Slash Boxes

SoylentNews is people

posted by Fnord666 on Sunday February 16 2020, @02:22PM   Printer-friendly
from the no-way-out dept.

The head of security firm Open Source Security, Brad Spengler, says he had little option but to file a lawsuit against open source advocate Bruce Perens, who alleged back in 2017 that security patches issued for the Linux kernel by OSS violated the licence under which the kernel is distributed.

The case ended last week with Perens coming out on the right side of things; after some back and forth, a court doubled down on its earlier decision that OSS must pay Perens' legal costs as awarded in June 2018.

The remainder of the article is an interview with Brad Spengler about the case and the issue.

iTWire contacted Spengler soon after the case ended, as he had promised to speak at length about the issue once all legal issues were done and dusted. Queries submitted by iTWire along with Spengler's answers in full are given below:

Court Orders Payment of $259,900.50 to Bruce Perens' Attorneys

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Immerman on Tuesday February 18 2020, @03:13PM (1 child)

    by Immerman (3985) on Tuesday February 18 2020, @03:13PM (#959535)

    >You mention no such way that GPL puts constraints on the licensed software. In reality, it puts constraints instead on the use, modification, ownership, distribution, etc of the software.

    Yes - either you adhere to the terms of the GPL2, or you can't redistribute. The GPL2 grants you a bunch of new rights - but only so long as you adhere to its limitations (full source release, no new license restrictions, etc on downstream code.) Use and modification are actually completely unrestricted, your GPL2 obligations are only triggered by distribution. Which is why Google can run their own custom version of Linux and other GPL2 software within their organization without sharing the source. As I recall that's one of the many things GPL3 changed.

    >If you have continued to distribute future modifications of ImmerOffice which continue to be derivative from GPL code, then you continue to be subject to the terms of the GPL of the original code. And contrary to your assertion, you remain under obligation from that GPL license to do such things as provide access to your code for anyone, even those whom you don't do business with.

    Actually, no. Read the GPL2 very carefully - you're only required to provide the GPL2ed source to people to whom you distribute the derivative work*. Most people make the source available to everyone out of convenience (if customers can re-share it anyway, why bother with all the trouble of limiting access), but e.g. if you sold shrink-wrapped GPL2 software bundled with the complete source on the same DVD as the software, then your obligations have been fully met and you don't need to do make the source available in any other form.

    If I sell you ImmerOffice v1, then I am required to give you the full source to ImmerOffice v1 under the GPL2 either bundled or upon request. However, I have no obligation to provide you source code to v2 unless I have provided you with that version of the software. If I refuse to sell v2 you, then I don't have to give you the source to v2. Anyone I *do* sell to is still entitled to get the GPL2 source, and can give it to you freely - but that has nothing to do with me. Except that I would then refuse to sell them v3 or provide them with the source to that version.

    *Clause 3 of the GPL2

    3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
            a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
            b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
            c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)

    Hmm...I hadn't actually remembered the "any third party" bit on subsection (b) - It would seem that if I don't provide you the source up front, bundled with the software, then I would indeed have to make it available to everyone. However, so long as I bundled the source, I'm home free. And in the case of a patch... well the patch is almost certainly delivered in source form to begin with, is it not?

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 1) by khallow on Tuesday February 18 2020, @06:20PM

    by khallow (3766) Subscriber Badge on Tuesday February 18 2020, @06:20PM (#959613) Journal
    Indeed, let's read the GPL 2 carefully. Arik [] did that and came up with sections 4 and 6, which override your permissive interpretation of section 3.

    you're only required to provide the GPL2ed source to people to whom you distribute the derivative work*.

    And you are also "only" required to "not impose any further restrictions on the recipients' exercise of the rights granted herein". Sorry, but OSS's gimmick of not doing business with you if you exercise the right to redistribute is a restriction and would covered by the license. They are limited by the license as to what restrictions they can impose on their customers, section 3 notwithstanding.