Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Sunday February 16 2020, @02:22PM   Printer-friendly
from the no-way-out dept.

https://www.itwire.com/open-source/linux-kernel-patch-maker-says-court-case-was-only-way-out.html

The head of security firm Open Source Security, Brad Spengler, says he had little option but to file a lawsuit against open source advocate Bruce Perens, who alleged back in 2017 that security patches issued for the Linux kernel by OSS violated the licence under which the kernel is distributed.

The case ended last week with Perens coming out on the right side of things; after some back and forth, a court doubled down on its earlier decision that OSS must pay Perens' legal costs as awarded in June 2018.

The remainder of the article is an interview with Brad Spengler about the case and the issue.

iTWire contacted Spengler soon after the case ended, as he had promised to speak at length about the issue once all legal issues were done and dusted. Queries submitted by iTWire along with Spengler's answers in full are given below:

Previously:
Court Orders Payment of $259,900.50 to Bruce Perens' Attorneys


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Informative) by KilroySmith on Sunday February 16 2020, @04:20PM (44 children)

    by KilroySmith (2113) on Sunday February 16 2020, @04:20PM (#958822)

    >>> Release your patches under the GPL like you're supposed to, and switch to selling support or something like that.
    Well, having read TFA, Spengler says specifically that, in his view, the patches ARE released under the GPL. Anyone who receives them is free to provide them to anyone else.
    Doing so terminates your support and updates contract with GRSecurity, so you'll no longer receive support and upgrades in the future, though. Perhaps Spengler is simply lying through his teeth; perhaps not. I'd love to hear a summary of Perens' opinion relative to this.

    The GPL ties the hands of GRSecurity in many ways, but forcing them to forever support a customer that they no longer wish to do business with isn't one of those ties, IMHO.

    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 3, Informative) by khallow on Sunday February 16 2020, @04:38PM (5 children)

    by khallow (3766) Subscriber Badge on Sunday February 16 2020, @04:38PM (#958828) Journal

    Doing so terminates your support and updates contract with GRSecurity, so you'll no longer receive support and upgrades in the future, though. Perhaps Spengler is simply lying through his teeth; perhaps not. I'd love to hear a summary of Perens' opinion relative to this.

    Sounds like it's not GPL then. GPL doesn't impose restrictions on one's ability to redistribute the code. And what happens if I just don't tell OSS that I'm redistributing the code under their GPL? I bet they have a reporting requirement which would also be a violation of the GPL.

    The GPL ties the hands of GRSecurity in many ways, but forcing them to forever support a customer that they no longer wish to do business with isn't one of those ties, IMHO.

    Do you really think a business applying a penalty to exercising GPL rights as you describe in your prior quote is equivalent to a business being required to forever support a customer?

    • (Score: 2) by Immerman on Monday February 17 2020, @04:14PM (4 children)

      by Immerman (3985) on Monday February 17 2020, @04:14PM (#959194)

      Isn't that exactly what they said? You *are* free to redistribute the code - but exercising that freedom terminates your contract with GRSecurity, so that they'll no longer provide you with any future updates.

      Slimy, but arguably a legal way to circumvent the spirit of the GPL. After all, the GPL doesn't guarantee access to *future* updates, just the ability to redistribute the code you already have. If you want to continue doing business with GRSecurity, then you have to obey their non-license contract requirements.

      • (Score: 1) by khallow on Monday February 17 2020, @05:56PM (2 children)

        by khallow (3766) Subscriber Badge on Monday February 17 2020, @05:56PM (#959228) Journal

        You *are* free to redistribute the code - but exercising that freedom terminates your contract with GRSecurity, so that they'll no longer provide you with any future updates.

        The problem is that GRSecurity in turn modified Linux kernel code and thus, is subject to the license requirements of the kernel code. That happens to be GPL 2. Thus, GRSecurity's modifications of the code are in turn also required to be distributed under GPL 2.0 without that constraint above, or they lose permission to modify the kernel code for their products.

        • (Score: 0) by Anonymous Coward on Monday February 17 2020, @08:39PM (1 child)

          by Anonymous Coward on Monday February 17 2020, @08:39PM (#959272)

          are you thick? no one is arguing that they are not required to release their code under the gpl. The argument is that they are not obligated to provide future updates or support if you violate their contract by redistributing. A "restriction" of the right to redistribute does not include me not giving you ponies for christmas until you die, ffs. An actual restriction would be me telling you you have to pay me $100 every time you redistribute, or you have to write a letter to every major newspaper/website explaining what a douche you are, every time you redistribute. Me saying "do what you want in regards to redistribution, but don't expect me to help you in the future" is not the same fucking thing, and evidently RMS has already acknowledged this.

          • (Score: 1) by khallow on Monday February 17 2020, @09:52PM

            by khallow (3766) Subscriber Badge on Monday February 17 2020, @09:52PM (#959307) Journal

            The argument is that they are not obligated to provide future updates or support if you violate their contract by redistributing.

            Which as has been repeatedly noted is a violation of the GPL 2.0 license for the Linux kernel.

            A "restriction" of the right to redistribute does not include me not giving you ponies for christmas until you die, ffs.

            Why in the world do you think that is relevant? Sure, you are right in that no one can force you to distribute code based on GPL 2.0 licensed code. But once you decide to distribute derivative code or programs (here, Linux kernel modifications), you have to follow the rules as outlined in the license.

            An actual restriction would be me telling you you have to pay me $100 every time you redistribute, or you have to write a letter to every major newspaper/website explaining what a douche you are, every time you redistribute.

            Nope. The GRSecurity example is an actual restriction as well. Because if you don't follow the rules about not redistributing the code, you don't get the pony. That's a straightforward actual restriction on use.

            Me saying "do what you want in regards to redistribution, but don't expect me to help you in the future" is not the same fucking thing

            Not all actual restrictions are the same fucking thing. There's an immense variety of ploys for restriction how you do things, that can range from the very explicit and straightforward to the very underhanded and covert. The GRSecurity example falls towards the former side. Now you know, right?

      • (Score: 0) by Anonymous Coward on Tuesday February 18 2020, @05:40PM

        by Anonymous Coward on Tuesday February 18 2020, @05:40PM (#959601)

        You *are* free to redistribute the code - but ...

        If your "free" comes with a "but" you're probably not free to do it.

        For the tried and true car analogy, I'm "free" to drive at 120 MPH on the freeway, but exercising that freedom may result in a speeding ticket. Still, I'm "free" to try, right?

  • (Score: 4, Insightful) by Anonymous Coward on Sunday February 16 2020, @04:42PM (9 children)

    by Anonymous Coward on Sunday February 16 2020, @04:42PM (#958830)

    The GPL ties the hands of GRSecurity in many ways, but forcing them to forever support a customer that they no longer wish to do business with isn't one of those ties, IMHO.

    Their product is a patch to the Linux kernel, making it a derivative work of the kernel, and thus the only reason why they can even distribute it all it is thanks to the GPL itself. It sounds like what they say is: "we distribute our patches to you under the GPL, but if you even try to exercise these other rights you supposedly have under it, we will stop giving you support and updates". That rather sounds a hell of a lot like they're adding extra terms to the license, prohibited by GPL section 6. It's not a matter of forcing them to forever support anyone. It's that they're adding extra terms and conditions to the redistribution of their patches in violation of the GPL.

    • (Score: 2) by Immerman on Monday February 17 2020, @04:23PM (8 children)

      by Immerman (3985) on Monday February 17 2020, @04:23PM (#959197)

      Except that they *aren't* adding any extra terms and conditions to the license - they give you the code, you can do whatever you want with it (within the terms of the GPL). But if you redistribute, you terminate your contract with GRSecurity and they don't give you any future updates.

      Their contract puts no limitations on what you can do with the code they distribute, unless you want to maintain your business relationship with them. And the GPL says nothing about guaranteeing continued access to future updates from the original source, so they are almost certainly within the letter of the law - despite clearly violating the spirit. And one of the downsides of having a legal system rather than a justice system, is that the letter of the law is generally all that matters.

      • (Score: 1) by khallow on Monday February 17 2020, @06:06PM (7 children)

        by khallow (3766) Subscriber Badge on Monday February 17 2020, @06:06PM (#959230) Journal

        But if you redistribute, you terminate your contract with GRSecurity and they don't give you any future updates.

        Which again doesn't terminate GRSecurity's obligations under the GPL 2.0 license [opensource.org].

        And the GPL says nothing about guaranteeing continued access to future updates from the original source

        Look at section 5 and 7. It says nothing about your "guaranteeing", but it does say that if you for whatever reason don't comply with the requirements of the GPL, then you lose the right to use, modify, or distribute the code. That would include distributing those patches.

        5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.

        [...]

        7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.

        • (Score: 2) by Immerman on Monday February 17 2020, @08:38PM (6 children)

          by Immerman (3985) on Monday February 17 2020, @08:38PM (#959271)

          But (it sounds like) they *aren't* putting any other restrictions on redistributing the code - that's the point. They give you the code under the GPL, and freely acknowledge that you can redistribute it under the same terms. Nothing in their contract limits that in any way.

          Basically, there's nothing stopping someone from entering into a GRSecurity contract, getting the code, and immediately sharing that code with the world. The code itself is completely free of any non-GPL requirements, and neither you, nor anyone downstream, will face any legal difficulties for doing so, as GRSecurity freely acknowledges your rights to do so.

          Doing so terminates your contract with GRSecurity - but that's an independent business agreement, and in no way impairs your rights with respect to the GPLed code that they have already provided you.

          If the contract with GRSecurity obligated you to not redistribute the code they provide, or imposed any other license limitations, then that would be a clear violation of the GPL - but it doesn't. You're free to redistribute their GPLed code - you just voluntarily terminate your contract in the process so that you won't get any future software from them. And nothing in the GPL explicitly states that other, unrelated (future performance) business agreements can't depend on your actions with GPLed code. Nothing in the GPL obligates them to continue doing business with you.

          I'm sure lawyers could argue interminably over the details, but that's the point - GRSecurity has found a slimy way to skirt the limits of the GPL so that they aren't in clear violation. The fact that they (presumably, since they're still in business) haven't been pressured or sued by any major Linux stakeholders would suggest that the stakeholders' lawyers agree that it wouldn't be a cut-and-dried case, but instead a potentially long and expensive trial with a murky outcome.

          • (Score: 0) by Anonymous Coward on Monday February 17 2020, @09:00PM

            by Anonymous Coward on Monday February 17 2020, @09:00PM (#959284)

            i don't even think it's slimy anymore. i probably did at one time. it's just a way to make sure you (OSS, in this case) aren't enabling your competitors. They are still getting Free Software and they can do what they want with it, but if they want to copy it and create their own competing company, you don't have to help them do it going forward. It's definitely an interesting option for commercial Free Software. People who think FOSS should be all volunteer won't like any of that though.

          • (Score: 1) by khallow on Monday February 17 2020, @09:53PM (4 children)

            by khallow (3766) Subscriber Badge on Monday February 17 2020, @09:53PM (#959309) Journal

            They give you the code under the GPL, and freely acknowledge that you can redistribute it under the same terms. Nothing in their contract limits that in any way.

            Except of course, they cut off the supply if they catch you doing it. Which is a limit, contrary to assertion.

            • (Score: 2) by Immerman on Monday February 17 2020, @10:09PM (3 children)

              by Immerman (3985) on Monday February 17 2020, @10:09PM (#959317)

              It is a limit, but it's NOT a limit on your rights under the GPL - just on your future business dealing with them, which aren't covered by the GPL

              • (Score: 1) by khallow on Monday February 17 2020, @10:37PM

                by khallow (3766) Subscriber Badge on Monday February 17 2020, @10:37PM (#959333) Journal

                but it's NOT a limit on your rights under the GPL

                But it is a limit on OSS's rights under the GPL.

              • (Score: 0) by Anonymous Coward on Tuesday February 18 2020, @07:02AM (1 child)

                by Anonymous Coward on Tuesday February 18 2020, @07:02AM (#959463)

                >It is a limit, but it's NOT a limit on your rights under the GPL - just on your future business dealing with them, which aren't covered by the GPL

                OSS is not allowed to proffer /any/, A_N_Y, additional terms OTHER than the GPL when distributing a derivative work of a GPL'd work. They are NOT allowed to make ANY "contract": they can ___ONLY___ give the terms of the GPL: that is IT.

                They have put forth the GPL AND additional terms. That is FORBIDDEN by the linux copyright holders under section 6 and 4 of the GPL.
                They do NOT have a license for linux kernel ANYMORE. That's RIGHT NOW.

                Get it through your FUCKING head you MORON.
                Linux Kernel is NOT their property. The Linux Kernel devs HAVE __BANNED__ certain business practices, regarding their Work. This is ONE of those banned practices.

                • (Score: 2) by Immerman on Tuesday February 18 2020, @03:29PM

                  by Immerman (3985) on Tuesday February 18 2020, @03:29PM (#959540)

                  >OSS is not allowed to proffer /any/, A_N_Y, additional terms OTHER than the GPL when distributing a derivative work of a GPL'd work.
                  And they are not doing so - they're providing the source to their derivative patches under the GPL2.

  • (Score: 5, Informative) by Arik on Sunday February 16 2020, @05:06PM (27 children)

    by Arik (4543) on Sunday February 16 2020, @05:06PM (#958841) Journal
    "Well, having read TFA, Spengler says specifically that, in his view, the patches ARE released under the GPL. Anyone who receives them is free to provide them to anyone else.
    Doing so terminates your support and updates contract with GRSecurity, so you'll no longer receive support and upgrades in the future, though."

    That's exactly what he argues. He thinks he's found a loophole, and he's sticking to it.

    But the GPL *explicitly* forbids this.

    "4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance."

    "6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License."

    He's imposing further restrictions, in violation of 6, which means he no longer has a license under 4, by the plain language of GPL2.

    "forcing them to forever support a customer that they no longer wish to do business with"

    That's probably the best argument that can possibly be made here. It's still pretty weak though. No one's forcing them to do business with anyone. But given that their entire business is based on their access to linux under the GPL, violating it seems like a monumentally bad idea.
    --
    If laughter is the best medicine, who are the best doctors?
    • (Score: 2, Disagree) by KilroySmith on Sunday February 16 2020, @06:01PM (26 children)

      by KilroySmith (2113) on Sunday February 16 2020, @06:01PM (#958856)

      >>> He's imposing further restrictions
      I guess you and I will have to disagree on this. In my view, GRSecurity is not imposing any further restrictions on the code that has been distributed - the recipient and the community can redistribute under the GPL as required. The only thing that changes is the business relationship between GRSecurity and their customer, a relationship that the GPL is silent about.

      • (Score: 2) by Arik on Sunday February 16 2020, @06:39PM (2 children)

        by Arik (4543) on Sunday February 16 2020, @06:39PM (#958867) Journal
        I'm rather at a loss to even respond to that. It's hard to think of a clearer case. I suspect your theory wouldn't survive the first meeting with the judge.
        --
        If laughter is the best medicine, who are the best doctors?
        • (Score: 2) by FatPhil on Monday February 17 2020, @12:14AM (1 child)

          by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Monday February 17 2020, @12:14AM (#958945) Homepage
          I'm with you, and khallow, and obviously Bruce and the judge, on this - thanks for your useful contributions to the thread. Hating to be devils advocate, I'm sure there is a way to achieve almost everything that mr spanglypants wants through a a clear (perhaps clean room, different companies) separation of the patches and the support contracts. He should have hired a more savvy lawyer when setting up his business(es) in the first place.

          There are often sneaky ways round the GPL. I remember distributing .o files, including ones that had stubbed implementations of functions in a GPL library just so that I didn't have to release my source for a while. Wanna run my code? link it to the real GPL library yourself.

          Nowadays I wouldn't bother, but I was dabbling in a pretty competitive field and didn't want to lose my edge.
          --
          Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
          • (Score: 4, Interesting) by stormwyrm on Monday February 17 2020, @12:38AM

            by stormwyrm (717) on Monday February 17 2020, @12:38AM (#958949) Journal
            IIRC, NeXT tried to do that with GCC, but the FSF warned them that was still a GPL violation. Apparently NeXT legal agreed, and that's the reason why GCC wound up with an Objective-C front end. And why Steve Jobs hated the GPL.
            --
            Numquam ponenda est pluralitas sine necessitate.
      • (Score: 0) by Anonymous Coward on Monday February 17 2020, @05:43AM (4 children)

        by Anonymous Coward on Monday February 17 2020, @05:43AM (#959043)

        I don't understand why these nerds can't get this. You're utterly correct. The terms of the GPL are with respect to code rights, NOT with respect to business dealings. GRSecurity isn't in any way removing their right to share the code - only stating a consequence in business if they do.

        Ooh ooh I've got it! Here's a clearer example! So excited it's bolded!
        Imagine:
        * you're the release channel for security patches
        * and one of your downstreams starts dumping into the wild as 0days
        * The project and your patches are GPLed.
        Are you required to keep them in your early distribution list? Of course not!
        Are they blocked from rereleasing and GPLed code they get their hands on, from you or from your downstreams or from anywhere else? Of course not!

        Arik, wise up - you get it from the example, I hope.

        • (Score: 0) by Anonymous Coward on Monday February 17 2020, @08:52AM

          by Anonymous Coward on Monday February 17 2020, @08:52AM (#959080)

          Your parents tell you that you can drive the car as long as you pay your own gas an insurance. Elsewhere they tell you that if you miss your 11:59 PM curfew you are punished in the future. The car agreement are with respect to driving rights, no with respect to curfew. They are in no way removing your right to drive the car after midnight, only stating the consequence in future punishments if you do.

        • (Score: 0) by Anonymous Coward on Monday February 17 2020, @11:03AM (2 children)

          by Anonymous Coward on Monday February 17 2020, @11:03AM (#959104)

          >The terms of the GPL are with respect to code rights, NOT with respect to business dealings

          Wrong, the GPL governs business dealings with a nexus to the copyrighted Work. It explicitly forbids classes of business dealings with regard to the Work, which is a right of the Copyright holder (aslong as the ban does not impinge public policy (ie: discrimination against protected class)). Grsecurity is in violation of section 4 and 6. You are not allowed to add additional terms between you and the down-stream distributees that impinge on the permissions granted by the Copyright holder. You're simply not allowed to enter into, or proffer such additional terms between you and your customer: your license is voided once you poffer such terms.

          And, yes, I am a lawyer:
          https://s1.desu-usergeneratedcontent.xyz/g/image/1581/75/1581752208084.jpg [desu-usergeneratedcontent.xyz]
          #ProtectFreeSoftware
          #EnforceGPL

          • (Score: 0) by Anonymous Coward on Monday February 17 2020, @09:08PM (1 child)

            by Anonymous Coward on Monday February 17 2020, @09:08PM (#959287)

            "You are not allowed to add additional terms between you and the down-stream distributees that impinge on the permissions granted by the Copyright holder."

            and they're not. the downstream distributees can distribute to their hearts content, but OSS doesn't have to deal with them anymore.

            and no, i'm not a fucking shitweasel.

            • (Score: 1) by khallow on Monday February 17 2020, @10:51PM

              by khallow (3766) Subscriber Badge on Monday February 17 2020, @10:51PM (#959340) Journal

              but OSS doesn't have to deal with them anymore.

              Sorry, according to the GPL license, they do. I find it interesting how this conversation goes. The Perens side quotes the relevant clauses which OSS is in violation of and explains how those are violations. The OSS side just has vague feelings that certain restrictions aren't really restrictions. Nothing is ever justified except with bizarre non sequiturs (like claiming this is equivalent to forcing OSS to distribute code to everyone forever). One side uses reason. The other side does not.

              By your tools of reason, you shall be known.

      • (Score: 1) by khallow on Monday February 17 2020, @06:20PM (17 children)

        by khallow (3766) Subscriber Badge on Monday February 17 2020, @06:20PM (#959233) Journal

        In my view, GRSecurity is not imposing any further restrictions on the code that has been distributed - the recipient and the community can redistribute under the GPL as required.

        Then why would the subscription be terminated, if there were indeed no further restrictions on the code that was distributed? It obviously is a further restriction whether you choose to view it that way or not.

        What's missing here is that GRSecurity is constrained by the GPL 2.0 license on the Linux kernel. They do not have the option to impose these additional restrictions on what can be distributed (as Arik noted), because otherwise they aren't allowed to distribute those changes at all. That is, their code and their subscription both inherit the GPL 2.0 restrictions from the Linux kernel. They aren't allowed by the license to term subscriptions for people who redistribute their code.

        • (Score: 2) by Immerman on Monday February 17 2020, @08:42PM (16 children)

          by Immerman (3985) on Monday February 17 2020, @08:42PM (#959275)

          Would redistributing the code put you in violation of any license or contract? No.

          It would terminate the contract in accordance with its voluntary termination clause - but that's a restriction on the business agreement, not on the code.

          • (Score: 1) by khallow on Monday February 17 2020, @09:54PM (15 children)

            by khallow (3766) Subscriber Badge on Monday February 17 2020, @09:54PM (#959310) Journal

            Would redistributing the code put you in violation of any license or contract? No.

            It puts OSS in violation of the GPL 2.0 license on the Linux kernel.

            • (Score: 2) by Immerman on Monday February 17 2020, @10:20PM (14 children)

              by Immerman (3985) on Monday February 17 2020, @10:20PM (#959326)

              How, exactly?

              If you had a GRSecurity contract, got their GPL2 patches, and gave them to me - *I* would see no limitations, the license is completely unchanged GPL2.

              *You* would lose access to future updates from GRSecurity - but future updates aren't covered by the GPL.

              • (Score: 1) by khallow on Monday February 17 2020, @10:43PM (13 children)

                by khallow (3766) Subscriber Badge on Monday February 17 2020, @10:43PM (#959338) Journal

                *You* would lose access to future updates from GRSecurity

                There we go. The restriction/limit/etc that someone won't acknowledge as such.

                - but future updates aren't covered by the GPL.

                Of course, they are covered by the GPL. The GPL doesn't force you to engage in GPL-covered activities, such as releasing modifications of GPL licensed programs, but when you do, you have to comply with the license, even if it's an activity in the future.

                • (Score: 2) by Immerman on Monday February 17 2020, @11:18PM (12 children)

                  by Immerman (3985) on Monday February 17 2020, @11:18PM (#959345)

                  Is the limit/restriction/etc on the licensed code? Or on your ability to redistribute it? No, you can redistribute to your hearts content under the exact same license, exactly as it requires.

                  There are *consequences* for distributing the code, but no *limitations or restrictions* on doing so. Exact language matters in law.
                  >Of course, they are covered by the GPL.

                  No, they aren't, because they don't exist yet.
                  They will probably exist eventually, and when they do, they will probably be released under the GPL (though it's always theoretically possible that alternate licenses might be negotiated with all the upstream contributors.)

                  But giving you code under the GPL today, doesn't put any obligation on me to give you more GPL code in the future.

                  • (Score: 1) by khallow on Tuesday February 18 2020, @12:06AM (11 children)

                    by khallow (3766) Subscriber Badge on Tuesday February 18 2020, @12:06AM (#959361) Journal

                    Is the limit/restriction/etc on the licensed code? Or on your ability to redistribute it? No, you can redistribute to your hearts content under the exact same license, exactly as it requires.

                    Why are you still asking when it's been explained to you? For example, here [soylentnews.org]

                    [KilroySmith:]In my view, GRSecurity is not imposing any further restrictions on the code that has been distributed - the recipient and the community can redistribute under the GPL as required.

                    [khallow:]Then why would the subscription be terminated, if there were indeed no further restrictions on the code that was distributed? It obviously is a further restriction whether you choose to view it that way or not.

                    What's missing here is that GRSecurity is constrained by the GPL 2.0 license on the Linux kernel. They do not have the option to impose these additional restrictions on what can be distributed (as Arik noted), because otherwise they aren't allowed to distribute those changes at all. That is, their code and their subscription both inherit the GPL 2.0 restrictions from the Linux kernel. They aren't allowed by the license to term subscriptions for people who redistribute their code.

                    or here

                    [KilroySmith:] The GPL ties the hands of GRSecurity in many ways, but forcing them to forever support a customer that they no longer wish to do business with isn't one of those ties, IMHO.

                    [AC:]Their product is a patch to the Linux kernel, making it a derivative work of the kernel, and thus the only reason why they can even distribute it all it is thanks to the GPL itself. It sounds like what they say is: "we distribute our patches to you under the GPL, but if you even try to exercise these other rights you supposedly have under it, we will stop giving you support and updates". That rather sounds a hell of a lot like they're adding extra terms to the license, prohibited by GPL section 6. It's not a matter of forcing them to forever support anyone. It's that they're adding extra terms and conditions to the redistribution of their patches in violation of the GPL.

                    Further examples, here [soylentnews.org] and here [soylentnews.org]. These are all posts you replied to.

                    You even agree [soylentnews.org] at one point.

                    [barbara hudson:]Back in the 80s I'm sure I wasn't the only one modifying binaries with a hex editor. If I were to do that today I could redistribute the binaries and never give the source because there is no source, never was.

                    [Immerman:]Except that the instant you distribute you're violating copyright law - unless you have a license that allows you to distribute. As some kid sharing stuff with friends in the pre-napster days, you were unlikely to get caught, but that doesn't make it any more legal.

                    Do that with any proprietary software, and the original copyright holder will be fully within their legal rights to come down on you like a ton of bricks for copyright infringement

                    Do that with GPLed software - and either you provide the source code on demand as required by the license, or the original copyright holder will be fully within their legal rights to come down on you like a ton of bricks for copyright infringement.

                    The GPL is the only thing allowing you to redistribute the code legally, so if you're not 100% in compliance with the license - including providing source code on demand, then you're automatically guilty of copyright infringement.

                    Sounds like GRSecurity isn't obviously violating the letter of the GPL, assuming they really do provide the source code on demand. But they're certainly violating the spirit.

                    And don't constrain the recipient's rights under the GPL, which OSS does. Sorry, the GPL does more than just require access to source code on demand, it requires that you don't put constraints on distribution, even the relatively mild ones here, on downstream recipients of modified code. And yes, anything where even a relatively mild negative consequence/penalty follows redistribution, is a constraint/restriction/limit which is not allowed by the GPL 2.0 license.

                    • (Score: 2) by Immerman on Tuesday February 18 2020, @01:22AM (10 children)

                      by Immerman (3985) on Tuesday February 18 2020, @01:22AM (#959379)

                      You seem to be operating under the assumption that putting constraints on future business transaction is equivalent to putting constraints on the licensed software. I don't see it, except in spirit. And the law is defined by the letter, not the spirit.

                      I sell you a copy of ImmerOffice, and give you the full source code under the GPL. At that point I have fulfilled my legal obligation under the GPL.

                      I then tell you that if you redistribute that code, I won't do business with you any more.

                      I have not in any way revoked or limited any of the rights I already granted you, I have simply put conditions on you doing business with me in the future.

                      It certainly violates the spirit of the GPL, especially for a product where regular updates are essential to the functionality, but nothing in the GPL actually requires me to continue doing business with you. I haven't altered what you can legally do with the software I already sold you in any way. I've only conditionally limited your ability to continue doing business with me.

                      • (Score: 1) by khallow on Tuesday February 18 2020, @01:45AM (4 children)

                        by khallow (3766) Subscriber Badge on Tuesday February 18 2020, @01:45AM (#959389) Journal

                        You seem to be operating under the assumption that putting constraints on future business transaction is equivalent to putting constraints on the licensed software.

                        At first, I thought I understood what you were saying. The GPL 2.0 license does put constraints on present and future business transactions when they impinge on the license. But you seem to be claiming that "putting constraints on the licensed software" was something we were discussing? We weren't. We were discussing how the GPL 2.0 license constrains (or as you claim, doesn't constrain) OSS's restrictions on use of their product (since it is a modification of the Linux kernel which makes the GRSecurity subject to the GPL 2.0 license requirements), like penalizing customers who exercise a GPL prerogative to distribute GPL licensed code.

                        The software itself is not constrained.

                        • (Score: 2) by Immerman on Tuesday February 18 2020, @02:13AM (3 children)

                          by Immerman (3985) on Tuesday February 18 2020, @02:13AM (#959396)

                          >The GPL 2.0 license does put constraints on present and future business transactions when they impinge on the license.
                          Where, exactly, in the GPL2 does it put limitations on future transactions?

                          >But you seem to be claiming that "putting constraints on the licensed software" was something we were discussing?
                          Yes, we are. That's what the GPL is all about. So long as I give you the source code under the same GPL license that I received it, with no furtter limitations or restrictions on what you can do with it, my obligations under the GPL are fulfilled.

                          I sold you ImmerOffice, a derivative work of GPL2 software. I gave you the source under the exact same GPL2 license as I received the upstream version under. My obligations under the GPL2 license that I received from upstream are completely satisfied. You can spread that source and software far and wide, and there's nothing I can do about it.

                          Nothing I do from that point forward matters to *that* GPL-bound transaction. You have the source, you can do whatever you want with it (subject to GPL2). But I am under no obligation to do any further business with you.

                          A year later you want to buy the latest version from me. I can sell it to you or not - that's completely up to me. If I choose to only sell the latest version to people who didn't redistribute the previous version, that in no way limits your ability to redistribute the previous version. It only limits your ability to get access to the current version.

                          • (Score: 1) by khallow on Tuesday February 18 2020, @03:44AM (2 children)

                            by khallow (3766) Subscriber Badge on Tuesday February 18 2020, @03:44AM (#959422) Journal

                            Where, exactly, in the GPL2 does it put limitations on future transactions?

                            There's no time limit on any of the limitations listed in the GPL 2.0. The whole thing applies to the indefinite future.

                            But you seem to be claiming that "putting constraints on the licensed software" was something we were discussing?

                            Yes, we are. That's what the GPL is all about. So long as I give you the source code under the same GPL license that I received it, with no furtter limitations or restrictions on what you can do with it, my obligations under the GPL are fulfilled.

                            You mention no such way that GPL puts constraints on the licensed software. In reality, it puts constraints instead on the use, modification, ownership, distribution, etc of the software.

                            I sold you ImmerOffice, a derivative work of GPL2 software. I gave you the source under the exact same GPL2 license as I received the upstream version under. My obligations under the GPL2 license that I received from upstream are completely satisfied. You can spread that source and software far and wide, and there's nothing I can do about it.

                            Nothing I do from that point forward matters to *that* GPL-bound transaction. You have the source, you can do whatever you want with it (subject to GPL2). But I am under no obligation to do any further business with you.

                            False. If you have continued to distribute future modifications of ImmerOffice which continue to be derivative from GPL code, then you continue to be subject to the terms of the GPL of the original code. And contrary to your assertion, you remain under obligation from that GPL license to do such things as provide access to your code for anyone, even those whom you don't do business with.

                            What other contract can be voided merely because there is a future?

                            • (Score: 2) by Immerman on Tuesday February 18 2020, @03:13PM (1 child)

                              by Immerman (3985) on Tuesday February 18 2020, @03:13PM (#959535)

                              >You mention no such way that GPL puts constraints on the licensed software. In reality, it puts constraints instead on the use, modification, ownership, distribution, etc of the software.

                              Yes - either you adhere to the terms of the GPL2, or you can't redistribute. The GPL2 grants you a bunch of new rights - but only so long as you adhere to its limitations (full source release, no new license restrictions, etc on downstream code.) Use and modification are actually completely unrestricted, your GPL2 obligations are only triggered by distribution. Which is why Google can run their own custom version of Linux and other GPL2 software within their organization without sharing the source. As I recall that's one of the many things GPL3 changed.

                              >If you have continued to distribute future modifications of ImmerOffice which continue to be derivative from GPL code, then you continue to be subject to the terms of the GPL of the original code. And contrary to your assertion, you remain under obligation from that GPL license to do such things as provide access to your code for anyone, even those whom you don't do business with.

                              Actually, no. Read the GPL2 very carefully - you're only required to provide the GPL2ed source to people to whom you distribute the derivative work*. Most people make the source available to everyone out of convenience (if customers can re-share it anyway, why bother with all the trouble of limiting access), but e.g. if you sold shrink-wrapped GPL2 software bundled with the complete source on the same DVD as the software, then your obligations have been fully met and you don't need to do make the source available in any other form.

                              If I sell you ImmerOffice v1, then I am required to give you the full source to ImmerOffice v1 under the GPL2 either bundled or upon request. However, I have no obligation to provide you source code to v2 unless I have provided you with that version of the software. If I refuse to sell v2 you, then I don't have to give you the source to v2. Anyone I *do* sell to is still entitled to get the GPL2 source, and can give it to you freely - but that has nothing to do with me. Except that I would then refuse to sell them v3 or provide them with the source to that version.

                              *Clause 3 of the GPL2

                              3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
                                      a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
                                      b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
                                      c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)

                              Hmm...I hadn't actually remembered the "any third party" bit on subsection (b) - It would seem that if I don't provide you the source up front, bundled with the software, then I would indeed have to make it available to everyone. However, so long as I bundled the source, I'm home free. And in the case of a patch... well the patch is almost certainly delivered in source form to begin with, is it not?

                              • (Score: 1) by khallow on Tuesday February 18 2020, @06:20PM

                                by khallow (3766) Subscriber Badge on Tuesday February 18 2020, @06:20PM (#959613) Journal
                                Indeed, let's read the GPL 2 carefully. Arik [soylentnews.org] did that and came up with sections 4 and 6, which override your permissive interpretation of section 3.

                                you're only required to provide the GPL2ed source to people to whom you distribute the derivative work*.

                                And you are also "only" required to "not impose any further restrictions on the recipients' exercise of the rights granted herein". Sorry, but OSS's gimmick of not doing business with you if you exercise the right to redistribute is a restriction and would covered by the license. They are limited by the license as to what restrictions they can impose on their customers, section 3 notwithstanding.

                      • (Score: 0) by Anonymous Coward on Tuesday February 18 2020, @07:16AM (4 children)

                        by Anonymous Coward on Tuesday February 18 2020, @07:16AM (#959465)

                        >You seem to be operating under the assumption that putting constraints on future business transaction is equivalent to putting constraints on the licensed software. I don't see it, except in spirit. And the law is defined by the letter, not the spirit.

                        When using some other Copyright holder's Work licensed to you under the terms of version 2 of the GPL: The GPL governs you, the licensee's business dealings with any future distributees where there is a nexus with the GPL'd work. It _FORBIDS_ you to engage in any contracting that adds ANY addtional terms between YOU and the Distributee. See section 6 and 4. You simply are NOT allowed to create such contracts between you the licensee and the distributees. When you DO create such a contract, your license is /IMMEDIATLY/ revoked (section 4). The MOMENT you offer additional terms, in a situation where the GPL'd Work (of another) is implicated.

                        >I sell you a copy of ImmerOffice, and give you the full source code under the GPL. At that point I have fulfilled my legal obligation under the GPL

                        . Wrong.

                        >I then tell you that if you redistribute that code, I won't do business with you any more.

                        You have now violated section 6 and section 4 of the GPL. The Copyright owners forbid such business dealings, weather you like it or not, mr american buisnesss man. The Copyrighted Work is NOT your property, it is NOT your posession, it is the COPYRIGHT OWNERS PROPERTY, and he may RESCIND your PERMISSION to use HIS PROPERTY at his LEASURE. Here he has chosen to rescind the license when you implicate his Work in a negative covenant inconsistent with the proffered terms.

                        >I have not in any way revoked or limited any of the rights I already granted you, I have simply put conditions on you doing business with me in the future.

                        Wrong: you have engaged in behavior forbidden by the Owner of the Copyrighted work, and have lost your PERMISSION to use his work, as stated in section 4. You no-longer have a license and hence-forth are implicated in Copyright infringement.

                        >It certainly violates the spirit of the GPL, especially for a product where regular updates are essential to the functionality, but nothing in the GPL actually requires me to continue doing business with you. I haven't altered what you can legally do with the software I already sold you in any way. I've only conditionally limited your ability to continue doing business with me.

                        It violates the text of section 6 and section 4. And yes, I am a lawyer. You should be sued in such a case. The Copyrighted work is NOT your property. It is NOT an item you have title to. You merely have permission to use another's property (like if you were /licensed/ to walk over someone's land), which is revoked at the owners leisure. The owner has stated that the permission is revoked if you add any additional terms between you and anyone you distribute the Work (or any derivative there-of) to. Which you have done so. No more license.

                        • (Score: 2) by Immerman on Tuesday February 18 2020, @03:26PM (2 children)

                          by Immerman (3985) on Tuesday February 18 2020, @03:26PM (#959539)

                          Where does it say you can't add any further terms to the transaction? It says you can't add any further *restrictions* to the

                          [Section] 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.

                          So long as I provide you the full source under GPL2, then I'm putting no further restrictions on you redistributing it as you see fit. Threatening to refuse to do any further business with you if you exercise those rights, doesn't actually restrict your rights - it just restricts your future business dealings with me. You're perfectly free to flip me off and redistribute the source I gave you.

                          I don't see that section 4 is directly relevant, until we establish that I have indeed violated section 6.

                          • (Score: 0) by Anonymous Coward on Wednesday February 19 2020, @02:42AM (1 child)

                            by Anonymous Coward on Wednesday February 19 2020, @02:42AM (#959757)

                            >Where does it say you can't add any further terms to the transaction? It says you can't add any further *restrictions* to the

                            > 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void,

                            Grsecurity is a modification of the Program. They are modifying the Program, and sublicensing it, with added terms. They are in violation.

                            Additionally, A consequence, aswell as A negative covenant, is a restriction.

                            >You may not impose any further restrictions on the recipients' exercise of the rights granted herein.

                            They are violating the license on two counts, not just one count.

                            • (Score: 2) by Immerman on Wednesday February 19 2020, @03:55AM

                              by Immerman (3985) on Wednesday February 19 2020, @03:55AM (#959781)

                              Their argument is that there are no added terms. The patch is provided under the GPL2, which means you can redistribute it freely.

                              You won't be able to business with them anymore if you do, but that doesn't limit your ability to redistribute in any way.

                        • (Score: 2) by Immerman on Tuesday February 18 2020, @03:48PM

                          by Immerman (3985) on Tuesday February 18 2020, @03:48PM (#959549)

                          I suppose the question boils down to - does my threat to stop doing business with you in the future constitute a restriction on your rights to the GPL source I just gave you - or does it only constitute a restriction on our future business relationship?

                          I could certainly see a court case going either way - but it could be a very long and protracted battle. Aftrer all, I am giving you the full source nder the GPL2, and you and anyone downstream are completely free to redistribute it. Unlike more typical clear-cut GPL violations, where the the full source of the derivative work is not made available under the GPL, and the infringer thus clearly has no license to redistribute the code.