Stories
Slash Boxes
Comments

SoylentNews is people

GRSecurity Linux Kernel Patch to End Public Accessability of Stable Patches.

posted by cmn32480 on Monday September 07 2015, @08:31AM   Printer-friendly
from the the-GPL-is-open-to-interpretation dept.

An Anonymous Coward writes:

Grsecurity® is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening that generally require no configuration. It has been actively developed and maintained for the past 14 years. Commercial support for grsecurity is available through Open Source Security, Inc.

In a big red block at the top of their home page is the following warning:

Important Notice Regarding Public Availability of Stable Patches
Due to continued violations by several companies in the embedded industry of grsecurity®'s trademark and registered copyrights, effective September 9th 2015 stable patches of grsecurity will be permanently unavailable to the general public. For more information, read the full announcement.

And I thought GRSecurity was based on the GPL'd work called "Linux". Guess I was wrong.

Original Submission

 
This discussion has been archived. No new comments can be posted.
GRSecurity Linux Kernel Patch to End Public Accessability of Stable Patches. | Log In/Create an Account | Top | 42 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1) by cloud.pt on Tuesday September 08 2015, @11:34AM

    by cloud.pt (5516) on Tuesday September 08 2015, @11:34AM (#233715)

    @stormreaver JoeMerchant makes a good point: "But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the program's users, under the GPL."

    This seems pretty clear to me - commercial poison. Poison is a strong, pejorative word but I just want to state the fact it poisons your code. I'd say more, it's a form of distributed code virus, because whenever you stop using it privately, it stops being: 1. Private and 2. closed-source. Those are the rules, they're pretty clear.

    But let's focus on GRSecurity's use case: do they use it solely privately? It depends on your point of view (and that's what they're playing with). To me, since they provide it to different organizations with different missions as their own, I'd say it's pretty clear the use case stopped being "internal". But others (like GRSEcurity itself) are arguing their group of customers, together with GRSEcurity itself form a closed group which is the sole private "user" of the software, in it's "internal" fashion, it just so happens to involve a "binary/working code for money" exchange.

    You could also argue that a service provider (i.e. an employee) working internally for a single company, who uses GPL for an internal project, is also providing his own (originated out of his creativity) code for external use. I believe this is a flaw of GPL and should be clarified/modified under it's raison d'être for a next version - what is private? Is it for a single, indisputable purpose, or for a catch-all purpose of an organization?

  • (Score: 2) by stormreaver on Tuesday September 08 2015, @01:56PM

    by stormreaver (5101) on Tuesday September 08 2015, @01:56PM (#233771)

    @stormreaver JoeMerchant makes a good point: "But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the program's users, under the GPL."

    JoeMerchant has misread and misapplied the GPLv3. See my previous reply.