SoylentNews is people
SoylentNews
https://www.itwire.com/open-source/linux-kernel-patch-maker-says-court-case-was-only-way-out.html
The head of security firm Open Source Security, Brad Spengler, says he had little option but to file a lawsuit against open source advocate Bruce Perens, who alleged back in 2017 that security patches issued for the Linux kernel by OSS violated the licence under which the kernel is distributed.
The case ended last week with Perens coming out on the right side of things; after some back and forth, a court doubled down on its earlier decision that OSS must pay Perens' legal costs as awarded in June 2018.
The remainder of the article is an interview with Brad Spengler about the case and the issue.
iTWire contacted Spengler soon after the case ended, as he had promised to speak at length about the issue once all legal issues were done and dusted. Queries submitted by iTWire along with Spengler's answers in full are given below:
Previously:
Court Orders Payment of $259,900.50 to Bruce Perens' Attorneys
(Score: 2) by hendrikboom on Sunday February 16 2020, @02:44PM (73 children)
So I still don't know if the courts ruled that GRsecurity was in violation of the GLP, or merely that it was wrong to sue Perens for pointing out legal problems that may or may not exist.
(Score: 2) by barbara hudson on Sunday February 16 2020, @03:02PM (4 children)
In this case, though, who really gives a shit? Nerd fight is nerd fight.
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: -1, Troll) by Anonymous Coward on Sunday February 16 2020, @03:47PM (3 children)
Proving my point every single day. [soylentnews.org]
Please don't stop. You bring amusement to my life. Thank you!
Good on you!
(Score: 1, Offtopic) by barbara hudson on Sunday February 16 2020, @04:18PM (2 children)
I'm so happy that I can add a glimmer of purpose to your sordid existence. After all, I understand, haters gonna hate.
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Sunday February 16 2020, @06:21PM (1 child)
Get a room.
Seriously, no one cares.
(Score: -1, Offtopic) by Anonymous Coward on Sunday February 16 2020, @09:21PM
Lol, got some triggered little white bois in here.
Your hero lied to you again https://slate.com/news-and-politics/2020/02/white-house-memo-admits-no-imminent-threat-iran-soleimani-assassination.html [slate.com] but you like being a Nazi fuck so you'll just smile about it.
(Score: 5, Interesting) by FatPhil on Sunday February 16 2020, @03:14PM (54 children)
But the whole case was a farce anyway -
"""
Posted on June 28, 2017 by Bruce
Warning: Grsecurity: Potential contributory infringement and breach of contract risk for customers
It’s my strong opinion that your company should avoid the Grsecurity product sold at grsecurity.net because it presents a contributory infringement and breach of contract risk.
"""
*STRONG OPINION*.
You don't get much more protected speach than that. It's certainly true that he held and still holds that strong opinion. It was my strong opinion ages back, when I was an active kernel contributor for a commercial entity (and thus with IP issues left right and centre) that the GRSecurity licence was a gross violation of the GPL, and when Spanglypants decided to sue, he was just being a nob (I even agree with Bruce's SLAPP complaint). I'm glad the court system saw sense in this case, it so often doesn't.
Linus (and the Linux Foundation) now have a very strong don't go to court approach to violations, they try to use velvet gloves wherever possible, so the truthiness of Bruce's conclusion will never be decided in court.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: -1, Flamebait) by Anonymous Coward on Sunday February 16 2020, @03:19PM
Except when his strapped up wife gives him the fuck. Then he's just the household duck.
(Score: 5, Insightful) by Thexalon on Sunday February 16 2020, @03:33PM (48 children)
This has all the hallmarks of a SLAPP suit: The goal wasn't to win damages because there was never much chance of it, it was to punish Perens for saying something that hurt his company's bottom line. Perens didn't say anything that was provably untrue, but was sued for libel anyways, in an effort to force Perens to spend time and legal resources defending his statement. And I'm not surprised in the slightest that the payment of Perens' attorney's fees has been delayed for over a year, and won't be surprised if it somehow mysteriously never gets paid.
And no, Mr Spengler, this wasn't the "only way out": You have always had a way out: Release your patches under the GPL like you're supposed to, and switch to selling support or something like that. You didn't, because you wanted to take from the commons of GPL stuff while not giving back, which is what the GPL was specifically designed to prevent. Or, if all else fails, you also had the option of shutting down your business and doing something else with your life.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 3, Informative) by KilroySmith on Sunday February 16 2020, @04:20PM (44 children)
>>> Release your patches under the GPL like you're supposed to, and switch to selling support or something like that.
Well, having read TFA, Spengler says specifically that, in his view, the patches ARE released under the GPL. Anyone who receives them is free to provide them to anyone else.
Doing so terminates your support and updates contract with GRSecurity, so you'll no longer receive support and upgrades in the future, though. Perhaps Spengler is simply lying through his teeth; perhaps not. I'd love to hear a summary of Perens' opinion relative to this.
The GPL ties the hands of GRSecurity in many ways, but forcing them to forever support a customer that they no longer wish to do business with isn't one of those ties, IMHO.
(Score: 3, Informative) by khallow on Sunday February 16 2020, @04:38PM (5 children)
Sounds like it's not GPL then. GPL doesn't impose restrictions on one's ability to redistribute the code. And what happens if I just don't tell OSS that I'm redistributing the code under their GPL? I bet they have a reporting requirement which would also be a violation of the GPL.
Do you really think a business applying a penalty to exercising GPL rights as you describe in your prior quote is equivalent to a business being required to forever support a customer?
(Score: 2) by Immerman on Monday February 17 2020, @04:14PM (4 children)
Isn't that exactly what they said? You *are* free to redistribute the code - but exercising that freedom terminates your contract with GRSecurity, so that they'll no longer provide you with any future updates.
Slimy, but arguably a legal way to circumvent the spirit of the GPL. After all, the GPL doesn't guarantee access to *future* updates, just the ability to redistribute the code you already have. If you want to continue doing business with GRSecurity, then you have to obey their non-license contract requirements.
(Score: 1) by khallow on Monday February 17 2020, @05:56PM (2 children)
The problem is that GRSecurity in turn modified Linux kernel code and thus, is subject to the license requirements of the kernel code. That happens to be GPL 2. Thus, GRSecurity's modifications of the code are in turn also required to be distributed under GPL 2.0 without that constraint above, or they lose permission to modify the kernel code for their products.
(Score: 0) by Anonymous Coward on Monday February 17 2020, @08:39PM (1 child)
are you thick? no one is arguing that they are not required to release their code under the gpl. The argument is that they are not obligated to provide future updates or support if you violate their contract by redistributing. A "restriction" of the right to redistribute does not include me not giving you ponies for christmas until you die, ffs. An actual restriction would be me telling you you have to pay me $100 every time you redistribute, or you have to write a letter to every major newspaper/website explaining what a douche you are, every time you redistribute. Me saying "do what you want in regards to redistribution, but don't expect me to help you in the future" is not the same fucking thing, and evidently RMS has already acknowledged this.
(Score: 1) by khallow on Monday February 17 2020, @09:52PM
Which as has been repeatedly noted is a violation of the GPL 2.0 license for the Linux kernel.
Why in the world do you think that is relevant? Sure, you are right in that no one can force you to distribute code based on GPL 2.0 licensed code. But once you decide to distribute derivative code or programs (here, Linux kernel modifications), you have to follow the rules as outlined in the license.
Nope. The GRSecurity example is an actual restriction as well. Because if you don't follow the rules about not redistributing the code, you don't get the pony. That's a straightforward actual restriction on use.
Not all actual restrictions are the same fucking thing. There's an immense variety of ploys for restriction how you do things, that can range from the very explicit and straightforward to the very underhanded and covert. The GRSecurity example falls towards the former side. Now you know, right?
(Score: 0) by Anonymous Coward on Tuesday February 18 2020, @05:40PM
If your "free" comes with a "but" you're probably not free to do it.
For the tried and true car analogy, I'm "free" to drive at 120 MPH on the freeway, but exercising that freedom may result in a speeding ticket. Still, I'm "free" to try, right?
(Score: 4, Insightful) by Anonymous Coward on Sunday February 16 2020, @04:42PM (9 children)
Their product is a patch to the Linux kernel, making it a derivative work of the kernel, and thus the only reason why they can even distribute it all it is thanks to the GPL itself. It sounds like what they say is: "we distribute our patches to you under the GPL, but if you even try to exercise these other rights you supposedly have under it, we will stop giving you support and updates". That rather sounds a hell of a lot like they're adding extra terms to the license, prohibited by GPL section 6. It's not a matter of forcing them to forever support anyone. It's that they're adding extra terms and conditions to the redistribution of their patches in violation of the GPL.
(Score: 2) by Immerman on Monday February 17 2020, @04:23PM (8 children)
Except that they *aren't* adding any extra terms and conditions to the license - they give you the code, you can do whatever you want with it (within the terms of the GPL). But if you redistribute, you terminate your contract with GRSecurity and they don't give you any future updates.
Their contract puts no limitations on what you can do with the code they distribute, unless you want to maintain your business relationship with them. And the GPL says nothing about guaranteeing continued access to future updates from the original source, so they are almost certainly within the letter of the law - despite clearly violating the spirit. And one of the downsides of having a legal system rather than a justice system, is that the letter of the law is generally all that matters.
(Score: 1) by khallow on Monday February 17 2020, @06:06PM (7 children)
Which again doesn't terminate GRSecurity's obligations under the GPL 2.0 license [opensource.org].
Look at section 5 and 7. It says nothing about your "guaranteeing", but it does say that if you for whatever reason don't comply with the requirements of the GPL, then you lose the right to use, modify, or distribute the code. That would include distributing those patches.
(Score: 2) by Immerman on Monday February 17 2020, @08:38PM (6 children)
But (it sounds like) they *aren't* putting any other restrictions on redistributing the code - that's the point. They give you the code under the GPL, and freely acknowledge that you can redistribute it under the same terms. Nothing in their contract limits that in any way.
Basically, there's nothing stopping someone from entering into a GRSecurity contract, getting the code, and immediately sharing that code with the world. The code itself is completely free of any non-GPL requirements, and neither you, nor anyone downstream, will face any legal difficulties for doing so, as GRSecurity freely acknowledges your rights to do so.
Doing so terminates your contract with GRSecurity - but that's an independent business agreement, and in no way impairs your rights with respect to the GPLed code that they have already provided you.
If the contract with GRSecurity obligated you to not redistribute the code they provide, or imposed any other license limitations, then that would be a clear violation of the GPL - but it doesn't. You're free to redistribute their GPLed code - you just voluntarily terminate your contract in the process so that you won't get any future software from them. And nothing in the GPL explicitly states that other, unrelated (future performance) business agreements can't depend on your actions with GPLed code. Nothing in the GPL obligates them to continue doing business with you.
I'm sure lawyers could argue interminably over the details, but that's the point - GRSecurity has found a slimy way to skirt the limits of the GPL so that they aren't in clear violation. The fact that they (presumably, since they're still in business) haven't been pressured or sued by any major Linux stakeholders would suggest that the stakeholders' lawyers agree that it wouldn't be a cut-and-dried case, but instead a potentially long and expensive trial with a murky outcome.
(Score: 0) by Anonymous Coward on Monday February 17 2020, @09:00PM
i don't even think it's slimy anymore. i probably did at one time. it's just a way to make sure you (OSS, in this case) aren't enabling your competitors. They are still getting Free Software and they can do what they want with it, but if they want to copy it and create their own competing company, you don't have to help them do it going forward. It's definitely an interesting option for commercial Free Software. People who think FOSS should be all volunteer won't like any of that though.
(Score: 1) by khallow on Monday February 17 2020, @09:53PM (4 children)
Except of course, they cut off the supply if they catch you doing it. Which is a limit, contrary to assertion.
(Score: 2) by Immerman on Monday February 17 2020, @10:09PM (3 children)
It is a limit, but it's NOT a limit on your rights under the GPL - just on your future business dealing with them, which aren't covered by the GPL
(Score: 1) by khallow on Monday February 17 2020, @10:37PM
But it is a limit on OSS's rights under the GPL.
(Score: 0) by Anonymous Coward on Tuesday February 18 2020, @07:02AM (1 child)
>It is a limit, but it's NOT a limit on your rights under the GPL - just on your future business dealing with them, which aren't covered by the GPL
OSS is not allowed to proffer /any/, A_N_Y, additional terms OTHER than the GPL when distributing a derivative work of a GPL'd work. They are NOT allowed to make ANY "contract": they can ___ONLY___ give the terms of the GPL: that is IT.
They have put forth the GPL AND additional terms. That is FORBIDDEN by the linux copyright holders under section 6 and 4 of the GPL.
They do NOT have a license for linux kernel ANYMORE. That's RIGHT NOW.
Get it through your FUCKING head you MORON.
Linux Kernel is NOT their property. The Linux Kernel devs HAVE __BANNED__ certain business practices, regarding their Work. This is ONE of those banned practices.
(Score: 2) by Immerman on Tuesday February 18 2020, @03:29PM
>OSS is not allowed to proffer /any/, A_N_Y, additional terms OTHER than the GPL when distributing a derivative work of a GPL'd work.
And they are not doing so - they're providing the source to their derivative patches under the GPL2.
(Score: 5, Informative) by Arik on Sunday February 16 2020, @05:06PM (27 children)
Doing so terminates your support and updates contract with GRSecurity, so you'll no longer receive support and upgrades in the future, though."
That's exactly what he argues. He thinks he's found a loophole, and he's sticking to it.
But the GPL *explicitly* forbids this.
"4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance."
"6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License."
He's imposing further restrictions, in violation of 6, which means he no longer has a license under 4, by the plain language of GPL2.
"forcing them to forever support a customer that they no longer wish to do business with"
That's probably the best argument that can possibly be made here. It's still pretty weak though. No one's forcing them to do business with anyone. But given that their entire business is based on their access to linux under the GPL, violating it seems like a monumentally bad idea.
If laughter is the best medicine, who are the best doctors?
(Score: 2, Disagree) by KilroySmith on Sunday February 16 2020, @06:01PM (26 children)
>>> He's imposing further restrictions
I guess you and I will have to disagree on this. In my view, GRSecurity is not imposing any further restrictions on the code that has been distributed - the recipient and the community can redistribute under the GPL as required. The only thing that changes is the business relationship between GRSecurity and their customer, a relationship that the GPL is silent about.
(Score: 2) by Arik on Sunday February 16 2020, @06:39PM (2 children)
If laughter is the best medicine, who are the best doctors?
(Score: 2) by FatPhil on Monday February 17 2020, @12:14AM (1 child)
There are often sneaky ways round the GPL. I remember distributing .o files, including ones that had stubbed implementations of functions in a GPL library just so that I didn't have to release my source for a while. Wanna run my code? link it to the real GPL library yourself.
Nowadays I wouldn't bother, but I was dabbling in a pretty competitive field and didn't want to lose my edge.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 4, Interesting) by stormwyrm on Monday February 17 2020, @12:38AM
Numquam ponenda est pluralitas sine necessitate.
(Score: 0) by Anonymous Coward on Monday February 17 2020, @05:43AM (4 children)
I don't understand why these nerds can't get this. You're utterly correct. The terms of the GPL are with respect to code rights, NOT with respect to business dealings. GRSecurity isn't in any way removing their right to share the code - only stating a consequence in business if they do.
Ooh ooh I've got it! Here's a clearer example! So excited it's bolded!
Imagine:
* you're the release channel for security patches
* and one of your downstreams starts dumping into the wild as 0days
* The project and your patches are GPLed.
Are you required to keep them in your early distribution list? Of course not!
Are they blocked from rereleasing and GPLed code they get their hands on, from you or from your downstreams or from anywhere else? Of course not!
Arik, wise up - you get it from the example, I hope.
(Score: 0) by Anonymous Coward on Monday February 17 2020, @08:52AM
Your parents tell you that you can drive the car as long as you pay your own gas an insurance. Elsewhere they tell you that if you miss your 11:59 PM curfew you are punished in the future. The car agreement are with respect to driving rights, no with respect to curfew. They are in no way removing your right to drive the car after midnight, only stating the consequence in future punishments if you do.
(Score: 0) by Anonymous Coward on Monday February 17 2020, @11:03AM (2 children)
>The terms of the GPL are with respect to code rights, NOT with respect to business dealings
Wrong, the GPL governs business dealings with a nexus to the copyrighted Work. It explicitly forbids classes of business dealings with regard to the Work, which is a right of the Copyright holder (aslong as the ban does not impinge public policy (ie: discrimination against protected class)). Grsecurity is in violation of section 4 and 6. You are not allowed to add additional terms between you and the down-stream distributees that impinge on the permissions granted by the Copyright holder. You're simply not allowed to enter into, or proffer such additional terms between you and your customer: your license is voided once you poffer such terms.
And, yes, I am a lawyer:
https://s1.desu-usergeneratedcontent.xyz/g/image/1581/75/1581752208084.jpg [desu-usergeneratedcontent.xyz]
#ProtectFreeSoftware
#EnforceGPL
(Score: 0) by Anonymous Coward on Monday February 17 2020, @09:08PM (1 child)
"You are not allowed to add additional terms between you and the down-stream distributees that impinge on the permissions granted by the Copyright holder."
and they're not. the downstream distributees can distribute to their hearts content, but OSS doesn't have to deal with them anymore.
and no, i'm not a fucking shitweasel.
(Score: 1) by khallow on Monday February 17 2020, @10:51PM
Sorry, according to the GPL license, they do. I find it interesting how this conversation goes. The Perens side quotes the relevant clauses which OSS is in violation of and explains how those are violations. The OSS side just has vague feelings that certain restrictions aren't really restrictions. Nothing is ever justified except with bizarre non sequiturs (like claiming this is equivalent to forcing OSS to distribute code to everyone forever). One side uses reason. The other side does not.
By your tools of reason, you shall be known.
(Score: 1) by khallow on Monday February 17 2020, @06:20PM (17 children)
Then why would the subscription be terminated, if there were indeed no further restrictions on the code that was distributed? It obviously is a further restriction whether you choose to view it that way or not.
What's missing here is that GRSecurity is constrained by the GPL 2.0 license on the Linux kernel. They do not have the option to impose these additional restrictions on what can be distributed (as Arik noted), because otherwise they aren't allowed to distribute those changes at all. That is, their code and their subscription both inherit the GPL 2.0 restrictions from the Linux kernel. They aren't allowed by the license to term subscriptions for people who redistribute their code.
(Score: 2) by Immerman on Monday February 17 2020, @08:42PM (16 children)
Would redistributing the code put you in violation of any license or contract? No.
It would terminate the contract in accordance with its voluntary termination clause - but that's a restriction on the business agreement, not on the code.
(Score: 1) by khallow on Monday February 17 2020, @09:54PM (15 children)
It puts OSS in violation of the GPL 2.0 license on the Linux kernel.
(Score: 2) by Immerman on Monday February 17 2020, @10:20PM (14 children)
How, exactly?
If you had a GRSecurity contract, got their GPL2 patches, and gave them to me - *I* would see no limitations, the license is completely unchanged GPL2.
*You* would lose access to future updates from GRSecurity - but future updates aren't covered by the GPL.
(Score: 1) by khallow on Monday February 17 2020, @10:43PM (13 children)
There we go. The restriction/limit/etc that someone won't acknowledge as such.
Of course, they are covered by the GPL. The GPL doesn't force you to engage in GPL-covered activities, such as releasing modifications of GPL licensed programs, but when you do, you have to comply with the license, even if it's an activity in the future.
(Score: 2) by Immerman on Monday February 17 2020, @11:18PM (12 children)
Is the limit/restriction/etc on the licensed code? Or on your ability to redistribute it? No, you can redistribute to your hearts content under the exact same license, exactly as it requires.
There are *consequences* for distributing the code, but no *limitations or restrictions* on doing so. Exact language matters in law.
>Of course, they are covered by the GPL.
No, they aren't, because they don't exist yet.
They will probably exist eventually, and when they do, they will probably be released under the GPL (though it's always theoretically possible that alternate licenses might be negotiated with all the upstream contributors.)
But giving you code under the GPL today, doesn't put any obligation on me to give you more GPL code in the future.
(Score: 1) by khallow on Tuesday February 18 2020, @12:06AM (11 children)
Why are you still asking when it's been explained to you? For example, here [soylentnews.org]
or here
Further examples, here [soylentnews.org] and here [soylentnews.org]. These are all posts you replied to.
You even agree [soylentnews.org] at one point.
And don't constrain the recipient's rights under the GPL, which OSS does. Sorry, the GPL does more than just require access to source code on demand, it requires that you don't put constraints on distribution, even the relatively mild ones here, on downstream recipients of modified code. And yes, anything where even a relatively mild negative consequence/penalty follows redistribution, is a constraint/restriction/limit which is not allowed by the GPL 2.0 license.
(Score: 2) by Immerman on Tuesday February 18 2020, @01:22AM (10 children)
You seem to be operating under the assumption that putting constraints on future business transaction is equivalent to putting constraints on the licensed software. I don't see it, except in spirit. And the law is defined by the letter, not the spirit.
I sell you a copy of ImmerOffice, and give you the full source code under the GPL. At that point I have fulfilled my legal obligation under the GPL.
I then tell you that if you redistribute that code, I won't do business with you any more.
I have not in any way revoked or limited any of the rights I already granted you, I have simply put conditions on you doing business with me in the future.
It certainly violates the spirit of the GPL, especially for a product where regular updates are essential to the functionality, but nothing in the GPL actually requires me to continue doing business with you. I haven't altered what you can legally do with the software I already sold you in any way. I've only conditionally limited your ability to continue doing business with me.
(Score: 1) by khallow on Tuesday February 18 2020, @01:45AM (4 children)
At first, I thought I understood what you were saying. The GPL 2.0 license does put constraints on present and future business transactions when they impinge on the license. But you seem to be claiming that "putting constraints on the licensed software" was something we were discussing? We weren't. We were discussing how the GPL 2.0 license constrains (or as you claim, doesn't constrain) OSS's restrictions on use of their product (since it is a modification of the Linux kernel which makes the GRSecurity subject to the GPL 2.0 license requirements), like penalizing customers who exercise a GPL prerogative to distribute GPL licensed code.
The software itself is not constrained.
(Score: 2) by Immerman on Tuesday February 18 2020, @02:13AM (3 children)
>The GPL 2.0 license does put constraints on present and future business transactions when they impinge on the license.
Where, exactly, in the GPL2 does it put limitations on future transactions?
>But you seem to be claiming that "putting constraints on the licensed software" was something we were discussing?
Yes, we are. That's what the GPL is all about. So long as I give you the source code under the same GPL license that I received it, with no furtter limitations or restrictions on what you can do with it, my obligations under the GPL are fulfilled.
I sold you ImmerOffice, a derivative work of GPL2 software. I gave you the source under the exact same GPL2 license as I received the upstream version under. My obligations under the GPL2 license that I received from upstream are completely satisfied. You can spread that source and software far and wide, and there's nothing I can do about it.
Nothing I do from that point forward matters to *that* GPL-bound transaction. You have the source, you can do whatever you want with it (subject to GPL2). But I am under no obligation to do any further business with you.
A year later you want to buy the latest version from me. I can sell it to you or not - that's completely up to me. If I choose to only sell the latest version to people who didn't redistribute the previous version, that in no way limits your ability to redistribute the previous version. It only limits your ability to get access to the current version.
(Score: 1) by khallow on Tuesday February 18 2020, @03:44AM (2 children)
There's no time limit on any of the limitations listed in the GPL 2.0. The whole thing applies to the indefinite future.
You mention no such way that GPL puts constraints on the licensed software. In reality, it puts constraints instead on the use, modification, ownership, distribution, etc of the software.
False. If you have continued to distribute future modifications of ImmerOffice which continue to be derivative from GPL code, then you continue to be subject to the terms of the GPL of the original code. And contrary to your assertion, you remain under obligation from that GPL license to do such things as provide access to your code for anyone, even those whom you don't do business with.
What other contract can be voided merely because there is a future?
(Score: 2) by Immerman on Tuesday February 18 2020, @03:13PM (1 child)
>You mention no such way that GPL puts constraints on the licensed software. In reality, it puts constraints instead on the use, modification, ownership, distribution, etc of the software.
Yes - either you adhere to the terms of the GPL2, or you can't redistribute. The GPL2 grants you a bunch of new rights - but only so long as you adhere to its limitations (full source release, no new license restrictions, etc on downstream code.) Use and modification are actually completely unrestricted, your GPL2 obligations are only triggered by distribution. Which is why Google can run their own custom version of Linux and other GPL2 software within their organization without sharing the source. As I recall that's one of the many things GPL3 changed.
>If you have continued to distribute future modifications of ImmerOffice which continue to be derivative from GPL code, then you continue to be subject to the terms of the GPL of the original code. And contrary to your assertion, you remain under obligation from that GPL license to do such things as provide access to your code for anyone, even those whom you don't do business with.
Actually, no. Read the GPL2 very carefully - you're only required to provide the GPL2ed source to people to whom you distribute the derivative work*. Most people make the source available to everyone out of convenience (if customers can re-share it anyway, why bother with all the trouble of limiting access), but e.g. if you sold shrink-wrapped GPL2 software bundled with the complete source on the same DVD as the software, then your obligations have been fully met and you don't need to do make the source available in any other form.
If I sell you ImmerOffice v1, then I am required to give you the full source to ImmerOffice v1 under the GPL2 either bundled or upon request. However, I have no obligation to provide you source code to v2 unless I have provided you with that version of the software. If I refuse to sell v2 you, then I don't have to give you the source to v2. Anyone I *do* sell to is still entitled to get the GPL2 source, and can give it to you freely - but that has nothing to do with me. Except that I would then refuse to sell them v3 or provide them with the source to that version.
*Clause 3 of the GPL2
Hmm...I hadn't actually remembered the "any third party" bit on subsection (b) - It would seem that if I don't provide you the source up front, bundled with the software, then I would indeed have to make it available to everyone. However, so long as I bundled the source, I'm home free. And in the case of a patch... well the patch is almost certainly delivered in source form to begin with, is it not?
(Score: 1) by khallow on Tuesday February 18 2020, @06:20PM
And you are also "only" required to "not impose any further restrictions on the recipients' exercise of the rights granted herein". Sorry, but OSS's gimmick of not doing business with you if you exercise the right to redistribute is a restriction and would covered by the license. They are limited by the license as to what restrictions they can impose on their customers, section 3 notwithstanding.
(Score: 0) by Anonymous Coward on Tuesday February 18 2020, @07:16AM (4 children)
When using some other Copyright holder's Work licensed to you under the terms of version 2 of the GPL: The GPL governs you, the licensee's business dealings with any future distributees where there is a nexus with the GPL'd work. It _FORBIDS_ you to engage in any contracting that adds ANY addtional terms between YOU and the Distributee. See section 6 and 4. You simply are NOT allowed to create such contracts between you the licensee and the distributees. When you DO create such a contract, your license is /IMMEDIATLY/ revoked (section 4). The MOMENT you offer additional terms, in a situation where the GPL'd Work (of another) is implicated.
. Wrong.
You have now violated section 6 and section 4 of the GPL. The Copyright owners forbid such business dealings, weather you like it or not, mr american buisnesss man. The Copyrighted Work is NOT your property, it is NOT your posession, it is the COPYRIGHT OWNERS PROPERTY, and he may RESCIND your PERMISSION to use HIS PROPERTY at his LEASURE. Here he has chosen to rescind the license when you implicate his Work in a negative covenant inconsistent with the proffered terms.
Wrong: you have engaged in behavior forbidden by the Owner of the Copyrighted work, and have lost your PERMISSION to use his work, as stated in section 4. You no-longer have a license and hence-forth are implicated in Copyright infringement.
It violates the text of section 6 and section 4. And yes, I am a lawyer. You should be sued in such a case. The Copyrighted work is NOT your property. It is NOT an item you have title to. You merely have permission to use another's property (like if you were /licensed/ to walk over someone's land), which is revoked at the owners leisure. The owner has stated that the permission is revoked if you add any additional terms between you and anyone you distribute the Work (or any derivative there-of) to. Which you have done so. No more license.
(Score: 2) by Immerman on Tuesday February 18 2020, @03:26PM (2 children)
Where does it say you can't add any further terms to the transaction? It says you can't add any further *restrictions* to the
So long as I provide you the full source under GPL2, then I'm putting no further restrictions on you redistributing it as you see fit. Threatening to refuse to do any further business with you if you exercise those rights, doesn't actually restrict your rights - it just restricts your future business dealings with me. You're perfectly free to flip me off and redistribute the source I gave you.
I don't see that section 4 is directly relevant, until we establish that I have indeed violated section 6.
(Score: 0) by Anonymous Coward on Wednesday February 19 2020, @02:42AM (1 child)
Grsecurity is a modification of the Program. They are modifying the Program, and sublicensing it, with added terms. They are in violation.
Additionally, A consequence, aswell as A negative covenant, is a restriction.
They are violating the license on two counts, not just one count.
(Score: 2) by Immerman on Wednesday February 19 2020, @03:55AM
Their argument is that there are no added terms. The patch is provided under the GPL2, which means you can redistribute it freely.
You won't be able to business with them anymore if you do, but that doesn't limit your ability to redistribute in any way.
(Score: 2) by Immerman on Tuesday February 18 2020, @03:48PM
I suppose the question boils down to - does my threat to stop doing business with you in the future constitute a restriction on your rights to the GPL source I just gave you - or does it only constitute a restriction on our future business relationship?
I could certainly see a court case going either way - but it could be a very long and protracted battle. Aftrer all, I am giving you the full source nder the GPL2, and you and anyone downstream are completely free to redistribute it. Unlike more typical clear-cut GPL violations, where the the full source of the derivative work is not made available under the GPL, and the infringer thus clearly has no license to redistribute the code.
(Score: 0) by Anonymous Coward on Monday February 17 2020, @09:34AM (2 children)
>You didn't, because you wanted to take from the commons of GPL stuff while not giving back, which is what the GPL was specifically designed to prevent. Or, if all else fails, you also had the option of shutting down your business and doing something else with your life.
The GPL is completely toothless. No one ever sues anyone to enforce it.
Spengler knows he isn't going to get sued, because an enforcement action in federal court would cost about $600,000 in legal fees for the plantiff to bring the enforcement suit.
Yes, Spengler is BLATANTLY violating section 6 of version 2 of the GPL.
He is violating the copyright on the linux kernel, he and his employees (Mathias Krause) are violating the copyright on GCC, with their plugins (assuming these are non-seperable works (which is RMS's view)).
But he KNOWS he will not get sued.
Also they have made over 1000 dollars off of this direct infringement, so they are also criminally liable.
But he is confident he won't be prosecuted either.
The GPL is TOOTHLESS.
Because no one ever enforces it.
It won't change until he is sued, like Cisco was sued. But the FSF threw out RMS so what likelyhood is there of that?
(Score: 1) by khallow on Monday February 17 2020, @10:06PM
Which only serves to illustrate your ignorance on the matter. For example, this story [qz.com]mentions two such lawsuits. I found several more lawsuits mentioned in a cursory search [duckduckgo.com].
We'll see what comes of this. He's already lost at least a quarter of a million dollars (plus his own legal fees) on legal games. It might not come to a lawsuit, unless he feels he hasn't lost enough money yet.
Like here [arstechnica.com]? So you know of a lawsuit that was decided in favor of the GPL, and you still posted all that? I find it bizarre that you can make these absolute claims when you already know of counterexamples.
(Score: 2) by Immerman on Monday February 17 2020, @11:31PM
>The GPL is completely toothless. No one ever sues anyone to enforce it.
Actually they do, but not often, because they don't have to.
In almost every case, when someone is informed that they are violating the GPL and need to get into compliance they very rapidly do so. For the simple reason that the moment they ask their lawyers about it, they're informed that they have absolutely no leg to stand on. Without the GPL, they have no license to redistribute the code, and are in clear violation of copyright law with all the extreme fines and prison terms that makes them vulnerable to. Full compliance with the license is the *only* thing protecting them from blatant copyright infringement charges. And from the moment their violation is pointed out to them, all further distribution becomes willful infringement, and susceptible to enhanced damages. Not hard to find a lawyer that will work on consignment when the case is that clear cut, and the penalties that high.
(Score: 0) by Anonymous Coward on Monday February 17 2020, @09:19AM
>Linus (and the Linux Foundation) now have a very strong don't go to court approach to violations, they try to use velvet gloves wherever possible, so the truthiness of Bruce's conclusion will never be decided in court.
That is not necessarily true. I don't know if you're ignorant or not, but neither Linus nor the Linux Foundation own the linux kernel copyrights in-toto. Linus never required copyright assignment. Any copyright holder who's work is touched by grsecurity can sue them for direct copyright infringement. That is potentially 1000s of claimants (which can be joined into one suit). Neither Linus nor the Linux Foundation would have any say.
I don't know why you say there can't be a court battle? You're just wrong.
(Score: 0) by Anonymous Coward on Monday February 17 2020, @09:25AM (2 children)
Grsecurity is also violating the GCC copyrights with their GCC plugins with their no-redistribution clause (which is forbidden by the GPL), atleast following the RMS's opinion on the non-separability of plugins.
Look: you can do business or not business with "whomever" you want, with you work. The same doesn't apply when you are subject to the copyright protections of other entities. They can say "no, you cannot engage in these acts with out work". Which the GPL states explicitly: no additional restrictions (GRSecurity blatantly adds such a restriction in writing)
They should be sued by the FSF, and by the Linux Kernel copyright holders. Regardless of what Linus and the "linux foundation" want.
(Score: 0) by Anonymous Coward on Monday February 17 2020, @09:14PM (1 child)
"with their no-redistribution clause (which is forbidden by the GPL)"
uhh, i don't think they modified the goddamn GPL when they distribute their modified kernel to their customers. lol.
what they did, i believe, is not sell their kernel to anyone who doesn't sign a business contract that says if you redistribute this contract is severed.
(Score: 0) by Anonymous Coward on Tuesday February 18 2020, @11:54AM
You are an idiot.
The GPL forbids adding additional restrictive terms between the licensee and whomever he distributes the GPL'd program to.
It is not merely "you can't pen in additional terms on this piece of paper, lolZZZZ"
It is: You may not add any additional terms at all between you and the recipient, weather they are on this piece of paper, or spoken, or on another piece of paper, or simply understood.
Do you understand, fucking retard?
(Score: 1) by khallow on Sunday February 16 2020, @04:32PM (12 children)
(Score: 1) by khallow on Sunday February 16 2020, @04:57PM (11 children)
(Score: 0) by Anonymous Coward on Monday February 17 2020, @01:22AM (10 children)
An opinion is something that is it impossible to prove either the truth or the falsity of at the time it is made with the facts reasonably available. For example, "I think Microsoft is purposefully putting exploits in Windows" is an opinion when a random toddler says it but a mixed statement when Bill Gates says it and a statement of fact when Satya Nadella says it. The difference is the facts, expertise, special understanding, and perspectives available to the respective speakers. It is worth noting that some things are legally considered not to be pure statements because the very fact they are being made implies facts available to the speaker, such as "I think he has an STI" or "In my opinion, he is a thief."
But in this case, none of those apply. There is no possible way for Perens's statement to be determined factually. No court has ruled on it, he has no legal expertise in interpretation of law, and the GPL has never been litigated in regards extrinsic restrictions. That is why, if you look at what OSS is asking, they want the Court to decide that they are not violating the GPL, and then make Perens liable for saying the false statements because he should have known he was communicating false facts in his "opinion" because such statements are false now.
(Score: 1) by khallow on Monday February 17 2020, @03:00AM (9 children)
Sure, there is. You already mentioned litigating the GPL with respect to this. That would be a necessary and sufficient test of the opinion. And Perens probably is knowledgeable enough to testify as an expert witness in such a case, meaning that he would have the necessary legal expertise in interpretation of law. And of course, a statement isn't a false fact, if it merely takes a lot of effort to test it!
We can also exercise those gray cells and reason. The security "patches" are based on modifying the Linux kernel which is licensed under the GPL v.2.0 [opensource.org]. That license has clauses like:
Making patches for said Program is modifying the Program (the Linux kernel) as per the license. OSS is thus subject to its terms.
and (since it's low lying fruit) for Barbara Hudson who claimed that extreme circumstances could void the need for compliance with the license:
(Score: 0) by Anonymous Coward on Monday February 17 2020, @03:53AM (4 children)
Perens, at the time he made the statements, had no possible way to determine with the facts available to him whether it was illegal or not. Until a court rules, the judgment is final, and the appeals exhausted, no one actually knows whether or not it is illegal. Unless Perens secretly has a time machine, he does not possess the facts necessary to rule on it. Even OSS's attorneys aren't saying it has been established. That is why they want a miniature trial to make that determination, and why they are arguing so hard to try and turn the defamation claim into other torts.
Just listen to the exchange between OSS and the judges at oral arguments [uscourts.gov]. You'll see that the entire rebuttal is over whether or not the statement is true. Combined with the grilling OSS got on their open, you can see the clear picture of what that would paint, all sorts of experts and people giving their opinion would open themselves up to retroactive liability for offering their opinions on any sort of dispute, let alone a legal interpretation one.
(Score: 1) by khallow on Monday February 17 2020, @12:25PM (3 children)
And OSS is paying Perens's legal fees because it was an idiotic lawsuit.
Why should I listen to that exchange? Who made what arguments? What "grilling" was doing and what is the "clear picture"?
(Score: 0) by Anonymous Coward on Monday February 17 2020, @09:51PM (2 children)
I see what is going on, you think I think this suit has merit. I do not. You seem to think that Perens will win because it will turn out to be correct, and therefore is correct now. I think Perens will win because this is covered by the opinion privilege. No court has decided a similar set of facts related to the GPL. This means that legally the truth of falsity of the statement is currently undetermined. So the legal analysis is whether all the facts he based it on were true, which are basically the text of the GPL, that OSS accepted the GPL, and that OSS has a patch agreement that affects access to future source if users exercise rights under the GPL to distribute patches, and that no court has determined whether an extrinsic restriction of this kind counts with the GPL.
Here is a baseball analogy. The very last pitch of the game the score is 0-0, bases loaded, 3 balls, 2 strikes, pitcher throws a pitch, the batter doesn't swing, and the catcher catches it. The universe is looped at that point for the duration of the pitch rewinds and replays repeatedly showing the same pitch. Except for for everyone but people in a particular town, and there is a house where some people are watching the game, One kid says, "Well we lost, that looks like a strike to me." Agreeing, a guy's wife tears up his betting slip calling him an idiot for losing their money. That guy goes to the kid and demands the kid pay him back his lost money because he thinks it is a ball and they won and therefore the kid cost him the money. They and everyone else can argue until the cows come home, they can go to the field and measure the pitch with surveying equipment, they can do whatever they want, but it doesn't matter. With the facts available that the time, it is impossible to tell.
It all comes down to how the particular umpire and video review system sees the strike zone and whether any part of the ball enters that pentagonal prism. That pitch isn't "officially" a strike or a ball until the officials make the call. In our analogy, OSS is the guy with the torn up slip asking and is asking for the court to start the normal flow of time, have the call of strike or ball made officially, and then hold the kid liable for the lost money if it turns out the kid is wrong.
The reason why this is important is because OSS basically wants to destroy the entire concept of voicing a legal opinion. Company A and Company B having a contract dispute? No one better say who they think is right, otherwise they'd be potentially liable to the other once the court rules. Saying publicly that you don't think a justification defense applies to a murder case? Better hope the jury agrees with you, otherwise you'd be liable if they don't. As those examples make clear, the entire idea of legal commentary is out the window or seriously curtailed under a system where that is allowed.
(Score: 1) by khallow on Monday February 17 2020, @10:10PM (1 child)
You said:
(Score: 1) by khallow on Monday February 17 2020, @10:53PM
(Score: 2) by Immerman on Monday February 17 2020, @11:36PM (3 children)
>If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all
But you can. You get code from GRSecurity - and you're absolutely free to immediately redistribute it under the exact same GPL2 terms you received it under.
(Score: 0) by Anonymous Coward on Tuesday February 18 2020, @12:07PM (2 children)
Grsecurity's work is a non-seperable derivative work of the linux kernel, which is licensed under version 2 of the GPL.
Do you understand this, dumbfuck? No? good.
Grsecurity is NOT permitted to create derivative works of a copyrighted work by default: it is a violation of the Copyright owners rights.
Do you understand this, dumbfuck? No? good.
Grsecurity is ONLY permitted to create derivative works of a copyrighted work IF they get permission (license) to do so from the Copyright owner.
Do you understand this, dumbfuck? No? good.
This permission, regarding making non-seperable derivative works of the linux kernel, is called version 2 of the GPL.
Do you understand this, dumbfuck? No? good.
Version 2 of the GPL forbids a licensee, or creator of a derivative work, from, when distributing the derivative work, adding any additional terms in the agreement between him and whoever he is distributing the derivative work. See sections 6 and section 4.
Do you understand this, dumbfuck? No? good.
Grsecurity has chosen to add additional terms when distributing it's non-seperable derivative work of the linux kernel (and GCC aswell, they wanted to be through). Here are those additional terms: https://new.perens.com/wp-content/uploads/sites/4/2017/06/grsecstablepatchaccessagreement_additionalterms.pdf [perens.com]
(including the "no redistribution or else" term proffered)
Do you understand this, dumbfuck? No? good.
Section 4 of the GPL version 2 revokes the licensee's (Grsecurity) permission to create and distribute derivative works.
Do you understand this, dumbfuck? No? good.
(Score: 2) by Immerman on Tuesday February 18 2020, @02:27PM (1 child)
GRSecurity's patches ARE RELEASED UNDER GPL2 and can be freely redistributed.
If you distribute them, then GRSecuity will no longer do business with you - but that in no way limits your rights to distribute the code they've already sold you, which is the only thing the GPL2 covers.
(Score: 0) by Anonymous Coward on Wednesday February 19 2020, @02:24AM
The act of including an additional term such as
"you promise not to redistribute the work to 3rd parties, if you do we will not do any further business with you and will not refund your money" when distributing the work to a distributee, is such an additional term. The GPL governs the dealings you may and may not have with regard to the Linux Kernel and any derivative you make of it.
Such terms offered is a violation of the GPLv2.
Which is exactly what GRSecurity is doing: yes they're violating
Grsecurity violates the linux kernel and GCC licenses /when/ it offers the additional terms: terms who's purpose is to restrict the redistribution of the derivative work