Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Sunday February 16 2020, @02:22PM   Printer-friendly
from the no-way-out dept.

https://www.itwire.com/open-source/linux-kernel-patch-maker-says-court-case-was-only-way-out.html

The head of security firm Open Source Security, Brad Spengler, says he had little option but to file a lawsuit against open source advocate Bruce Perens, who alleged back in 2017 that security patches issued for the Linux kernel by OSS violated the licence under which the kernel is distributed.

The case ended last week with Perens coming out on the right side of things; after some back and forth, a court doubled down on its earlier decision that OSS must pay Perens' legal costs as awarded in June 2018.

The remainder of the article is an interview with Brad Spengler about the case and the issue.

iTWire contacted Spengler soon after the case ended, as he had promised to speak at length about the issue once all legal issues were done and dusted. Queries submitted by iTWire along with Spengler's answers in full are given below:

Previously:
Court Orders Payment of $259,900.50 to Bruce Perens' Attorneys


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
1 (2)
  • (Score: 5, Informative) by stormwyrm on Sunday February 16 2020, @04:19PM (41 children)

    by stormwyrm (717) on Sunday February 16 2020, @04:19PM (#958821) Journal

    From the article:

    I would like to think that Perens now realises he was wrong and acted recklessly, knowing that Red Hat has had similar subscription agreements for two decades

    As far as I know, if you try to redistribute a copy of RHEL, you'll only run afoul of Red Hat's trademarks. That's literally the only reason why nobody redistributes genuine Red Hat Enterprise Linux, and the CentOS team has to do a small amount of work to remove these trademarks in their releases. Red Hat freely publishes ALL of the GPL code they use in RHEL, even the stuff we'd rather not have, cough, cough systemd cough. They have trademarks on the artwork and stuff that comes with RHEL though, so if you redistribute RHEL as-is, you're violating their trademarks. That I think is the major difference between what OSS does and what Red Hat does. Their subscription agreements might be similar to Red Hat's, but only superficially so. While Red Hat distributes their trademarked stuff to their clients along with the GPLed code, OSS is in contrast distributing nothing but GPLed code to their clients thanks to their patches being wholly derivative of the Linux kernel. The only license they had to distribute such derivative work was the GPL itself, but they attempted to add additional terms ("we will cease giving you updates if you try to exercise the rights you supposedly have under the GPL") in violation of section 6 of the GPL.

    --
    Numquam ponenda est pluralitas sine necessitate.
    • (Score: 2) by barbara hudson on Sunday February 16 2020, @04:48PM (38 children)

      by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Sunday February 16 2020, @04:48PM (#958833) Journal
      Some rights are statutory - you can't waive them. For example, you can't sell yourself or anyone else into slavery, even if they want to waive their rights as free persons.

      The right to receive the source for patches is probably a waivable right. This case doesn't answer that question. But the GPL doesn't require recipients to ask for a copy of the source, it just gives them the right to receive it if they ask. For someone who just wants the patches, and is willing to waive their rights, I don't see any way the GPL can interfere. Even if the GPL had a clause saying you cannot waive your rights to the source, such a clause would be found to be invalid. Guess we'll never know.

      --
      SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
      • (Score: 0) by Anonymous Coward on Sunday February 16 2020, @04:58PM (3 children)

        by Anonymous Coward on Sunday February 16 2020, @04:58PM (#958836)
        In other words, it's just that no one has decided to sue them. Yet. Which is why they were extremely bothered by Bruce Perens' statements as it rather cut to the heart of this fragility of their business model.
        • (Score: 2) by barbara hudson on Sunday February 16 2020, @05:44PM (2 children)

          by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Sunday February 16 2020, @05:44PM (#958847) Journal
          That's part of it. The other part is "can the GOL force people not to waive their rights to source" which it probably can't. People agree to contracts that waive their non-statutory rights all the time. So a lawsuit against the practice of a contract that waived the right to source code would probably fail and result in a counter claim based on tortious interference [wikipedia.org].
          --
          SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
          • (Score: 0) by Anonymous Coward on Monday February 17 2020, @12:06PM (1 child)

            by Anonymous Coward on Monday February 17 2020, @12:06PM (#959119)

            The copyright license terms of the linux kernel and of GCC prohibit spengler from proffering any additional terms, including those that ask or demand distributees to waive their rights. HE is not allowed to proffer such terms. Fucking moron. HE is violating the copyright of the linux kernel by putting forth those additional terms between him and the distributees of the derivative work.

            • (Score: 0) by Anonymous Coward on Monday February 17 2020, @09:28PM

              by Anonymous Coward on Monday February 17 2020, @09:28PM (#959295)

              but the additional terms are not added to the license for the software. They are in a separate service contract, at least i'm guessing they didn't put their agreement in the same exact document as the GPL.

      • (Score: 1) by khallow on Sunday February 16 2020, @05:05PM (2 children)

        by khallow (3766) Subscriber Badge on Sunday February 16 2020, @05:05PM (#958840) Journal

        For someone who just wants the patches, and is willing to waive their rights, I don't see any way the GPL can interfere.

        What happens when someone wants the patches and is not willing to waive their rights? GPL indicates they can get their ice cream anyway.

        • (Score: 2, Troll) by barbara hudson on Sunday February 16 2020, @05:57PM (1 child)

          by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Sunday February 16 2020, @05:57PM (#958852) Journal
          They simply don't get the patches. How complicated is that. The GPL only grants the right to the source for recipients of the code, not the world at large. If offers, as an alternative, to put the source on a website for the world, but doesn't oblige it.

          Party a gives a program to party b, who gives it to party c. Party c says to party a "you have to give me the source ", party a tells party c to pound sand, all in compliance with the GPL. Party c has to go to party b for the source. "But I can no longer locate party b!" "Not my problem. Pound some more sand." "I found party b, they say they never asked for the source and the 3 year delay is over and they can't be bothered ". "Again, pound sand." All in compliance with the GPL.

          --
          SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
          • (Score: 1) by khallow on Sunday February 16 2020, @10:37PM

            by khallow (3766) Subscriber Badge on Sunday February 16 2020, @10:37PM (#958923) Journal
            sjames said [soylentnews.org] it better.
      • (Score: 5, Insightful) by Arik on Sunday February 16 2020, @05:16PM (23 children)

        by Arik (4543) on Sunday February 16 2020, @05:16PM (#958845) Journal
        It seems strange that you have such strong opinions on a license you clearly haven't taken the time to read.

        "For someone who just wants the patches, and is willing to waive their rights, I don't see any way the GPL can interfere."

        This is very confused. The end user, under the GPL, receives a grant of license from the original licensor automatically. This isn't about interfering with the end user at all.

        The problem is upstream. And the GPL explicitly anticipates the case.

        What happens when a distributor attempts to impose additional licenses on their downstream? Their downstream continues to have the license, but the distributor loses theirs!

        This is laid out in paragraphs 6 and 4. So all of the customers continue to have all their rights, but the distributor no longer does. If they continue to distribute, they are now engaging in copyright infringement.
        --
        If laughter is the best medicine, who are the best doctors?
        • (Score: 1, Redundant) by barbara hudson on Sunday February 16 2020, @06:02PM (22 children)

          by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Sunday February 16 2020, @06:02PM (#958857) Journal
          They can choose by law to waive any rights to the source. The GPL cannot force people to not waive a right granted by the license. Same as a person may waive the right to run the code - I've done that a lot when discovering it's crap. Same as commercial software. Even buying software doesn't oblige me to use it. Your problem is a lack of understanding of contracts.
          --
          SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
          • (Score: 4, Informative) by Arik on Sunday February 16 2020, @06:36PM (18 children)

            by Arik (4543) on Sunday February 16 2020, @06:36PM (#958866) Journal
            "They can choose by law to waive any rights to the source."

            And this is what you're not understanding. The problem for this scheme is not any right or privilege held by the end user. It's copyright law. The end users can't "waive" copyright (that might be called granting a license) because the end users (most of them at least) don't own the copyright to begin with. There's nothing for them to waive.
            --
            If laughter is the best medicine, who are the best doctors?
            • (Score: 1, Redundant) by barbara hudson on Sunday February 16 2020, @07:54PM (17 children)

              by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Sunday February 16 2020, @07:54PM (#958874) Journal
              And you still don't get it. I am free to waive any and all rights granted by copyright law, AND any license that uses copyright law. For example,, I can waive my right to read a book I but, or a movie. There is nothing in copyright law that prevents me from entering into an agreement to waive any of my rights.

              For example, I might acquire a mint condition never unsealed collectors edition of a book from someone on the condition that I keep it in it's pristine unread state, because we're both serious collectors and that is the last known copy in such a state. Copyright law allows me to waive my right to read it. We can even spell out financial penalties if I should afterworlds choose to read the book, destroying its pristine condition, and those penalties would be enforceable; that copyright law allows me to read the book is no defence for breech of contract.

              Copyright hasn't been waived - just my rights, voluntarily, by me.

              Copyright doesn't require I take measures to preserve a work of art, I'm free to burn it if I wish. However, the seller can impose as a condition of lending or selling the work of art to a museum that thee museum takes steps to preserve it, and even restrictions on whether it can be shown to the public. There are plenty of such cases where the acquiring museum agrees to restrict viewing to scholars only, under restrictions, as part of the agreement to acquire the art, object, or artifacts.

              And this applies to artifacts in the public domain as well. Think ancient scrolls as one example. The donor requires such restrictions, you either agree to them or you don't get the artifact. If the agreement says you can't photograph, copy, or otherwise reproduce them, even if they're old enough that copyright law says they're in the public domain, then you can't do any of those things.

              Copyright is like other rights - you can waive your rights under copyright and no third party can contest it. The GPL can't stop two people from entering into a contract where one party waived some of their rights - no license has that power.

              --
              SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
              • (Score: 3, Insightful) by Arik on Sunday February 16 2020, @08:11PM (11 children)

                by Arik (4543) on Sunday February 16 2020, @08:11PM (#958877) Journal
                "The GPL can't stop two people from entering into a contract where one party waived some of their rights - no license has that power."

                Can't and doesn't try to.

                It just sets the terms on which you may, if you choose, modify and distribute works based on it.

                If you aren't willing to abide the terms, then your license is revoked.

                You can enter all the contracts with end users you want, they can't give you any right to modify and distribute linux without the GPL.
                --
                If laughter is the best medicine, who are the best doctors?
                • (Score: 2) by barbara hudson on Sunday February 16 2020, @10:25PM (10 children)

                  by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Sunday February 16 2020, @10:25PM (#958916) Journal
                  But there is nothing requiring the RECIPIENT to not waive their rights to receive the source. And if a recipient waived the right to receive the source , the person doing the distribution is not in breech - after all, they are not the ones who waived the recipients rights. And if the distributor of the program has a waiver from the recipient, the recipient can't legally claim that the distributor breeched the gpl, even if the recipient later demands a copy of the source. The distributor can just say "sue me because it's you, not me, who are in breech of contract."

                  The judge will look at the contract and the license and rule that you waived your rights under the license. Pay damages. The judge will also rule that the gpl was not breeched because the vendor isn't the one who refused to distribute initially and only did so after the recipient waived their rights.

                  --
                  SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
                  • (Score: 0) by Anonymous Coward on Sunday February 16 2020, @10:46PM (9 children)

                    by Anonymous Coward on Sunday February 16 2020, @10:46PM (#958926)

                    The GPL also states that you can either redistribute the program by giving the recipient the full rights of the GPL, or you have to refrain to redistribute at all. So it's the *distributor* that cannot enter a contract where the recipient waived their rights.

                    • (Score: 2) by barbara hudson on Monday February 17 2020, @12:22AM (8 children)

                      by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Monday February 17 2020, @12:22AM (#958947) Journal
                      Until the recipient asks for a copy of the source, the distributor is in full compliance. That's what nobody here seems to get - it's only when the recipient asks for the source that the distributor is potentially in non- compliance. If the distributor has a waiver from the recipient that revokes the license and requires them to delete the software that a problem arises. And since the recipient knows they don't have a valid license any more, they can't try to enforce the terms of the license. How can they, they don't have a license?

                      At that point, the recipient can either stfu or delete the software: the software was distributed with no warranty whatsoever, same as other open source programs.

                      And the distributor can argue away the whole thing as being de minimus, and as such non-justiciable. After all, where's the hardship on the original author? D ir any copyrights holders? Are they able to prove any financial losses? Harm to reputation? Nope. It was of so little financial value as is that people were able to sell fixes. It could be argued that availability of such fixes enhanced the value of the original. Weakening the GPL would probably result in more innovation. Certainly it hasn't improved with age.

                      After all, it's companies and products that have been able to construct walled gardens around Linux that are successful. Compare the various open source not-quite-phones with Android. Linux on laptops with Chromebooks. Linux on the desktop with FreeBSD and Quartz from Apple.

                      BTW, just checked and there's no LICENSE.txt or even a README.txt for Linux on my distro. A newb would assume that ift was free as in FreeBSD.

                      --
                      SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
                      • (Score: 0) by Anonymous Coward on Monday February 17 2020, @01:53AM (5 children)

                        by Anonymous Coward on Monday February 17 2020, @01:53AM (#958975)

                        It is a kernel patch. The product IS the source.

                        • (Score: 2) by barbara hudson on Monday February 17 2020, @02:09AM (4 children)

                          by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Monday February 17 2020, @02:09AM (#958984) Journal
                          Cripes, what is wrong with people nowadays. I used to patch binaries directly, no source needed. There's no need for the source to patch a binary sitting on a machine. There were plenty of programs that would patch binaries directly from patch files consisting of instructions for the patch program of code offsets to cut out, binary code to overwrite with binary patches, etc. Why distribute source if it opens the door to problems?
                          --
                          SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
                          • (Score: 0) by Anonymous Coward on Monday February 17 2020, @03:03AM (3 children)

                            by Anonymous Coward on Monday February 17 2020, @03:03AM (#959002)

                            To do binary patches, everyone has to have the same binaries. The second I add in or cut out a different module, change my defaults, add my own source patches, use different compile options, etc. that binary changes.

                            And there is also the fact that if you actually looked at their downloads page or docs, you'd quickly realize that they are literally distributing GNU patch formatted files to be run against the extracted source tarball obtained from upstream.

                            • (Score: 2) by barbara hudson on Monday February 17 2020, @03:58AM (2 children)

                              by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Monday February 17 2020, @03:58AM (#959013) Journal
                              There used to be patch programs that could handle different but similar binaries. As to them distributing patches to apply to source code, that is risky and stupid. Just hack the binary directly. It's not like the Russians, North Koreans, Iranians, and various crooks haven't been able to hack binaries of commercial software for around 40 years. No source code needed. No recompiling needed.
                              --
                              SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
                              • (Score: 0) by Anonymous Coward on Tuesday February 18 2020, @03:20PM (1 child)

                                by Anonymous Coward on Tuesday February 18 2020, @03:20PM (#959538)

                                Patching the binaries is a derivative work too, you fucking moron.

                                • (Score: 0) by Anonymous Coward on Tuesday February 18 2020, @08:20PM

                                  by Anonymous Coward on Tuesday February 18 2020, @08:20PM (#959648)

                                  Not only that, but do you really think anyone who is so paranoid that they think the default Linux kernel is not secure enough is going to run a fuzzy or conditional patcher on their kernel? This goes double when you realize all the minor changes that different compilers, flags, and CONFIGs can make in the final compiled product. Yep, lets run this untested, unauditable binary patch on our production system that requires a higher security level than the default or distro kernels.

                      • (Score: 3, Touch√©) by Runaway1956 on Monday February 17 2020, @06:02AM

                        by Runaway1956 (2926) Subscriber Badge on Monday February 17 2020, @06:02AM (#959050) Homepage Journal

                        You're aware that a contract signed under duress and/or coercion is null and void?

                        Spengler's sales pitch is much like this: "I have something valuable, which you can't live without. I'll allow you to use it, if and only if, you waive your rights under the GPL." It's bullshit, plain and simple. You also have rights, Hudson. You have the right to stop defending some greedy-ass fuckwit who doesn't understand the GPL.

                        --
                        There is a supply side shortage of pronouns. You will take whatever you are offered.
                      • (Score: 2) by mobydisk on Tuesday February 18 2020, @09:20PM

                        by mobydisk (5472) on Tuesday February 18 2020, @09:20PM (#959664)

                        Until the recipient asks for a copy of the source, the distributor is in full compliance.... it's only when the recipient asks for the source that the distributor is potentially in non- compliance

                        I don't think so. The GPL is invoked at the time of distribution, not at the time the recipient asks for the source. So as soon as the GRSecurity tells the recipient "I won't give you this unless you agree to not distribute it" then GRSecurity is no longer in compliance. This happens even before the recipient gets the software. At that point GRSecurity no longer has the right to distribute the patches.

                        Breaking down the GPL as-written:

                        Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions.

                        So Linus Torvalds grants me the right to redistribute the GRSecurity patches, not GRSecurity. And this happens at the time GRSecurity distributes their patches.

                        You may not impose any further restrictions on the recipients' exercise of the rights granted herein.

                        So GRSecurity is violating the GPL by merely asking their clients to sign a waiver of rights. It's not that the recipient can't agree to do so - it's that GRSecurity is not allowed to ask.

              • (Score: 2) by gtomorrow on Sunday February 16 2020, @08:44PM (3 children)

                by gtomorrow (2230) on Sunday February 16 2020, @08:44PM (#958883) Journal

                As Arik said repeatedly, it's you that doesn't understand. In this case, you aren't waiving your rights. You are perfectly free not to enforce your rights but you are never at any moment irrevocably surrendering anything. In this case you may and can change your mind at any time regarding said rights. Specifically, under GPL, you can at any time request the source code and no one can legally tell you to, as you so eloquently put it, "pound sand".

                Geez...sometimes, Barbara, you are exhausting.

                • (Score: 0) by Anonymous Coward on Sunday February 16 2020, @09:48PM

                  by Anonymous Coward on Sunday February 16 2020, @09:48PM (#958899)

                  Geez...sometimes, Barbara, you are exhausting.

                • (Score: 0) by Anonymous Coward on Monday February 17 2020, @05:50AM (1 child)

                  by Anonymous Coward on Monday February 17 2020, @05:50AM (#959046)

                  And nothing can stop that company from doing its duty under the GPL and giving you that - and then terminating your relationship for future releases.

                  Which is what's happening here.

                  Which is why it's legal.

                  • (Score: 0) by Anonymous Coward on Monday February 17 2020, @12:12PM

                    by Anonymous Coward on Monday February 17 2020, @12:12PM (#959121)

                    It is not legal.
                    GRSecurity is forbidden from offering any additionally restrictive terms between it and the distributees of the derivative work.
                    See section 6 and section 4 of the GPL (version 2).

                    The copyright owners of the linux kernel (and of GCC, GRSecurity also makes GCC plugins, which are believed to be non-seperable derivative works aswell) have explicitly forbidden any additional restrictive terms between the licensee and the down-the-line distributee.

                    It IS illegal. Criminally too since Spengler et al have made over 1000 dollars from the direct copyright infringement.

              • (Score: 1) by khallow on Monday February 17 2020, @06:31PM

                by khallow (3766) Subscriber Badge on Monday February 17 2020, @06:31PM (#959237) Journal

                I am free to waive any and all rights granted by copyright law, AND any license that uses copyright law.

                No, you're not. You can't waive any and all rights granted by copyright law because you can't waive the owners' rights for all the copyright you don't own. Neither GRSecurity or its customers (and certainly not you) have the authority to waive the license requirements because they don't own the copyright on the Linux kernel and thus, don't have the authority to issue themselves an exception to the license.

          • (Score: 0) by Anonymous Coward on Sunday February 16 2020, @10:33PM (2 children)

            by Anonymous Coward on Sunday February 16 2020, @10:33PM (#958920)

            They can choose by law to waive any rights to the source.

            Up to the point when they want to redistribute it.
            No matter the reasons, if they choose to redistribute it and don't/cannot offer the source code, they lose the license and should stop using the software.

            • (Score: 2) by barbara hudson on Sunday February 16 2020, @11:31PM (1 child)

              by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Sunday February 16 2020, @11:31PM (#958937) Journal
              And if they waive their rights to the source, they cannot redistribute the patches, makes Spangler very happy.
              --
              SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
              • (Score: 1, Informative) by Anonymous Coward on Monday February 17 2020, @10:27AM

                by Anonymous Coward on Monday February 17 2020, @10:27AM (#959100)

                Are you an idiot?
                You have repeatedly been told that the customers don't lose any rights, Spengler loses all rights to use GPL code as soon as he violates parts 4 and 6 of the GPL. Putting the conditions he does on his clients is a violation of his license to use GPL code.

                Spengler's clients don't get any say in it, it is between the original writers and Spengler, and the ONLY thing that gives him the right to use GPL code is the license. If he violates the GPL he loses the right to distribute his derivative works.

      • (Score: 4, Informative) by aristarchus on Sunday February 16 2020, @07:55PM (5 children)

        by aristarchus (2645) on Sunday February 16 2020, @07:55PM (#958875) Journal

        The right to receive the source for patches is probably a waivable right.

        Except, it is not your right, and you cannot waive it for the entire Free Software community.

        --
        #Freearistarchus, again!!!!!1!!
        • (Score: 0, Flamebait) by barbara hudson on Sunday February 16 2020, @08:24PM (4 children)

          by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Sunday February 16 2020, @08:24PM (#958880) Journal
          It is an individual right. Read the GPL. Only the recipient of the program receives as part of their licenses the right to receive a copy of the source from the person who gave them the programs. The "community " doesn't, since they never received the program from the person.

          I give you a program that's GPL. You give a copy to someone else. If they come to me asking for source, I am not under any obligation to give it to them. Only to you, and only if you ask for it. "The community " has no such rights, and can go fucké themselves. They have the right to ask the person who distributed it to them (you), but not me, because they never received a copy from me.

          I am not responsible for fulfilling YOUR obligations under the GOL. The GOL makes zero mention of Community Rights, just the right of the individual recipient of a program to get a copy of the source from the entity they received the program from.-

          That the community can't even understand the clear limits of the GPL and how, like all contracts, it cannot bind 3rd parties without their permission, kind of makes the "freetard " label appropriate,

          The guy found a loophole in the license and law. And since in the case of Linux the license can't be changed, you're stuck with it. Too bad so sad. Not my circus, not my monkeys. FreeBSD licensing forever!

          --
          SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
          • (Score: 3, Informative) by lentilla on Sunday February 16 2020, @10:19PM (2 children)

            by lentilla (1770) on Sunday February 16 2020, @10:19PM (#958912)

            Perhaps this might be an easier way to visualise...

            understand the clear limits of the GPL and how, like all contracts, it cannot bind 3rd parties without their permission

            It's not the binding of a third party that is the issue - it's the second party that is bound.

            So; for example; Linus et al (the first party) provide Linux. The second party (Spengler) adds some goodies, and provides that to a third party (the "customer"). But in doing so, the second party automatically has their licence to redistribute the software revoked (per paragraphs 6 and 4 as mentioned above). This happens even if the third party would otherwise agree.

            You mentioned above "I might acquire a mint condition never unsealed collectors edition of a book from someone on the condition that I keep it in it's pristine unread state". Fair enough. Imagine Mr de Vinci lends an artwork to a gallery on the condition that it not be altered. The gallery; being somewhat strapped for cash; paints a moustache on the Mona Lisa and sells it to a collector to place in his den next to the picture of Dogs Playing Poker Wearing Tutus. Understandably, Mr de Vinci (the first party) is aggrieved that the second party (the gallery) has done this. The conditions that bind the second party don't get unwound - no matter how much a third party (the collector) might want an adulterated painting.

            • (Score: 2) by barbara hudson on Sunday February 16 2020, @11:29PM (1 child)

              by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Sunday February 16 2020, @11:29PM (#958936) Journal
              The 3rd party got what they wanted (a DaVinci with a moustache) so they have no grounds to complain:

              As for the museum, they are on the hook.

              This is not the same as someone distributing Linux and then refusing to supply sources for their changes. The easy way out is to say "okay, I'm not giving you the source so your software is now unlicensed - delete it." And then when they bitch, show them the standard warranty text that came with the distribution- no warranty whatsoever, which includes o warranty that it's licensed.

              So delete the patches you received and we're both back in compliance.

              --
              SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
              • (Score: 0) by Anonymous Coward on Monday February 17 2020, @06:23AM

                by Anonymous Coward on Monday February 17 2020, @06:23AM (#959058)

                I hope this will be tested in court. Could you imagine the fallout if this was a proven successful defense?

          • (Score: 1) by khallow on Monday February 17 2020, @10:14PM

            by khallow (3766) Subscriber Badge on Monday February 17 2020, @10:14PM (#959321) Journal

            Read the GPL. Only the recipient of the program receives as part of their licenses the right to receive a copy of the source from the person who gave them the programs.

            Read the GPL. The recipient of the program is not the only party with rights.

      • (Score: 0) by Anonymous Coward on Monday February 17 2020, @12:03PM

        by Anonymous Coward on Monday February 17 2020, @12:03PM (#959117)

        > The right to receive the source for patches is probably a waivable right.
        The copyright license terms of the linux kernel and of GCC prohibit spengler from proffering any additional terms, including those that ask or demand distributees to waive their rights. HE is not allowed to proffer such terms. Fucking moron.

    • (Score: 0) by Anonymous Coward on Monday February 17 2020, @11:06AM

      by Anonymous Coward on Monday February 17 2020, @11:06AM (#959105)

      Redhat vs OpenSourceSecurity:

      >How is Brad's contract different than RedHat's?

      He completely hides behind cost of bringing an enforcement suit against him (though most people don't know that and assume "no suit, must be legal"), he also relies on the ignorance people have regarding the RedHat(now IBM) situation:

      1) RedHat owns much of the copyrightable material in the Linux Kernel. If another copyright owner sued them, there could be repercussions under a non-joint-work jurisprudence (current) (ie: RH might rescind the license to their work from plaintiff, plaintiff would then have to argue they couldn't do that: that plaintiff had paid RH some consideration, plaintiff would say their own work on the kernel was consideration for RH's licensing them their works, or plaintiff would perhaps try to show the kernel was a joint-work with them thus they can do with the joint-work as they please, etc)

      1b) RedHat _could_ attempt to argue the kernel is a joint work (and if you're a copyright owner in a joint work you can license the whole as you wish to whom you wish) if push came to shove, and this would be a case of first impression here. I could see a court viewing online-collaborative-ongoing software projects as joint-works. This isn't the law now, but I could imagine that being a ruling. It might be difficult to argue against.

      2) RedHat distributes ALL of it's changes as source, ITSELF, any restrictions regarding those contracted with RedHat seem moot in the eyes of the other copyright holders, since they and the public relieve all of these changes. Which is what they want from the Licensing decision they made regarding their Work, in earnest. With GrSecurity Brad Spengler is _successfully_ making sure NOONE gets the changes back to the copyright holders, or the public: and he does so via an in-writing direct violation of the Copyright License that the linux kernel copyright owners set their work(s) under.

      It's quite different.

      >Can you publicly post the OSS terms?
      https://new.perens.com/wp-content/uploads/sites/4/2017/06/grsecstablepatchaccessagreement_additionalterms.pdf [perens.com]

    • (Score: 2) by Immerman on Monday February 17 2020, @04:49PM

      by Immerman (3985) on Monday February 17 2020, @04:49PM (#959205)

      >As far as I know, if you try to redistribute a copy of RHEL, you'll only run afoul of Red Hat's trademarks.

      Actually, I'm pretty sure you'll violate a bunch of copyrights too - just not on the Linux code. RHEL comes bundled with utilities, icons, documentation, etc. that's all copyrighted independently from the GPLed code, since they aren't derivative works. That's kind of the point of CentOS (or at least it was back in the day, I haven't followed them in a long while) - RHEL with all the trademarks and non-GPLed bundled bits stripped out.

  • (Score: 0) by Anonymous Coward on Monday February 17 2020, @09:07AM (2 children)

    by Anonymous Coward on Monday February 17 2020, @09:07AM (#959085)

    https://grsecurity.net/setting_the_record_straight_on_oss_v_perens_part1 [grsecurity.net]
    https://grsecurity.net/setting_the_record_straight_on_oss_v_perens_part2 [grsecurity.net]
    https://grsecurity.net/setting_the_record_straight_on_oss_v_perens_part3 [grsecurity.net]

    >Only a few months after this, a notorious Internet troll who had used grsecurity in the past and been banned from our forums for misogynistic comments was apparently upset at having his access cut off completely (after previously being denied access to the stable patches in 2015), and came out of hibernation to extend a private and public campaign to get revenge. This campaign continues today even, with posts to LKML, various distribution mailing lists, and posts and comments on Slashdot, Reddit, and other news aggregators. This person poses under various names, usernames, and email addresses, but most recently poses as a legitimate lawyer claiming the GPL can be rescinded. The emails come from @redchan.it,@airmail.cc, and other anonymous mailing services with usernames like "aconcernedfossdev", "visionsofalice", "gameonlinux", "nisus", and "unconditionedwitness". Most commonly, the email subject regarding us includes: "Why will no-one sue GrSecurity for their blatant GPL violation?" or "Yes you have standing to sue GRSecurity." In many instances, due to the changing names and email addresses, readers are unaware this is the same "MikeeUSA" troll, a self-professed misogynist and pedophile, that had been harrassing and issuing death threats to women in Open Source for years.

    >https://archive.is/7B9No

    • (Score: 0) by Anonymous Coward on Monday February 17 2020, @10:04PM (1 child)

      by Anonymous Coward on Monday February 17 2020, @10:04PM (#959313)

      I almost forgot about MikeeUSA. I remember them and Spengler doing laps with each other on /. back in the day after some sort of change involving Arch's license. My vague recollection was that despite many people from all sides telling him so, Spengler couldn't stop feeding the trolls nor the fact that MikeeUSA turned into a meme for a time (like APK spam), which meant that many times there could have been multiple posters posting because they find your reactions funny, not because of some sort of honest debate.

      • (Score: 0) by Anonymous Coward on Tuesday February 18 2020, @06:55AM

        by Anonymous Coward on Tuesday February 18 2020, @06:55AM (#959460)

        Why does Spengler spend a page writing about him? It sounds like an insane conspiracy theory, is Spengler well?

  • (Score: 0) by Anonymous Coward on Monday February 17 2020, @09:09AM

    by Anonymous Coward on Monday February 17 2020, @09:09AM (#959087)

    > The only thing that mattered to the court was that the GPL says "You may not impose further restrictions on the recipients' exercise of their rights granted herein" and that we have a subscription agreement. These are the only "true facts" that are now being referenced regarding the case, misleading people into believing that there were other aspects of what Perens claimed that were actual true facts. Because, according to the court, any outrageous claim can be made to connect those two separate facts, no other details mattered.

    Based court.

  • (Score: 0) by Anonymous Coward on Monday February 17 2020, @11:08AM (4 children)

    by Anonymous Coward on Monday February 17 2020, @11:08AM (#959106)

    Under RMS' interpretation of how GCC plugins legally interact with GCC;

    The FSF would have standing to sue Bradly Spengler, and Mathias Krause in their personal capacity for direct copyright infringement due to the work they do on their GCC plugins if they are subject to the GRSecurity "Access agreement" including the no-redistribution (or else) negative covenant (the additional restriction).

    In addition to suits against the Company (OpenSourceSecurity), aswell as the anonomyous employee/programmer "PaX Team".

    Anyone who knowingly distributes products using these infringing derivative works could also be sued for Contributory Copyright Infringement.

    One could also take a legal swing at their lawyer, Rohit Chhabra, perhaps as-well, for materially promoting the infringing scheme.

    • (Score: 0) by Anonymous Coward on Monday February 17 2020, @10:11PM (3 children)

      by Anonymous Coward on Monday February 17 2020, @10:11PM (#959319)

      Somewhat ironically, if the court did ever come down on the side of FSF, Perens, GNU, etc. and they tried to go after the Mr. Chhabra, there is a good chance he would use the very same opinion privilege defense to protect his wrong claims as Perens is using here.

      • (Score: 0) by Anonymous Coward on Tuesday February 18 2020, @06:53AM (2 children)

        by Anonymous Coward on Tuesday February 18 2020, @06:53AM (#959458)

        Chhabra's assistance, if it is contributory, is likely of a material nature, rather than mere opinion, no?

        • (Score: 0) by Anonymous Coward on Tuesday February 18 2020, @10:15PM (1 child)

          by Anonymous Coward on Tuesday February 18 2020, @10:15PM (#959684)

          He is acting as an attorney, which means that he complies with the law as long as he doesn't advise his client to or knowingly assist his client in breaking the law. Note also that he is assumed to be a lawyer of "reasonable prudence and competence," which is a higher burden the Perens, and imputes certain knowledge and interpretive skill on him.

          If anyone came after Chhabra, his out is to say, "I'm not liable because I was acting based on a reasonable legal opinion at the time. Because it was a legal question not decided by the courts, I didn't know for a fact that it was false nor would have more care revealed it to be false based the law as it existed at the time and because all the facts available to me to make the determination were publicly known to be true."

          Sounds an awful lot like Perens's defense of, "I'm not liable because I was acting based on a reasonable legal opinion at the time. Because it was a legal question not decided by the courts, I didn't know for a fact that it was false nor would have more care revealed it to be false based the law as it existed at the time and because all the facts available to me to make the determination were publicly known to be true."

          • (Score: 0) by Anonymous Coward on Friday February 21 2020, @05:11AM

            by Anonymous Coward on Friday February 21 2020, @05:11AM (#960591)

            Chhabra should be sued for contributory copyright infringement. There is nothing reasonable about his beliefs. His scheme is in direct violation of the express terms of the copyright license.

  • (Score: 0) by Anonymous Coward on Wednesday February 19 2020, @02:58AM

    by Anonymous Coward on Wednesday February 19 2020, @02:58AM (#959760)

    >Grsec is adding additional terms to the support contract. Not to the program or the GPL license.

            That simply does not matter. The GPL forbids ANY additional terms between the licensee and down-the-line distributees, obviously where there is a nexuis between the protected Work, and the contract.

            You seem to misunderstand what a copyright license is. It is permission to use the protected Work, from the Copyright owners. (In this case it isn't a contract: you didn't pay any bargained for consideration to receive the permissions: they were just granted for nothing)

            Here the Copyright Owner has stipulated that if YOU the licensee proffer ANY additional restrictions (section 6) OR modify or distribute the Program except as EXPRESSLY provided under this License (section 4); your loicense is revoked at that moment.

            Adding a "you may not redistribute the derivative work of the Program, and if you do we will assay penalties upon you (no refund etc)" is NOT "distribut(ing) the Program as expressly provided under this License.

            It is, infact, distributing (and modifying) the Program under terms that are NOT under the Express terms of the license.

            Yes GRSecurity is in violation.

            And perhaps (you?) Rohibit Chabara is an accessory to that scheme (contributory or vicarious copyright infringement)

  • (Score: 0) by Anonymous Coward on Wednesday February 19 2020, @07:08AM

    by Anonymous Coward on Wednesday February 19 2020, @07:08AM (#959809)

    The GPL has teeth, but they're not attached to a jaw.

    Dear RMS; If you don't want to defend free software in the courts anymore, if you don't want to be involved at all, maybe you need to make an announcement. People still look up to you as "the head", but if you want to be an "old decrepit man with no drive" now... you need to tell everyone about your retirement.

    This "we can't do anything" thought is complete bullshit from Bradly Kuhn, and whatever other morons you're hanging out with these days: it does NOT come from ANY ip lawyers. You have a good case on the GCC side, and the linux kernel copyright holders have a great case, atleast on the law (now on recovery...)

    You can nail these people (Grsecurity) to a pillar.
    But you won't encourage that.

    You've sold the GPL dream down the BSD river. Why? Because some women complained about your opinions? This is pathetic, get some testosterone injections and fight.

    What are you afraid of? Grsecurity suing you for libel too? They are blatantly violating the GPL. Section 6 and section 4. They are both civilly liable for damages, and (since they've made over 1k off of their direct copyright infringement) criminally liable. That is: Bradly spengler aswell as those assisting him.

    Why should any of us (mostly men) programmers have anything to do with Free Software if YOU will not bear your teeth once in awhile and force compliance with the license you have asked us to use: to put fear into those who would otherwise violate it and bar us from the full fruits of our programmatic efforts?

    Tell me that? Or do you just not care if men contribute to Free Software anymore: You think the women will do this hobby for free like the men have? They won't. You're living in a dreamworld if you think otherwise (men fall in love with engineering; that's why they're willing to do it for free). The same dreamworld where you listen to the likes of Bradly Kuhn, even now, a completely unqualified individual who always tryst to STYMIE and SLOWDOWN any legal action this past half decade (or more).

    I can't believe 1) some woman complaining and 2) Grsecurity's libel-lawsuit threats have shut you up, taken you down, and ended Free Software (the share-and-share-alike strain). But that's what has happened.

    Grsecurity has gotten away with it, every other company knows it, they are BLATANTLY violating section 6 and 4 (of v2 of the GPL), EVERYONE knows it, NOTHING will be done about it. GPL is BSD license, effectively, because the white male programmers are scumbag wimps who won't even SUE. They won't even _SUE_. It doesn't take any physical effort to sue. If you'd bother to register your copyrights lawyers would be happy to help you with getting those statutory damages.

    This is... it's just beyond words. It's basically all a lie: everything you've claimed to others: because without enforcement the GPL and all it stands for, all you've campaigned for, is just ... well just as effective as this email.

    With regret,
    Me.

  • (Score: 0) by Anonymous Coward on Friday February 21 2020, @07:53AM

    by Anonymous Coward on Friday February 21 2020, @07:53AM (#960628)

    >"You will not redistribute to non-customer 3rd parties"
    Is an additional restriction not present in the GPL. (Violation of section 6)
    It is also an additional term being added, not present in the GPL, on a modification of the Program. (Violation of section 4)

    >"We will not do business with you if you redistribute to non-customer 3rd parties"
    Is an enforcement clause of this new additional restriction, and this new additional term that the distributee is required to agree to inorder to recieve the derivative works (linux patch, GCC plugins, etc).

    >"We also will not refund your remainder"
    Is another enforcement term. IE: 'We're keeping your money, that for-which you have not recieved anything for yet: as additional penalization for redistributing our property against our express terms not to"

    Yes: GRSecurity is BLATANTLY violating section 6 and section 4 of the GPL.
    They are liable for both civil and criminal penalties (having made more than 1k in revenue from this direct infringement). Those who have assisted in creating the scheme are liable for contributory and vicarious infringement.

  • (Score: 0) by Anonymous Coward on Friday February 21 2020, @07:54AM

    by Anonymous Coward on Friday February 21 2020, @07:54AM (#960630)

    >Grsec is not violating the GPL.

    Grsecurity is violating the Copyright of the Linux kernel and of GCC.

    >6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.

    >4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

    Grsecurity is modifying, distributing, and sublicensing the Program under terms NOT expressly provided under "this License"

    It has placed thos term, which are not expressly provided under "this License" in it's access agreement:
    >https://perens.com/wp-content/uploads/sites/4/2017/06/grsecstablepatchaccessagreement_additionalterms.pdf

    This is one of the terms that Grsecurity has the distributee agree to, which is not expressly provided under "this License":

    >Notwithstanding these rights and obligations, the User acknowledges that redistribution of the provided stable patches or changelogs outside of the explicitobligations under the GPL to User's customers will result in termination of accessto future updates of grsecurity stable patches and changelogs.

    What does notwithstanding mean?
    > Notwithstanding \Not`with*stand"ing\, prep.
    > Without prevention, or obstruction from or by; in spite of.

    IE: "In spite of, the previously mentioned disclaimer, you will not redistribute the Program, or else"

1 (2)