SoylentNews is people
SoylentNews
https://www.itwire.com/open-source/linux-kernel-patch-maker-says-court-case-was-only-way-out.html
The head of security firm Open Source Security, Brad Spengler, says he had little option but to file a lawsuit against open source advocate Bruce Perens, who alleged back in 2017 that security patches issued for the Linux kernel by OSS violated the licence under which the kernel is distributed.
The case ended last week with Perens coming out on the right side of things; after some back and forth, a court doubled down on its earlier decision that OSS must pay Perens' legal costs as awarded in June 2018.
The remainder of the article is an interview with Brad Spengler about the case and the issue.
iTWire contacted Spengler soon after the case ended, as he had promised to speak at length about the issue once all legal issues were done and dusted. Queries submitted by iTWire along with Spengler's answers in full are given below:
Previously:
Court Orders Payment of $259,900.50 to Bruce Perens' Attorneys
(Score: 1) by khallow on Sunday February 16 2020, @04:32PM (12 children)
(Score: 1) by khallow on Sunday February 16 2020, @04:57PM (11 children)
(Score: 0) by Anonymous Coward on Monday February 17 2020, @01:22AM (10 children)
An opinion is something that is it impossible to prove either the truth or the falsity of at the time it is made with the facts reasonably available. For example, "I think Microsoft is purposefully putting exploits in Windows" is an opinion when a random toddler says it but a mixed statement when Bill Gates says it and a statement of fact when Satya Nadella says it. The difference is the facts, expertise, special understanding, and perspectives available to the respective speakers. It is worth noting that some things are legally considered not to be pure statements because the very fact they are being made implies facts available to the speaker, such as "I think he has an STI" or "In my opinion, he is a thief."
But in this case, none of those apply. There is no possible way for Perens's statement to be determined factually. No court has ruled on it, he has no legal expertise in interpretation of law, and the GPL has never been litigated in regards extrinsic restrictions. That is why, if you look at what OSS is asking, they want the Court to decide that they are not violating the GPL, and then make Perens liable for saying the false statements because he should have known he was communicating false facts in his "opinion" because such statements are false now.
(Score: 1) by khallow on Monday February 17 2020, @03:00AM (9 children)
Sure, there is. You already mentioned litigating the GPL with respect to this. That would be a necessary and sufficient test of the opinion. And Perens probably is knowledgeable enough to testify as an expert witness in such a case, meaning that he would have the necessary legal expertise in interpretation of law. And of course, a statement isn't a false fact, if it merely takes a lot of effort to test it!
We can also exercise those gray cells and reason. The security "patches" are based on modifying the Linux kernel which is licensed under the GPL v.2.0 [opensource.org]. That license has clauses like:
Making patches for said Program is modifying the Program (the Linux kernel) as per the license. OSS is thus subject to its terms.
and (since it's low lying fruit) for Barbara Hudson who claimed that extreme circumstances could void the need for compliance with the license:
(Score: 0) by Anonymous Coward on Monday February 17 2020, @03:53AM (4 children)
Perens, at the time he made the statements, had no possible way to determine with the facts available to him whether it was illegal or not. Until a court rules, the judgment is final, and the appeals exhausted, no one actually knows whether or not it is illegal. Unless Perens secretly has a time machine, he does not possess the facts necessary to rule on it. Even OSS's attorneys aren't saying it has been established. That is why they want a miniature trial to make that determination, and why they are arguing so hard to try and turn the defamation claim into other torts.
Just listen to the exchange between OSS and the judges at oral arguments [uscourts.gov]. You'll see that the entire rebuttal is over whether or not the statement is true. Combined with the grilling OSS got on their open, you can see the clear picture of what that would paint, all sorts of experts and people giving their opinion would open themselves up to retroactive liability for offering their opinions on any sort of dispute, let alone a legal interpretation one.
(Score: 1) by khallow on Monday February 17 2020, @12:25PM (3 children)
And OSS is paying Perens's legal fees because it was an idiotic lawsuit.
Why should I listen to that exchange? Who made what arguments? What "grilling" was doing and what is the "clear picture"?
(Score: 0) by Anonymous Coward on Monday February 17 2020, @09:51PM (2 children)
I see what is going on, you think I think this suit has merit. I do not. You seem to think that Perens will win because it will turn out to be correct, and therefore is correct now. I think Perens will win because this is covered by the opinion privilege. No court has decided a similar set of facts related to the GPL. This means that legally the truth of falsity of the statement is currently undetermined. So the legal analysis is whether all the facts he based it on were true, which are basically the text of the GPL, that OSS accepted the GPL, and that OSS has a patch agreement that affects access to future source if users exercise rights under the GPL to distribute patches, and that no court has determined whether an extrinsic restriction of this kind counts with the GPL.
Here is a baseball analogy. The very last pitch of the game the score is 0-0, bases loaded, 3 balls, 2 strikes, pitcher throws a pitch, the batter doesn't swing, and the catcher catches it. The universe is looped at that point for the duration of the pitch rewinds and replays repeatedly showing the same pitch. Except for for everyone but people in a particular town, and there is a house where some people are watching the game, One kid says, "Well we lost, that looks like a strike to me." Agreeing, a guy's wife tears up his betting slip calling him an idiot for losing their money. That guy goes to the kid and demands the kid pay him back his lost money because he thinks it is a ball and they won and therefore the kid cost him the money. They and everyone else can argue until the cows come home, they can go to the field and measure the pitch with surveying equipment, they can do whatever they want, but it doesn't matter. With the facts available that the time, it is impossible to tell.
It all comes down to how the particular umpire and video review system sees the strike zone and whether any part of the ball enters that pentagonal prism. That pitch isn't "officially" a strike or a ball until the officials make the call. In our analogy, OSS is the guy with the torn up slip asking and is asking for the court to start the normal flow of time, have the call of strike or ball made officially, and then hold the kid liable for the lost money if it turns out the kid is wrong.
The reason why this is important is because OSS basically wants to destroy the entire concept of voicing a legal opinion. Company A and Company B having a contract dispute? No one better say who they think is right, otherwise they'd be potentially liable to the other once the court rules. Saying publicly that you don't think a justification defense applies to a murder case? Better hope the jury agrees with you, otherwise you'd be liable if they don't. As those examples make clear, the entire idea of legal commentary is out the window or seriously curtailed under a system where that is allowed.
(Score: 1) by khallow on Monday February 17 2020, @10:10PM (1 child)
You said:
(Score: 1) by khallow on Monday February 17 2020, @10:53PM
(Score: 2) by Immerman on Monday February 17 2020, @11:36PM (3 children)
>If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all
But you can. You get code from GRSecurity - and you're absolutely free to immediately redistribute it under the exact same GPL2 terms you received it under.
(Score: 0) by Anonymous Coward on Tuesday February 18 2020, @12:07PM (2 children)
Grsecurity's work is a non-seperable derivative work of the linux kernel, which is licensed under version 2 of the GPL.
Do you understand this, dumbfuck? No? good.
Grsecurity is NOT permitted to create derivative works of a copyrighted work by default: it is a violation of the Copyright owners rights.
Do you understand this, dumbfuck? No? good.
Grsecurity is ONLY permitted to create derivative works of a copyrighted work IF they get permission (license) to do so from the Copyright owner.
Do you understand this, dumbfuck? No? good.
This permission, regarding making non-seperable derivative works of the linux kernel, is called version 2 of the GPL.
Do you understand this, dumbfuck? No? good.
Version 2 of the GPL forbids a licensee, or creator of a derivative work, from, when distributing the derivative work, adding any additional terms in the agreement between him and whoever he is distributing the derivative work. See sections 6 and section 4.
Do you understand this, dumbfuck? No? good.
Grsecurity has chosen to add additional terms when distributing it's non-seperable derivative work of the linux kernel (and GCC aswell, they wanted to be through). Here are those additional terms: https://new.perens.com/wp-content/uploads/sites/4/2017/06/grsecstablepatchaccessagreement_additionalterms.pdf [perens.com]
(including the "no redistribution or else" term proffered)
Do you understand this, dumbfuck? No? good.
Section 4 of the GPL version 2 revokes the licensee's (Grsecurity) permission to create and distribute derivative works.
Do you understand this, dumbfuck? No? good.
(Score: 2) by Immerman on Tuesday February 18 2020, @02:27PM (1 child)
GRSecurity's patches ARE RELEASED UNDER GPL2 and can be freely redistributed.
If you distribute them, then GRSecuity will no longer do business with you - but that in no way limits your rights to distribute the code they've already sold you, which is the only thing the GPL2 covers.
(Score: 0) by Anonymous Coward on Wednesday February 19 2020, @02:24AM
The act of including an additional term such as
"you promise not to redistribute the work to 3rd parties, if you do we will not do any further business with you and will not refund your money" when distributing the work to a distributee, is such an additional term. The GPL governs the dealings you may and may not have with regard to the Linux Kernel and any derivative you make of it.
Such terms offered is a violation of the GPLv2.
Which is exactly what GRSecurity is doing: yes they're violating
Grsecurity violates the linux kernel and GCC licenses /when/ it offers the additional terms: terms who's purpose is to restrict the redistribution of the derivative work