SoylentNews is people
SoylentNews
Grsecurity is a patch for the Linux kernel which, it is claimed, improves its security. It is a derivative work of the Linux kernel which touches the kernel internals in many different places. It is inseparable from Linux and can not work without it. it would fail a fair-use test (obviously, ask offline if you don’t understand). Because of its strongly derivative nature of the kernel, it must be under the GPL version 2 license, or a license compatible with the GPL and with terms no more restrictive than the GPL. Earlier versions were distributed under GPL version 2.
Currently, Grsecurity is a commercial product and is distributed only to paying customers. My understanding from several reliable sources is that customers are verbally or otherwise warned that if they redistribute the Grsecurity patch, as would be their right under the GPL, that they will be assessed a penalty: they will no longer be allowed to be customers, and will not be granted access to any further versions of Grsecurity. GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition.
By operating under their policy of terminating customer relations upon distribution of their GPL-licensed software, Open Source Security Inc., the owner of Grsecurity, creates an expectation that the customer’s business will be damaged by losing access to support and later versions of the product, if that customer exercises their re-distribution right under the GPL license. This is tantamount to the addition of a term to the GPL prohibiting distribution or creating a penalty for distribution. GPL section 6 specifically prohibits any addition of terms. Thus, the GPL license, which allows Grsecurity to create its derivative work of the Linux kernel, terminates, and the copyright of the Linux Kernel is infringed. The contract from the Linux kernel developers to both Grsecurity and the customer which is inherent in the GPL is breached.
(Score: 1, Interesting) by Anonymous Coward on Thursday July 06 2017, @01:49PM (6 children)
If GRSECURITY is distributing patches it doesn't violate the GPL, or qualify as a derivative work, unless it explicitly includes copyrighted code from the linux kernel and doesn't qualify under the interoperation clauses. Otherwise the ZFS on Linux patches, BSD in general (go look at how many non-BSD licenses are available as both non-default and default build options in Open/Free/NetBSD kernels!) and many other things (including all software operating on top of Oracle/Microsoft operating systems!) would qualify as derived works and fall under the copyright jurisdiction of their relevant dictators.
Furthermore, what took Bruce so long? This happened like 4-5 years ago. It was discussed lots when they were closing it up, and there has been plenty of time for a lawsuit to make its way through the courts, if anybody cared, or if they were really in violation.
Given all this, I am inclined to ask: 'Who cares?'
GRSecurity was a big thing 20 years ago to about 10 years ago, but it is irrelevant today.
(Score: 4, Interesting) by pendorbound on Thursday July 06 2017, @02:06PM (1 child)
Read up on GPL and derivative work, as well as Linus' own writing [yarchive.net] on the topic. The key distinction between GRSec and ZFS is that ZFS is a driver originally written for another operating system that was ported to Linux. It's not a derived work because it is a work unto itself that was adapted to also work with Linux. Linus describes the AFS driver as, "something like a driver that was originally written for another operating system (ie clearly not a derived work of Linux in origin)."
GRSec is fundamentally different because it has no life without the kernel. It's designed explicitly and exclusively to be used with the kernel. Distributing it as patches *might* (but probably doesn't) exclude the patchset from being GPL. Problem for them is that it's distributed with the explicit intent of merging those patches with the base kernel. As soon as that merge is completed, the resulting work is GPL because the kernel is GPL. A user then has the freedom under the GPL to redistribute that resultant work under GPL. Any attempt to prevent them from doing so is a GPL violation. GRSec's threats against their customers distributing the resultant work is a violation.
(Score: 2) by Wootery on Friday July 07 2017, @08:59AM
This is the same reasoning Torvalds applies to nVidia's binary-blob graphics drivers. Strikes me as a fairly scary loophole, but where one should draw the line is a difficult question.
Obviously derivative: deeply-integrated Linux-specific machinery like SELinux. Obviously non-derivative: connecting to a web-server which happens to run Linux. Much lies between the two extremes.
Of course, in a court of law, it doesn't matter much what Torvalds and Stallman think the licence means.
(Score: 0) by Anonymous Coward on Thursday July 06 2017, @02:19PM (1 child)
Patch files include significant portions of the original work, so I think this argument is wrong on the face of it.
Uh no, this happened just a couple months ago (around March I think), when grsecurity pulled the public "testing" patches and started actually cancelling people's subscriptions for exercising permissions granted to them by the GPL. They were unhappy with the fact that KSPP was getting their stuff merged into mainline Linux.
I don't think this is a long-term successful plan for grsecurity because all the distributions hate them now, and the community isn't going to be putting in any effort to make sure things work with grsecurity anymore.
(Score: 2) by Bot on Thursday July 06 2017, @02:32PM
Eh, this is the side effect of the popularity of the GPL. It gets adopted by people for convenience, not because they believe in freedom. No matter how much you invest in a linux based project, what you get in return from it is an order of magnitude more. So, idealism aside, they are still in debt with free software, no matter what. And if they do not recognize this, I am afraid I am going to stop trusting them for everything else.
Account abandoned.
(Score: 4, Insightful) by Bot on Thursday July 06 2017, @02:27PM (1 child)
the patch will always be used with the kernel, so claiming it is not derivative is valid only for those people who will take the patch print it out, put the result in a frame and display it as modern art.
Account abandoned.
(Score: 4, Insightful) by requerdanos on Thursday July 06 2017, @03:48PM
There's interesting reading on this topic at grsecurity's web site, where they explain [grsecurity.net] that certain features are present in the, quote, "grsecurity kernels":
(Emphasis added)
grsecurity makes a strong case on this page that their product is a derivative of the stock Linux kernel, to which their grsecurity kernels are directly compared.