Stories
Slash Boxes
Comments

SoylentNews is people

Linux Kernel Patch Maker Says Court Case Was Only Way Out

posted by Fnord666 on Sunday February 16 2020, @02:22PM   Printer-friendly
from the no-way-out dept.

An Anonymous Coward writes:

https://www.itwire.com/open-source/linux-kernel-patch-maker-says-court-case-was-only-way-out.html

The head of security firm Open Source Security, Brad Spengler, says he had little option but to file a lawsuit against open source advocate Bruce Perens, who alleged back in 2017 that security patches issued for the Linux kernel by OSS violated the licence under which the kernel is distributed.

The case ended last week with Perens coming out on the right side of things; after some back and forth, a court doubled down on its earlier decision that OSS must pay Perens' legal costs as awarded in June 2018.

The remainder of the article is an interview with Brad Spengler about the case and the issue.

iTWire contacted Spengler soon after the case ended, as he had promised to speak at length about the issue once all legal issues were done and dusted. Queries submitted by iTWire along with Spengler's answers in full are given below:

Previously:
Court Orders Payment of $259,900.50 to Bruce Perens' Attorneys

Original Submission

 
This discussion has been archived. No new comments can be posted.
Linux Kernel Patch Maker Says Court Case Was Only Way Out | Log In/Create an Account | Top | 157 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by mobydisk on Tuesday February 18 2020, @09:20PM

    by mobydisk (5472) on Tuesday February 18 2020, @09:20PM (#959664)

    Until the recipient asks for a copy of the source, the distributor is in full compliance.... it's only when the recipient asks for the source that the distributor is potentially in non- compliance

    I don't think so. The GPL is invoked at the time of distribution, not at the time the recipient asks for the source. So as soon as the GRSecurity tells the recipient "I won't give you this unless you agree to not distribute it" then GRSecurity is no longer in compliance. This happens even before the recipient gets the software. At that point GRSecurity no longer has the right to distribute the patches.

    Breaking down the GPL as-written:

    Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions.

    So Linus Torvalds grants me the right to redistribute the GRSecurity patches, not GRSecurity. And this happens at the time GRSecurity distributes their patches.

    You may not impose any further restrictions on the recipients' exercise of the rights granted herein.

    So GRSecurity is violating the GPL by merely asking their clients to sign a waiver of rights. It's not that the recipient can't agree to do so - it's that GRSecurity is not allowed to ask.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2