Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Monday September 07 2015, @08:31AM   Printer-friendly
from the the-GPL-is-open-to-interpretation dept.

Grsecurity® is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening that generally require no configuration. It has been actively developed and maintained for the past 14 years. Commercial support for grsecurity is available through Open Source Security, Inc.

In a big red block at the top of their home page is the following warning:

Important Notice Regarding Public Availability of Stable Patches
Due to continued violations by several companies in the embedded industry of grsecurity®'s trademark and registered copyrights, effective September 9th 2015 stable patches of grsecurity will be permanently unavailable to the general public. For more information, read the full announcement.

And I thought GRSecurity was based on the GPL'd work called "Linux". Guess I was wrong.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Monday September 07 2015, @03:35PM

    by Anonymous Coward on Monday September 07 2015, @03:35PM (#233301)

    http://oxwugzccvk3dk6tj.onion/tech/res/346860.html [oxwugzccvk3dk6tj.onion]
    http://pipedot.org/pipe/K33M [pipedot.org]

    11:01 -!- Irssi: Starting query in OFTC with secondparty
    11:01 [secondparty] hello
    11:01 [secondparty] I'm sorry I don't understand what is reproached to grsec team?
    11:04 [Prty1] read the links
    11:05 [Prty1] Spengler announced he is closing grsecurity, he will only distribute to those who pay him 200 dollars per month
    11:05 [Prty1] grsecurity is a derivative work of the linux kernel, which has 10000s of rights holders
    11:05 [Prty1] Spengler only has permission to modify the linux kernel at the grace of those rights holders
    11:06 [Prty1] either: through bare license (property law), or contract (contract law)
    11:06 [Prty1] licenses can be revoked at any time by the rights holder, provided he is not estopped from doing so
    11:07 [Prty1] thus a plaintiff, if linux is merely licensed (if the GPL and agreement is not a contract), can simply bar him and then seek statutory damages if he continues to
    create derivative works (100k+ per violation)
    11:08 [Prty1] if the GPL and the agreement which allows Spengler to modify the copyrighted work is a contract, then we proceede under contract law
    11:08 [Prty1] here first we look to if the document is fully integrated or not, the linux documentation, and the GPL makes no mention of this
    11:09 [secondparty] but since the linux kernel is under GPL, it's ok to distribute copies of his work for a fee, as long as the source code is published isn't it?
    11:11 [Prty1] He is not publishing the source code.
    11:11 [Prty1] He is keeping it closed, except to people who pay 200 a month
    11:11 [secondparty] oh I see
    11:11 [Prty1] anyway
    11:12 [Prty1] since there is no integration clause
    11:12 [Prty1] we can likely bring in extrisic evidence to show that the rights holders never intended that someone may close a derivative work as such
    11:13 [Prty1] when a contract is not fully integrated, evidence to the intentions of the parties, their state of mind, usage in trade of terms, etc can be brought in, even if
    they contradict the written terms of the agreement.
    11:14 [Prty1] Now, if the GPL is neither a license, and if it also does not satisfy the elements of a contract (perhaps there is no meeting of the minds, or more likely one
    party has not given anything up), then Spengler is simply violating copyright
    11:14 [secondparty] i see
    11:14 [secondparty] I'm so sad :(
    11:14 [Prty1] He, and all of free/opensource software, may very well be relying only on good will, which Spengler clearly is violated
    11:15 [Prty1] secondparty try to get the message through to spengler, and ask him to change course. He may dismiss this as "trolling" but I've been through lawschool, graduated,
    he has not.
    11:17 [secondparty] I will
    11:18 [secondparty] are you sure selling a patch for a GPL software without publishing source code is an infridgement to the GPL?
    11:18 [secondparty] I mean he doesn't publish the linux kernel code along with his patches, just the patches themselves
    11:19 [Prty1] secondparty the agreement, if one exists, may extend to more than the language within the document (GPL)
    11:19 [Prty1] He is, if you will, "hanging on a technicality", and perhaps not the actual agreement between he and the parties
    11:19 [Prty1] often this is known as "bad faith"
    11:21 [Prty1] The FSF is not a party to this agreement, nor is the "GPL" (it is not the GPL that is being infringed against, it is the rights holders to the copyrighted work).
    The GPL is a document adopted by the rightsholders to, in part, describe the relationship between the parties.
    11:22 [secondparty] what kind of law school have you followed? Is it specialized in software, open source license etc?
    11:23 [Prty1] secondparty the granting of permission to use a copyrighted work is based on either property law or contract law
    11:24 [Prty1] Under property law, a holder of title may license a person to use their property (real or personal)
    11:24 [Prty1] this is called a license
    11:24 [secondparty] yeah I agree with this point, but "We don't know for sure what constitutes a derivative work in software. No one has truly tested this definition. The GPL
    implies that a derivative work is one that is linked, statically or dynamically, with the original work. Yet this might change with GPL v3. "
    11:24 [Prty1] (the term of art in copyright litigation is "bare license")
    11:25 [Prty1] Licenses can be revoked at any time by the owner.
    11:26 [Prty1] (unless he is estopped by his own words: ie he promised he would allow the licensee to build a garden in spot X, and then tries to sell a license to a 3rd party
    to build a road through that garden)
    11:26 [Prty1] So you don't want the GPL to be a "bare license"
    11:26 [Prty1] You want it to be a contract, some of which are irrevokable.
    11:27 [Prty1] GRSecurity is clearly a derivative work, there is no argument there.

    11:27 [secondparty] I'm not saying it is not, I just have no clue
    11:27 [secondparty] could you help me prove this is derivative work
    11:27 [secondparty] to me it feels like some author A publish a book, then author B publish some addendum to this book, it shouldn't impact the original author rights
    11:28 [secondparty] doesn't it?
    11:29 [Prty1] If Author A publishes a work, and then Autor B publishes an edited version of that work, it is clearly derivative
    11:29 [secondparty] no
    11:29 [secondparty] what I meant
    11:29 [secondparty] was like
    11:29 [Prty1] We don't need to test the edge cases here
    11:29 [secondparty] well I'm not trying to troll or anything, I'm really just trying to see clearly
    11:30 [Prty1] But yes, if you publish an addendum to a book, it is a derivative work: it uses the same characters, the same settings, etc.
    11:30 [secondparty] doesn't have to
    11:30 [Prty1] If you published an addendum to a Micky Mouse story, you would be violating Disneys Copyright.
    11:30 [secondparty] I could publish a book saying author A forgot to mention a point in his book, here the point he missed
    11:31 [secondparty] without revealing anything of A's book
    11:31 [Prty1] Anyway, GRSecurity is a derivative work, don't worry about it.
    11:31 [secondparty] to me a patch feels the same
    11:31 [Prty1] well you're wrong, as I said, lay opinion.
    11:31 [secondparty] could you point me to a law article that proves grsecurity is derivative work?
    11:31 [Prty1] Nope.
    11:31 [secondparty] grsecurity or anything that is just a patch for a GPL software
    11:32 [Prty1] Unless you'll pay for westlaw or nexuiz lexis subscription.
    11:32 [Prty1] (paywalled)
    11:32 [secondparty] you mean I need to pay for you to give me this information?
    11:32 [Prty1] I don't currently have a subscription/
    11:33 [Prty1] But yes, you have to pay to access public court documents, let alone copyrighted law articles.
    11:33 [Prty1] Same in science.
    11:33 [Prty1] Anyway let us say you took someone's book, and then you edited in 4 million places (the book is 20 million places long)
    11:34 [secondparty] seems weird to have to pay for knowing a law everyone is assumed to know
    11:34 [Prty1] then you published your new book
    11:34 [secondparty] that's not what spender is doing
    11:34 [Prty1] obviously that is a derivative work
    11:34 [Prty1] now
    11:34 [Prty1] let us say you compiled just your edits
    11:34 [secondparty] he doesnt' publish the full book, only his modification to the book
    11:34 [Prty1] let us say you compiled just your edits
    11:34 [Prty1] and information on how to apply that to the original book
    11:34 [Prty1] That too is a derivative work.
    11:35 [Prty1] you cannot hang on a technicality here
    11:35 [Prty1] just think of the word "derivative" in your mind
    11:35 [Prty1] "Can this work stand alone" ask even?
    11:35 [Prty1] no it cannot.
    11:36 [Prty1] Just as a celing beam cannot stand without a foundation, walls, etc, to hold it up.
    11:38 [Prty1] secondparty: I think this discussion might be useful to others, may I publish it?
    11:39 [Prty1] [secondparty] seems weird to have to pay for knowing a law everyone is assumed to know [--- That's why the subscriptions cost so much :(
    11:40 [secondparty] I dont' mind as long as you remove my nick
    11:41 [Prty1] Ok, thanks