Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Thursday July 06 2017, @11:39AM   Printer-friendly
from the to-hell-with-gpl dept.

Bruce Perens warns of potential contributory infringement and breach of contract risk for customers of GRSecurity:

Grsecurity is a patch for the Linux kernel which, it is claimed, improves its security. It is a derivative work of the Linux kernel which touches the kernel internals in many different places. It is inseparable from Linux and can not work without it. it would fail a fair-use test (obviously, ask offline if you don’t understand). Because of its strongly derivative nature of the kernel, it must be under the GPL version 2 license, or a license compatible with the GPL and with terms no more restrictive than the GPL. Earlier versions were distributed under GPL version 2.

Currently, Grsecurity is a commercial product and is distributed only to paying customers. My understanding from several reliable sources is that customers are verbally or otherwise warned that if they redistribute the Grsecurity patch, as would be their right under the GPL, that they will be assessed a penalty: they will no longer be allowed to be customers, and will not be granted access to any further versions of Grsecurity. GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition.

By operating under their policy of terminating customer relations upon distribution of their GPL-licensed software, Open Source Security Inc., the owner of Grsecurity, creates an expectation that the customer’s business will be damaged by losing access to support and later versions of the product, if that customer exercises their re-distribution right under the GPL license. This is tantamount to the addition of a term to the GPL prohibiting distribution or creating a penalty for distribution. GPL section 6 specifically prohibits any addition of terms. Thus, the GPL license, which allows Grsecurity to create its derivative work of the Linux kernel, terminates, and the copyright of the Linux Kernel is infringed. The contract from the Linux kernel developers to both Grsecurity and the customer which is inherent in the GPL is breached.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Sunday July 09 2017, @03:50PM (1 child)

    by Anonymous Coward on Sunday July 09 2017, @03:50PM (#536842)

    That's what I thought and what they COULD have done, basically stating something like: "we reserve the right to cancel subscriptions at any time. Subscriptions are meant to help people secure their own systems, and we are thus likely to cancel subscriptions that are to a significant degreee used for other purposes". This likely would make it just a matter of "well, we do business only with certain types of customers".
    However they instead wrote it as a legal agreement, to the terms of which you have to agree, which to me seems like it would break any kind of justification like yours since it clearly makes it additional contract terms, which the GPL CLEARLY forbids.
    In which case the only way for them to be allowed to distribute the kernel or any derivative again (including patches, as long as they contain a relevant amount of code not written by them, and in particular including internal distribution like any of their developers doing a checkout from their version control system) would be to get every major kernel contributor to personally re-instantiate their license. Good that they didn't just piss most of those off...
    Either incredibly stupid, or the kind of people that bet everything on the chances of being able to get away with it. Either way, with that attitude it's no wonder their code was usually rejected.

  • (Score: 0) by Anonymous Coward on Wednesday July 12 2017, @09:43PM

    by Anonymous Coward on Wednesday July 12 2017, @09:43PM (#538372)

    "That's what I thought and what they COULD have done, basically stating something like: "we reserve the right to cancel subscriptions at any time. Subscriptions are meant to help people secure their own systems, and we are thus likely to cancel subscriptions that are to a significant degreee used for other purposes". This likely would make it just a matter of "well, we do business only with certain types of customers"."

    Nope. Once a pattern emerged and was known that they only cancel subscriptions of people who redistribute the patches it would be a clear case of imposing an additional terms through course of business practice. Terms can be written, verbal, or implicit. That would be an implicit additional term.

    You and the rest of the lay people here have to understand: the law has dealt with pretty much every issue you can come up with and... you don't know the law.