Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Monday March 30 2020, @10:05AM   Printer-friendly
from the justice-in-action dept.

From The Register:

After three years of legal wrangling, the defamation lawsuit brought by Brad Spengler and his company Open Source Security (OSS) against open-source pioneer Bruce Perens has finally concluded.... Spengler and OSS sued Perens for a June 2017 blog post in which Perens ventured the opinion that grsecurity, Open Source Security's Linux kernel security enhancements, could expose customers to potential liability under the terms of the General Public License (GPL).

OSS says that customers who exercise their rights to redistribute its software under the GPL will no longer receive software updates – the biz wants to be paid for its work, a problem not really addressed by the GPL. Perens, the creator of the open-source definition, pointed out that section six of the GPLv2 prohibits modifications of the license terms.

In December 2017, San Francisco magistrate judge Laurel Beeler determined that Perens had expressed an opinion as allowed under American law and dismissed the defamation claim. Perens then sought to recoup legal expenses under California's Anti-Strategic Lawsuits Against Public Participation (SLAPP) statute, [and] a month later he was awarded more than $526,000 in damages.

Spengler and OSS then appealed, and managed to get the award reduced to about $260,000, but not overturned.... Perens gets nothing personally for his trouble, but his legal team will be paid. O'Melveny & Myers LLP will receive $262,303.62 for the district court litigation (fees and costs) and $2,210.36 for the appeal (costs) while the Electronic Frontier Foundation will be paid $34,474.35 (fees) and $1,011.67 (costs) for its role in the appeal.

Previously:


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by All Your Lawn Are Belong To Us on Wednesday April 01 2020, @01:48PM (7 children)

    by All Your Lawn Are Belong To Us (6553) on Wednesday April 01 2020, @01:48PM (#978020) Journal

    At first when I read your comment I thought it wasn't quite correct, because truth is a defense to defamation in the United States. That would imply falsehood is essential to proving defamation (i.e. to be defamed what has to be said against you must be false). It is different in other jurisdictions - in some it doesn't matter if it was true if you can prove malicious intent in revealing it. However, the defense against this claim here was that Perrens was only expressing opinion (and his original blog post [perens.com] states that at least three times, that it was his opinion. He added in IANAL to sweeten that.

    Despite that, just because something is labeled as opinion does not necessarily make it such [minclaw.com]. He does make implications of fact in his post as to what the GPL 2.0 represented and that grsecurity was violating it. If they could have proved Perrens claims as false they would have, even if Perrens presented it (three times in said blog post sued over) that it was his opinion and that he was not a lawyer. That does not, as you state, prove that what he said was true. But it goes a ways towards being able to assume it prima facie.

    Ultimately without actually going into the case itself, one doesn't know if what Perrens said was determined to be legally factual, or just an opinion that could be wrong, although we do know that it was defended on the grounds of being opinion.

    What really would have been needed was for a customer of grsecurity to go ahead and republish, be denied updates, and then sue. That would seem to be the acid test of whether Perrens' opinion was correct.

    --
    This sig for rent.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by loonycyborg on Wednesday April 01 2020, @03:52PM (6 children)

    by loonycyborg (6905) on Wednesday April 01 2020, @03:52PM (#978071)

    What then would be claims of such a customer? Contract violation? GPL can't make this contract void, only effect infringing GPL has in this case is that grsecurity cannot actually distribute their modifications as they're unauthorized derivative work because alleged GPL violation made GPL license not apply to grsecurity's patches. So the only way for this to be tested is for kernel devs to sue grsecurity for copyright infringement.

    • (Score: 2) by All Your Lawn Are Belong To Us on Friday April 03 2020, @03:04PM (4 children)

      by All Your Lawn Are Belong To Us (6553) on Friday April 03 2020, @03:04PM (#978727) Journal

      IANAL, BTW, and this is just my opinion (see what I did there? ;) )

      It's not that the GPL rendered the agreement void, it is that the GPL prevents grsecurity from voiding an otherwise legal agreement.

      But if I'm a customer, and I purchased grsecurity's product and republished it (because I can prove the GPL that would have applied to grsecurity) and they denied me security upgrades then I think the case could be made for tortious business interference. It would hinge on having the court recognize that grsecurity's product, by using a GPL 2.0 license, cannot legally prevent redistribution of the end product. Their trying to introduce contractual complications which are not lawful makes those complications null and void and cannot therefore be grounds to deny update patches that other customers received without further consideration. Or, simply, it's not legal to terminate their 'stable patch access agreement' (which is no longer available) when parent licensing agreements specifically authorize that behavior. I think that's a fair summary of what Perens was saying.

      What Perens missed is that the suing customer have to prove real damages occurred before such a claim could be actionable. Which would likely consist of having to prove that missing a grsecurity patch was the proximate cause of some real damage which can be quantified.

      And what grsecurity missed is that they could have simply phrased it, "We can terminate this agreement at any time and without notice and without any compensation to you, and if you are so informed you lose the license to use the software and must destroy any copies you have created." Then if they determine somebody publishes it, terminate the agreement with absolutely no reference as to why, and so notify them it is now their responsibility to delete any and all copies. That wouldn't be good for business but would protect them legally. Not dissimilar to not specifying why you terminate someone in right-to-work states - if you do not tell an employee why they are terminated the employee can still bring a suit but is on far shakier ground to prevail. Neither of those are ethically good but theuy

      --
      This sig for rent.
      • (Score: 2) by loonycyborg on Saturday April 04 2020, @07:57AM (3 children)

        by loonycyborg (6905) on Saturday April 04 2020, @07:57AM (#978982)

        I think a court would be very suspicions of this legal theory because it looks like obvious end run over Linux Kernel devs being unwilling to sue grsecurity themselves. Also GPL by itself cannot mandate anyone to distribute anything. So even if GPL violation were shown to exist then the part of grsecurity not providing the patches to the customer would be still valid. In fact it would be the only the contract part that is still valid. They're always in the right to not distribute their unauthorized derivative work.

        • (Score: 2) by All Your Lawn Are Belong To Us on Monday April 06 2020, @06:16PM

          by All Your Lawn Are Belong To Us (6553) on Monday April 06 2020, @06:16PM (#979725) Journal

          The question would be who actually suffers the damage. If it's just copyright then the end user isn't damaged. If the end customer is damaged then it shouldn't matter to the Linux devs.

          GPL (the version in question) doesn't mandate distribution. It mandates no interference of someone to distribute. And the GPL prevents exactly what you say because it explicitly gives the right to distribute derivative works without need to seek an authorization. Thus by stating that a derivative work can't be distributed they are in violation of their own agreements to use the code, and trying to enforce that is a tort by virtue of interfering with what is clearly a legally permissible action of the licensing chain.

          --
          This sig for rent.
        • (Score: 2) by All Your Lawn Are Belong To Us on Monday April 06 2020, @06:19PM (1 child)

          by All Your Lawn Are Belong To Us (6553) on Monday April 06 2020, @06:19PM (#979727) Journal

          Lots of "theys" in one of my sentences. Trying again (not that it matters)… "Thus by stating that a derivative work can't be distributed grsecurity is in violation of grsecurity's own agreements to use the Linux kernel code. By their trying to enforce no distribution of their derivative work, when the GPL explicitly authorizes that, is a tort by virtue of interfering with what is clearly a legally permissible action of the GPL 2.0 licensing chain."

          --
          This sig for rent.
          • (Score: 2) by loonycyborg on Tuesday April 07 2020, @12:13AM

            by loonycyborg (6905) on Tuesday April 07 2020, @12:13AM (#979815)

            It's still off. grsecurity wasn't in any agreement with kernel devs. GPL is a license, not a contract. grsecurity are not enforcing no distribution. They merely refuse to distribute. GPL isn't forcing distribution. GPL can only revoke copyright license conditionally. Nothing less, nothing more.

    • (Score: 2) by All Your Lawn Are Belong To Us on Friday April 03 2020, @03:07PM

      by All Your Lawn Are Belong To Us (6553) on Friday April 03 2020, @03:07PM (#978730) Journal

      ... Neither of those [terminating a worker with no stated cause, or a proviso that can be terminated] are ethically good but they are legal.

      --
      This sig for rent.