Slash Boxes

SoylentNews is people

posted by n1 on Thursday July 06 2017, @11:39AM   Printer-friendly
from the to-hell-with-gpl dept.

Bruce Perens warns of potential contributory infringement and breach of contract risk for customers of GRSecurity:

Grsecurity is a patch for the Linux kernel which, it is claimed, improves its security. It is a derivative work of the Linux kernel which touches the kernel internals in many different places. It is inseparable from Linux and can not work without it. it would fail a fair-use test (obviously, ask offline if you don’t understand). Because of its strongly derivative nature of the kernel, it must be under the GPL version 2 license, or a license compatible with the GPL and with terms no more restrictive than the GPL. Earlier versions were distributed under GPL version 2.

Currently, Grsecurity is a commercial product and is distributed only to paying customers. My understanding from several reliable sources is that customers are verbally or otherwise warned that if they redistribute the Grsecurity patch, as would be their right under the GPL, that they will be assessed a penalty: they will no longer be allowed to be customers, and will not be granted access to any further versions of Grsecurity. GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition.

By operating under their policy of terminating customer relations upon distribution of their GPL-licensed software, Open Source Security Inc., the owner of Grsecurity, creates an expectation that the customer’s business will be damaged by losing access to support and later versions of the product, if that customer exercises their re-distribution right under the GPL license. This is tantamount to the addition of a term to the GPL prohibiting distribution or creating a penalty for distribution. GPL section 6 specifically prohibits any addition of terms. Thus, the GPL license, which allows Grsecurity to create its derivative work of the Linux kernel, terminates, and the copyright of the Linux Kernel is infringed. The contract from the Linux kernel developers to both Grsecurity and the customer which is inherent in the GPL is breached.

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Thursday July 06 2017, @10:28PM (6 children)

    by Anonymous Coward on Thursday July 06 2017, @10:28PM (#535910)

    I do not believe GPL is violated here, at least not in any legal form. It is violated in spirit.

    Only recipients of BINARY produced with GPL source are entitles to the said source. There are much more blatant violations of this clause -- see many routers, TVs and other devices where you cannot get the source code for the Linux kernel or the drivers even if you legally acquire that product. That is a violation of GPL.

    The GRSec authors are not preventing redistribution of patches under GPLv2. They only add additional contractual clauses outside GPL that terminates their additional agreements in case they do. This is not additional condition to the license. These are external terms. Like if you are working for an employer that extends GPL software for internal-use only. Then some employee publishes the changes against their employment contract and gets terminated.

    So where is the violation?

  • (Score: 0) by Anonymous Coward on Friday July 07 2017, @01:00AM (4 children)

    by Anonymous Coward on Friday July 07 2017, @01:00AM (#535953)

    But punishing people for exercising their rights under the GPL is a violation of it.

    • (Score: 0) by Anonymous Coward on Friday July 07 2017, @05:09PM (3 children)

      by Anonymous Coward on Friday July 07 2017, @05:09PM (#536184)

      You'll never convince programmers of this. They believe the "no additional terms" clause in the GPL is some form of copyright protection against changing the text of the GPL, and that as-long as their additional term is on a napkin stapled to the License text, or in an email separate form the text, or communicated verbally, or through course of business... then it "isn't an additional term" and they're in the clear.

      That is: they believe they can attach any codicil they wish. They are BRILLIANT programmers and know everything about every field from birth.

      • (Score: 0) by Anonymous Coward on Saturday July 08 2017, @01:53PM (2 children)

        by Anonymous Coward on Saturday July 08 2017, @01:53PM (#536529)

        It's not programmers you have to convince but lawyers and judges.

        • (Score: 0) by Anonymous Coward on Sunday July 09 2017, @09:40AM

          by Anonymous Coward on Sunday July 09 2017, @09:40AM (#536785)

          GRSecurity is clearly violating the license grant (as has been explained at length).
          Convincing a Judge would not be difficult.

          Convincing Programmers that it is THEY who do not understand the Law and that their schemes are transparent to the Law and are nothing new... is what is difficult.
          Programmers believe they just know everything, weather in their field or not, especially White American Men.

          And, yes; IAAL.

        • (Score: 0) by Anonymous Coward on Sunday July 09 2017, @09:47AM

          by Anonymous Coward on Sunday July 09 2017, @09:47AM (#536789)

          >It's not programmers you have to convince but lawyers and judges.

          Yea, great comeback: other lawyers and a judge would ___surely___ be fooled by GRSecurity's codicil.

          GPLv2 says no additional terms (to agreement between GRSecurity and further distributees)
          GRSecurity creates codicil or side-bar agreement thus adding additional terms (to agreement between GRSecurity and further distributees).
          Programmers such as you snarkily say "hehehe you'd have to convince a lawyer or a Judge".

          Just stating the facts would be enough, without even an argument.

          But hey, programmer, you know far more about the law than lawyers and such right?

  • (Score: 0) by Anonymous Coward on Friday July 07 2017, @05:19PM

    by Anonymous Coward on Friday July 07 2017, @05:19PM (#536186)

    >by Anonymous Coward on Thursday July 06, @10:28PM (#535910)
    >I do not believe
    It does not matter what you believe. Your existence as a proud white programmer doesn't make you an expert on everything, though you may think it does. You may also believe that you can "control" a woman somehow when the police and state are opposed to you and anyone who can't is "weak" and it will be different for you because you are so smart you can convince her not to divorce you. Everything's fine. Only weak non-whites want to marry young girls instead of strong women like us white men who can take the challenge!

    Take a read of the license, and take a read of the lengthily explanations, also learn some law.

    And yes I am a Lawyer. And yes, your understanding is lacking.

    GRSecurity has added a term not present in the license grant the Linux-Kernel owners have extended to GRSecurity to the the agreement between GRSecurity and those to whom it is distributing the derivative work. This is explicitly forbidden. The Linux-Kernel copyright owners forbid such behavior in their license upon pain of automatic revocation.

    Argue all you want the other-way, I will likely not respond. If 5 pages of explanation aren't enough, then nothing can overcome the self-sure hubris.