SoylentNews is people
SoylentNews
From The Register:
After three years of legal wrangling, the defamation lawsuit brought by Brad Spengler and his company Open Source Security (OSS) against open-source pioneer Bruce Perens has finally concluded.... Spengler and OSS sued Perens for a June 2017 blog post in which Perens ventured the opinion that grsecurity, Open Source Security's Linux kernel security enhancements, could expose customers to potential liability under the terms of the General Public License (GPL).
OSS says that customers who exercise their rights to redistribute its software under the GPL will no longer receive software updates – the biz wants to be paid for its work, a problem not really addressed by the GPL. Perens, the creator of the open-source definition, pointed out that section six of the GPLv2 prohibits modifications of the license terms.
In December 2017, San Francisco magistrate judge Laurel Beeler determined that Perens had expressed an opinion as allowed under American law and dismissed the defamation claim. Perens then sought to recoup legal expenses under California's Anti-Strategic Lawsuits Against Public Participation (SLAPP) statute, [and] a month later he was awarded more than $526,000 in damages.
Spengler and OSS then appealed, and managed to get the award reduced to about $260,000, but not overturned.... Perens gets nothing personally for his trouble, but his legal team will be paid. O'Melveny & Myers LLP will receive $262,303.62 for the district court litigation (fees and costs) and $2,210.36 for the appeal (costs) while the Electronic Frontier Foundation will be paid $34,474.35 (fees) and $1,011.67 (costs) for its role in the appeal.
Previously:
- Linux Kernel Patch Maker Says Court Case Was Only Way Out
- Court Orders Payment of $259,900.50 to Bruce Perens' Attorneys
- Bruce Perens Wants to Anti-SLAPP GRSecurity's Brad Spengler With $670,000 in Legal Bills
- Grsecurity's Defamation Suit Against Bruce Perens Dismissed
- Linux Kernel Hardeners Grsecurity Sue Open Source's Bruce Perens
- Bruce Perens Warns of Potential Contributory Infringement Risk for Grsecurity Customers
(Score: 2) by All Your Lawn Are Belong To Us on Friday April 03 2020, @03:04PM (4 children)
IANAL, BTW, and this is just my opinion (see what I did there? ;) )
It's not that the GPL rendered the agreement void, it is that the GPL prevents grsecurity from voiding an otherwise legal agreement.
But if I'm a customer, and I purchased grsecurity's product and republished it (because I can prove the GPL that would have applied to grsecurity) and they denied me security upgrades then I think the case could be made for tortious business interference. It would hinge on having the court recognize that grsecurity's product, by using a GPL 2.0 license, cannot legally prevent redistribution of the end product. Their trying to introduce contractual complications which are not lawful makes those complications null and void and cannot therefore be grounds to deny update patches that other customers received without further consideration. Or, simply, it's not legal to terminate their 'stable patch access agreement' (which is no longer available) when parent licensing agreements specifically authorize that behavior. I think that's a fair summary of what Perens was saying.
What Perens missed is that the suing customer have to prove real damages occurred before such a claim could be actionable. Which would likely consist of having to prove that missing a grsecurity patch was the proximate cause of some real damage which can be quantified.
And what grsecurity missed is that they could have simply phrased it, "We can terminate this agreement at any time and without notice and without any compensation to you, and if you are so informed you lose the license to use the software and must destroy any copies you have created." Then if they determine somebody publishes it, terminate the agreement with absolutely no reference as to why, and so notify them it is now their responsibility to delete any and all copies. That wouldn't be good for business but would protect them legally. Not dissimilar to not specifying why you terminate someone in right-to-work states - if you do not tell an employee why they are terminated the employee can still bring a suit but is on far shakier ground to prevail. Neither of those are ethically good but theuy
This sig for rent.
(Score: 2) by loonycyborg on Saturday April 04 2020, @07:57AM (3 children)
I think a court would be very suspicions of this legal theory because it looks like obvious end run over Linux Kernel devs being unwilling to sue grsecurity themselves. Also GPL by itself cannot mandate anyone to distribute anything. So even if GPL violation were shown to exist then the part of grsecurity not providing the patches to the customer would be still valid. In fact it would be the only the contract part that is still valid. They're always in the right to not distribute their unauthorized derivative work.
(Score: 2) by All Your Lawn Are Belong To Us on Monday April 06 2020, @06:16PM
The question would be who actually suffers the damage. If it's just copyright then the end user isn't damaged. If the end customer is damaged then it shouldn't matter to the Linux devs.
GPL (the version in question) doesn't mandate distribution. It mandates no interference of someone to distribute. And the GPL prevents exactly what you say because it explicitly gives the right to distribute derivative works without need to seek an authorization. Thus by stating that a derivative work can't be distributed they are in violation of their own agreements to use the code, and trying to enforce that is a tort by virtue of interfering with what is clearly a legally permissible action of the licensing chain.
This sig for rent.
(Score: 2) by All Your Lawn Are Belong To Us on Monday April 06 2020, @06:19PM (1 child)
Lots of "theys" in one of my sentences. Trying again (not that it matters)… "Thus by stating that a derivative work can't be distributed grsecurity is in violation of grsecurity's own agreements to use the Linux kernel code. By their trying to enforce no distribution of their derivative work, when the GPL explicitly authorizes that, is a tort by virtue of interfering with what is clearly a legally permissible action of the GPL 2.0 licensing chain."
This sig for rent.
(Score: 2) by loonycyborg on Tuesday April 07 2020, @12:13AM
It's still off. grsecurity wasn't in any agreement with kernel devs. GPL is a license, not a contract. grsecurity are not enforcing no distribution. They merely refuse to distribute. GPL isn't forcing distribution. GPL can only revoke copyright license conditionally. Nothing less, nothing more.