SoylentNews is people
SoylentNews
https://www.itwire.com/open-source/linux-kernel-patch-maker-says-court-case-was-only-way-out.html
The head of security firm Open Source Security, Brad Spengler, says he had little option but to file a lawsuit against open source advocate Bruce Perens, who alleged back in 2017 that security patches issued for the Linux kernel by OSS violated the licence under which the kernel is distributed.
The case ended last week with Perens coming out on the right side of things; after some back and forth, a court doubled down on its earlier decision that OSS must pay Perens' legal costs as awarded in June 2018.
The remainder of the article is an interview with Brad Spengler about the case and the issue.
iTWire contacted Spengler soon after the case ended, as he had promised to speak at length about the issue once all legal issues were done and dusted. Queries submitted by iTWire along with Spengler's answers in full are given below:
Previously:
Court Orders Payment of $259,900.50 to Bruce Perens' Attorneys
(Score: 2) by Immerman on Tuesday February 18 2020, @01:22AM (10 children)
You seem to be operating under the assumption that putting constraints on future business transaction is equivalent to putting constraints on the licensed software. I don't see it, except in spirit. And the law is defined by the letter, not the spirit.
I sell you a copy of ImmerOffice, and give you the full source code under the GPL. At that point I have fulfilled my legal obligation under the GPL.
I then tell you that if you redistribute that code, I won't do business with you any more.
I have not in any way revoked or limited any of the rights I already granted you, I have simply put conditions on you doing business with me in the future.
It certainly violates the spirit of the GPL, especially for a product where regular updates are essential to the functionality, but nothing in the GPL actually requires me to continue doing business with you. I haven't altered what you can legally do with the software I already sold you in any way. I've only conditionally limited your ability to continue doing business with me.
(Score: 1) by khallow on Tuesday February 18 2020, @01:45AM (4 children)
At first, I thought I understood what you were saying. The GPL 2.0 license does put constraints on present and future business transactions when they impinge on the license. But you seem to be claiming that "putting constraints on the licensed software" was something we were discussing? We weren't. We were discussing how the GPL 2.0 license constrains (or as you claim, doesn't constrain) OSS's restrictions on use of their product (since it is a modification of the Linux kernel which makes the GRSecurity subject to the GPL 2.0 license requirements), like penalizing customers who exercise a GPL prerogative to distribute GPL licensed code.
The software itself is not constrained.
(Score: 2) by Immerman on Tuesday February 18 2020, @02:13AM (3 children)
>The GPL 2.0 license does put constraints on present and future business transactions when they impinge on the license.
Where, exactly, in the GPL2 does it put limitations on future transactions?
>But you seem to be claiming that "putting constraints on the licensed software" was something we were discussing?
Yes, we are. That's what the GPL is all about. So long as I give you the source code under the same GPL license that I received it, with no furtter limitations or restrictions on what you can do with it, my obligations under the GPL are fulfilled.
I sold you ImmerOffice, a derivative work of GPL2 software. I gave you the source under the exact same GPL2 license as I received the upstream version under. My obligations under the GPL2 license that I received from upstream are completely satisfied. You can spread that source and software far and wide, and there's nothing I can do about it.
Nothing I do from that point forward matters to *that* GPL-bound transaction. You have the source, you can do whatever you want with it (subject to GPL2). But I am under no obligation to do any further business with you.
A year later you want to buy the latest version from me. I can sell it to you or not - that's completely up to me. If I choose to only sell the latest version to people who didn't redistribute the previous version, that in no way limits your ability to redistribute the previous version. It only limits your ability to get access to the current version.
(Score: 1) by khallow on Tuesday February 18 2020, @03:44AM (2 children)
There's no time limit on any of the limitations listed in the GPL 2.0. The whole thing applies to the indefinite future.
You mention no such way that GPL puts constraints on the licensed software. In reality, it puts constraints instead on the use, modification, ownership, distribution, etc of the software.
False. If you have continued to distribute future modifications of ImmerOffice which continue to be derivative from GPL code, then you continue to be subject to the terms of the GPL of the original code. And contrary to your assertion, you remain under obligation from that GPL license to do such things as provide access to your code for anyone, even those whom you don't do business with.
What other contract can be voided merely because there is a future?
(Score: 2) by Immerman on Tuesday February 18 2020, @03:13PM (1 child)
>You mention no such way that GPL puts constraints on the licensed software. In reality, it puts constraints instead on the use, modification, ownership, distribution, etc of the software.
Yes - either you adhere to the terms of the GPL2, or you can't redistribute. The GPL2 grants you a bunch of new rights - but only so long as you adhere to its limitations (full source release, no new license restrictions, etc on downstream code.) Use and modification are actually completely unrestricted, your GPL2 obligations are only triggered by distribution. Which is why Google can run their own custom version of Linux and other GPL2 software within their organization without sharing the source. As I recall that's one of the many things GPL3 changed.
>If you have continued to distribute future modifications of ImmerOffice which continue to be derivative from GPL code, then you continue to be subject to the terms of the GPL of the original code. And contrary to your assertion, you remain under obligation from that GPL license to do such things as provide access to your code for anyone, even those whom you don't do business with.
Actually, no. Read the GPL2 very carefully - you're only required to provide the GPL2ed source to people to whom you distribute the derivative work*. Most people make the source available to everyone out of convenience (if customers can re-share it anyway, why bother with all the trouble of limiting access), but e.g. if you sold shrink-wrapped GPL2 software bundled with the complete source on the same DVD as the software, then your obligations have been fully met and you don't need to do make the source available in any other form.
If I sell you ImmerOffice v1, then I am required to give you the full source to ImmerOffice v1 under the GPL2 either bundled or upon request. However, I have no obligation to provide you source code to v2 unless I have provided you with that version of the software. If I refuse to sell v2 you, then I don't have to give you the source to v2. Anyone I *do* sell to is still entitled to get the GPL2 source, and can give it to you freely - but that has nothing to do with me. Except that I would then refuse to sell them v3 or provide them with the source to that version.
*Clause 3 of the GPL2
Hmm...I hadn't actually remembered the "any third party" bit on subsection (b) - It would seem that if I don't provide you the source up front, bundled with the software, then I would indeed have to make it available to everyone. However, so long as I bundled the source, I'm home free. And in the case of a patch... well the patch is almost certainly delivered in source form to begin with, is it not?
(Score: 1) by khallow on Tuesday February 18 2020, @06:20PM
And you are also "only" required to "not impose any further restrictions on the recipients' exercise of the rights granted herein". Sorry, but OSS's gimmick of not doing business with you if you exercise the right to redistribute is a restriction and would covered by the license. They are limited by the license as to what restrictions they can impose on their customers, section 3 notwithstanding.
(Score: 0) by Anonymous Coward on Tuesday February 18 2020, @07:16AM (4 children)
When using some other Copyright holder's Work licensed to you under the terms of version 2 of the GPL: The GPL governs you, the licensee's business dealings with any future distributees where there is a nexus with the GPL'd work. It _FORBIDS_ you to engage in any contracting that adds ANY addtional terms between YOU and the Distributee. See section 6 and 4. You simply are NOT allowed to create such contracts between you the licensee and the distributees. When you DO create such a contract, your license is /IMMEDIATLY/ revoked (section 4). The MOMENT you offer additional terms, in a situation where the GPL'd Work (of another) is implicated.
. Wrong.
You have now violated section 6 and section 4 of the GPL. The Copyright owners forbid such business dealings, weather you like it or not, mr american buisnesss man. The Copyrighted Work is NOT your property, it is NOT your posession, it is the COPYRIGHT OWNERS PROPERTY, and he may RESCIND your PERMISSION to use HIS PROPERTY at his LEASURE. Here he has chosen to rescind the license when you implicate his Work in a negative covenant inconsistent with the proffered terms.
Wrong: you have engaged in behavior forbidden by the Owner of the Copyrighted work, and have lost your PERMISSION to use his work, as stated in section 4. You no-longer have a license and hence-forth are implicated in Copyright infringement.
It violates the text of section 6 and section 4. And yes, I am a lawyer. You should be sued in such a case. The Copyrighted work is NOT your property. It is NOT an item you have title to. You merely have permission to use another's property (like if you were /licensed/ to walk over someone's land), which is revoked at the owners leisure. The owner has stated that the permission is revoked if you add any additional terms between you and anyone you distribute the Work (or any derivative there-of) to. Which you have done so. No more license.
(Score: 2) by Immerman on Tuesday February 18 2020, @03:26PM (2 children)
Where does it say you can't add any further terms to the transaction? It says you can't add any further *restrictions* to the
So long as I provide you the full source under GPL2, then I'm putting no further restrictions on you redistributing it as you see fit. Threatening to refuse to do any further business with you if you exercise those rights, doesn't actually restrict your rights - it just restricts your future business dealings with me. You're perfectly free to flip me off and redistribute the source I gave you.
I don't see that section 4 is directly relevant, until we establish that I have indeed violated section 6.
(Score: 0) by Anonymous Coward on Wednesday February 19 2020, @02:42AM (1 child)
Grsecurity is a modification of the Program. They are modifying the Program, and sublicensing it, with added terms. They are in violation.
Additionally, A consequence, aswell as A negative covenant, is a restriction.
They are violating the license on two counts, not just one count.
(Score: 2) by Immerman on Wednesday February 19 2020, @03:55AM
Their argument is that there are no added terms. The patch is provided under the GPL2, which means you can redistribute it freely.
You won't be able to business with them anymore if you do, but that doesn't limit your ability to redistribute in any way.
(Score: 2) by Immerman on Tuesday February 18 2020, @03:48PM
I suppose the question boils down to - does my threat to stop doing business with you in the future constitute a restriction on your rights to the GPL source I just gave you - or does it only constitute a restriction on our future business relationship?
I could certainly see a court case going either way - but it could be a very long and protracted battle. Aftrer all, I am giving you the full source nder the GPL2, and you and anyone downstream are completely free to redistribute it. Unlike more typical clear-cut GPL violations, where the the full source of the derivative work is not made available under the GPL, and the infringer thus clearly has no license to redistribute the code.