.

    At any rate, it might have been intended as a softball puff piece, but it turns out to be far more informative than was likely intended. Spengler is clearly one of those people that lives in his own fantasy world, where he's always the hero and his critics are not only wrong, they're evil 'trolls' to boot. I hope he gets the mental health care he needs, before he does more damage to himself and to others.

    --
    If laughter is the best medicine, who are the best doctors?
    • (Score: 1, Troll) by barbara hudson on Sunday February 16 2020, @04:34PM (23 children)

      by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Sunday February 16 2020, @04:34PM (#958827) Journal
      Who cares? Two jerks in a bum fight ... The guy is free to continue to sell his product, but most people still don't want it anyway, so nothing changes.

      Seriously, nothing changes, except to give a bit more credibility to those who say that open source carries risks. No shit, Sherlock - everything carries risks. Even breathing. With COVID-19, especially breathing!

      There's no real meat on this story.

      Now if Perens HAD been found guilty of libel, THAT would have been a story - albeit of the "man bites dog" filler occasionally seen on the news, because nobody cares.

      --
      SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
      • (Score: 2, Informative) by khallow on Sunday February 16 2020, @05:02PM (19 children)

        by khallow (3766) Subscriber Badge on Sunday February 16 2020, @05:02PM (#958838) Journal

        Seriously, nothing changes, except to give a bit more credibility to those who say that open source carries risks.

        Like what? What in this story couldn't happen with a closed source license? A common business game is to promise something and then take it away in the fine print, outright inaction, or to require some onerous business process. Nothing magically changes when open source licenses are involved as part of the game.

        • (Score: 1, Redundant) by barbara hudson on Sunday February 16 2020, @05:49PM (18 children)

          by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Sunday February 16 2020, @05:49PM (#958848) Journal
          He's still free to enter into contracts where the other party waived their rights to the source. And any lawsuits trying to prevent that would be tortious interference. If Spangler had said "sue me or fuck off" any such suit would fail, because people are free to enter into contracts that waive their non-statutory rights. Receiving the source is a non-statutory right. Parties are free to enter into contracts waiving it. No 3rd party can interfere with such a contract.
          --
          SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
          • (Score: 2) by sjames on Sunday February 16 2020, @09:06PM (17 children)

            by sjames (2882) on Sunday February 16 2020, @09:06PM (#958888) Journal

            Actually, that won't fly. GRSec is a work derived from the Linux kernel. Spengler's licence to distribute such a derived work AT ALL is contingent on him not asking the recipient to waive the rights granted under the GPL.

            In my opinion, Spengler's legal argument in the larger question is dangerously close to the hypothetical argument "I didn't mug him, he voluntarily handed me the money rather than risk being shot". ( Mr. Spengler, if you're reading this please note that this is my opinion and is stated as an opinion. I am not a laywer nor have I ever played one on TV.). That is, it's on thin ice.

            In the case at hand, Bruce was absolutely within his rights to offer his opinion that the whole thing was on thin ice. This was affirmed by the court. The court then doubled down by ruling that Bruce was so clearly within his rights that Spengler should pay the costs of defending those rights in court against his lawsuit.

            As is typical in cases where someone is sued for offering an opinion, the court did not rule on the correctness of the opinion itself, just on the right to state it.

            • (Score: 2) by barbara hudson on Sunday February 16 2020, @10:35PM (14 children)

              by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Sunday February 16 2020, @10:35PM (#958922) Journal

              is contingent on him not asking the recipient to waive the rights granted under the GPL.

              No such clause in the gpl restricting the recipient from waiving their rights. It's an interesting problem, same as when the person who did the distribution doesn't have the source and can't get it from the person they got the program from. They're not obligated to dig up the source elsewhere, and the law allows for nullity of any clause that is impossible. "Sorry, I got it from BitTorrent and I can't identify the individual source of each part of the program to ask them for the source of their chunk."

              The GPL didn't anticipate things such as multiple unidentifiable distributors of chunks of programs. Or the death of the distributor. I can ask others for a copy, but the license doesn't oblige them to give me one.

              --
              SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
              • (Score: 0) by Anonymous Coward on Sunday February 16 2020, @11:20PM (2 children)

                by Anonymous Coward on Sunday February 16 2020, @11:20PM (#958933)

                It's an interesting problem, same as when the person who did the distribution doesn't have the source and can't get it from the person they got the program from.

                If you can't respect the license, don't do anything the license doesn't allow you to.
                If you can't distribute the source together with the binaries for a GPL licensed software, don't distribute the binaries.

                • (Score: 2) by barbara hudson on Monday February 17 2020, @12:45AM (1 child)

                  by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Monday February 17 2020, @12:45AM (#958951) Journal
                  The GPL doesn't require you to distribute a copy of the source when you distribute the program. Read it. The only thing it requires is that you, for a period of 3 years, offer to make a copy of the source available, only to those you distribute it to.

                  So last week you download and distribute a program. This week people ask you for the source, you go to download a copy from the person you got it from, they're in a coma and their server is offline.

                  Do you have an obligation to obtain the source elsewhere? No, and in the case of modified software it may not even be possible if the only source is in a coma.

                  Are you in violation of the GPL? Again, no. As a matter of public policy, impossible contracts are void, and the GPL is a contract which is now attempting to impose an impossible obligation on you.

                  The GPL has a few flaws in it that give rise to anomalous situations where the GPL simply can't be applied.

                  --
                  SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
                  • (Score: 0) by Anonymous Coward on Monday February 17 2020, @08:47AM

                    by Anonymous Coward on Monday February 17 2020, @08:47AM (#959079)

                    The GPL doesn't require you to distribute a copy of the source when you distribute the program. Read it. The only thing it requires is that you, for a period of 3 years, offer to make a copy of the source available, only to those you distribute it to.

                    Yes. It requires the distributor of the binaries to make the source available at no more than nominal charge of distributing the said source.

                    So, as soon as someone asks for the source, you are obliged to distribute the source to them. If you fail to do this *and* continue to distribute the binary, then you are of course breaking the copyright law and can be held liable both in a civil or legal sense.

                    In essence, if you make some derivative work of GPL to general public, then your competitor could buy a copy and require you to provide source code. At that point they could just distribute it free of charge. And if you fail to produce source code, you are breaking GPL. If you fail to sell to them, you are breaking other laws. Have a nice day.

                    Are you in violation of the GPL? Again, no. As a matter of public policy, impossible contracts are void, and the GPL is a contract which is now attempting to impose an impossible obligation on you.

                    GPL is not a contract.

                    It's a copyright license. You are infringing copyright (breaking copyright laws) if you are distributing things without adhering to the said license.

              • (Score: 2) by sjames on Sunday February 16 2020, @11:47PM (10 children)

                by sjames (2882) on Sunday February 16 2020, @11:47PM (#958940) Journal

                If you didn't get the source from the person who distributed the binary to you, the license to distribute AT ALL is void but if it's GPL, you'll probably be cut some slack. But note that courts are rarely amused if you willfully create such a situation.

                • (Score: 2) by barbara hudson on Monday February 17 2020, @12:34AM (9 children)

                  by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Monday February 17 2020, @12:34AM (#958948) Journal
                  Nobody is required to download the source. The license is a distribution only license. The person who I got it from is dead? Then anyone who I distributed a copy of the program to who now wants the source is simply out of luck. I'm not required to obtain the source from elsewhere - and in the case of modified source, it's probably not possible even with an Ouija board. Force majeure is a real thing.

                  On top of that, what are the damages? Zero. So much for frivolous de minimus lawsuits.

                  And when I obtain it via BitTorrent or VPN, it's not possible to know who I got my copy from so I can't go back to them for the source. So if I give someone a copy, I'll tell them to read the warranty disclaimer that comes with all Linux distros - no warranty whatsoever, including no warranty of fitness for any purpose whatsoever. That would include no warranty of fitness to redistribute.

                  After all, my distro didn't even include a LICENSE.txt. Guess they want to save bandwidth.

                  --
                  SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
                  • (Score: 2) by sjames on Monday February 17 2020, @01:33AM (6 children)

                    by sjames (2882) on Monday February 17 2020, @01:33AM (#958967) Journal

                    But nobody is dead in this case. The source exists and is easily within Spenglerr's grasp.

                    Your suppositions are untested. They may never be tested since if the author of a program is dead and took the source to the grave, who would do the suing?

                    • (Score: 2) by barbara hudson on Monday February 17 2020, @02:01AM (5 children)

                      by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Monday February 17 2020, @02:01AM (#958979) Journal
                      You point out a fact that supports my argument. Nobody is suing Spangler for violating the GPL. That was my original point - this stupid lawsuit changed nothing. He is free to continue to distribute patches without the source and simply revoke the license of anyone who asks for the source. Since they no longer have a valid license,?they have no grounds for claiming a GPL license violation.

                      There's no getting around it because anyone who complains loses their license to the binary, so without a license to the binary, they can't demand the source.

                      After all, he's free not to license his code. Now what would make it even more interesting is if no original source is included in the patches. Then you can't even argue it's a derivative work. That's how I'd do it. And who could complain, if there was no GPL source in the patches? Someone could do a whole Linux work alike that way, nobody can complain. Or they could take FreeBSD code to make a works alike and again, no gpl hassles.

                      --
                      SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
                      • (Score: 2) by sjames on Monday February 17 2020, @02:45AM (3 children)

                        by sjames (2882) on Monday February 17 2020, @02:45AM (#958996) Journal

                        Nobody is, but they still have the option to do so. Thus, the thin ice.

                        As for what Spengler thought he had to gain by suing Perens, I can't imagine.

                        He was and is free to create a compatible not Linux kernel, but he didn't.

                        • (Score: 2) by barbara hudson on Monday February 17 2020, @03:52AM (2 children)

                          by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Monday February 17 2020, @03:52AM (#959011) Journal
                          Back in the 80s I'm sure I wasn't the only one modifying binaries with a hex editor. If I were to do that today I could redistribute the binaries and never give the source because there is no source, never was.

                          Now let's teach an AI to do that, modify the binary directly and by trial and error get closer to the desired outcome. No source (or technically the binary IS the source), so no requirement to redistribute "source code" to the mods. You're free to do a binary diff to see the changes, Since the binary is the only source that ever existed. There's no edit- compile-link-run cycle, no source code to compile, no object code to link in, so no requirement to distribute nonexistent sources.

                          Will this happen? Well, it's possible to do, so that pretty much guarantees that it's already being done by people who need to add spying capabilities to other countries hardware and software without having the source. The US 3-letter gangs are most certainly doing to to both domestic and foreign software and firmware.

                          Wouldn't be surprised if some crooks are trying it too. Because you simply don't need source code, just time and brains, or an artificial facsimile thereof.

                          As for commercial possibilities, since the end user is dependent on the hacker AI for future patches, they can either pay or not - and if they distribute the patches as they're allowed by the GPL, the hackerAI is free to cut them off from any future updates. All permitted under the GPL.

                          --
                          SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
                          • (Score: 2) by sjames on Monday February 17 2020, @06:18AM

                            by sjames (2882) on Monday February 17 2020, @06:18AM (#959057) Journal

                            Back in the '80s it was not even clear that copyright applied to software. Companies put copyright notices in just in case and as a deterrent to copying.

                            You're missing a fundamental point though. It's not GRsec CUSTOMERS who necessarily have a cause to sue, it'd the many authors of the Linux kernel. Any one of them might choose to sue at any time. Will the courts decide that a diff (source or binary) that depends on a copy of the original to produce a functional result is constructively distributing a derived work? Nobody can say for sure unless/until such a case is brought and winds it's way through the courts, but it is a distinct possibility.

                          • (Score: 2) by Immerman on Monday February 17 2020, @04:41PM

                            by Immerman (3985) on Monday February 17 2020, @04:41PM (#959201)

                            >Back in the 80s I'm sure I wasn't the only one modifying binaries with a hex editor. If I were to do that today I could redistribute the binaries and never give the source because there is no source, never was.

                            Except that the instant you distribute you're violating copyright law - unless you have a license that allows you to distribute. As some kid sharing stuff with friends in the pre-napster days, you were unlikely to get caught, but that doesn't make it any more legal.

                            Do that with any proprietary software, and the original copyright holder will be fully within their legal rights to come down on you like a ton of bricks for copyright infringement

                            Do that with GPLed software - and either you provide the source code on demand as required by the license, or the original copyright holder will be fully within their legal rights to come down on you like a ton of bricks for copyright infringement.

                            The GPL is the only thing allowing you to redistribute the code legally, so if you're not 100% in compliance with the license - including providing source code on demand, then you're automatically guilty of copyright infringement.

                            Sounds like GRSecurity isn't obviously violating the letter of the GPL, assuming they really do provide the source code on demand. But they're certainly violating the spirit.

                      • (Score: 2) by Runaway1956 on Monday February 17 2020, @05:48AM

                        by Runaway1956 (2926) Subscriber Badge on Monday February 17 2020, @05:48AM (#959045) Journal

                        He is free to continue to distribute patches without the source and simply revoke the license of anyone who asks for the source. Since they no longer have a valid license,?they have no grounds for claiming a GPL license violation.

                        That's some stupid shit right there. You have unwittingly allowed people to revoke licenses for all sorts of stupid-assed reasons. Remember the upskirt assholes, who could have revoked any license of any female who complained about their sexist attitudes? Or, how about a bunch of racist assholes, who can revoke your license for being the wrong complexion?

                        Asking for the source is most definitely NOT grounds for revoking a license when GPL is involved. Not even with BSD licensing would that be so. Complete and utter nonsense.

                  • (Score: 0) by Anonymous Coward on Friday February 21 2020, @05:16AM (1 child)

                    by Anonymous Coward on Friday February 21 2020, @05:16AM (#960594)

                    >" On top of that, what are the damages? Zero. So much for frivolous de minimus lawsuits. "

                    Owners of registered copyrighted works can pursue statutory damages, moron (and attorneys fees). Congress was ahead of you on this, you stupid fucking know-nothing idiot.

                    • (Score: 2) by barbara hudson on Friday February 21 2020, @02:21PM

                      by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Friday February 21 2020, @02:21PM (#960676) Journal
                      And yet the owners of registered copyrights rarely get the full statutory damages. Also, I've argued that people should register their copyright, but almost nobody does. Look at the copyright notices on open source projects - no copyright registration, no registration dates, so it's only actual damages, which are de minimus.

                      So who's the moron?

                      --
                      SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
            • (Score: 0) by Anonymous Coward on Monday February 17 2020, @05:46AM (1 child)

              by Anonymous Coward on Monday February 17 2020, @05:46AM (#959044)

              contingent on him not asking the recipient to waive the rights granted under the GPL.

              Right. Which GRSecurity isn't doing. They never placed a restriction in the legal sense; they could not have sued any customers who release GPL'ed code. But yes they sure as hell can stop supporting clients who do, nothing in the GPL says you have to provide support.

              This is simple. Why is this so hard for Lentils to get? Arik and you and Barb Hudson are all barking up the weirdest unrelated trees. I get it, I get it, you saw a squirrel, but calm down, we're not squirrel hunting.

      • (Score: 2) by Runaway1956 on Monday February 17 2020, @06:10AM (1 child)

        by Runaway1956 (2926) Subscriber Badge on Monday February 17 2020, @06:10AM (#959055) Journal

        Who cares?

        You obviously care a whole lot. You've devoted an entire page, defending the indefensible crotch biter, who cannot justify his actions in regard to the GPL.

        Just stop. It is indefensible. Spengler has no valid license under which to distribute the GPL'd code which he has altered. He has lost his license, because he has violated that license. At such time as some entity with deep enough pockets should press charges against Spengler, he can and will be forced to stop distributing GPL'd code to which he is unwilling to supply the source.

        • (Score: 0) by Anonymous Coward on Monday February 17 2020, @11:28AM

          by Anonymous Coward on Monday February 17 2020, @11:28AM (#959109)

          > At such time as some entity with deep enough pockets should press charges against Spengler,
          A copyright enforcement action in federal court is estimated to cost over half a million dollars.
          Spengler could also be criminally prosecuted as-well for criminal copyright infringement, since the amount garnished by his direct infringement is greater than $1k.

      • (Score: 2, Interesting) by Anonymous Coward on Monday February 17 2020, @11:20AM

        by Anonymous Coward on Monday February 17 2020, @11:20AM (#959108)

        >The guy is free to continue to sell his product,

        No he is not, he is violating the linux kernel license, and the GCC license.
        He is not free to continue to sell his product.
        He is criminally and civilly liable for direct copyright infringement and should be sued and prosecuted for such.
        (He's made over 1k from the direct infringement, which allows criminal penalties)

    • (Score: 2, Informative) by Anonymous Coward on Sunday February 16 2020, @05:03PM

      by Anonymous Coward on Sunday February 16 2020, @05:03PM (#958839)

      But Spengler is clearly either incapable of conceiving the truth, or incapable of admitting to it.

      "It is difficult to get a man to understand something when his salary depends upon his not understanding it." — Upton Sinclair

    • (Score: 2) by PartTimeZombie on Sunday February 16 2020, @08:15PM

      by PartTimeZombie (4827) on Sunday February 16 2020, @08:15PM (#958879)

      Clearly a person who lives in a bubble made out of his own kool-aid, if I may mix my metaphors just a bit.

      Hmm. All right, I'll allow it.

(1) 2