Linux Kernel Hardeners Grsecurity Sue Open Source's Bruce Perens (theregister.co.uk) 307
An anonymous reader shares a report from The Register: In late June, noted open-source programmer Bruce Perens [a longtime Slashdot reader] warned that using Grsecurity's Linux kernel security could invite legal trouble. "As a customer, it's my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog. The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may have helped him draft that post, for defamation and business interference. Grsecurity offers Linux kernel security patches on a paid-for subscription basis. The software hardens kernel defenses through checks for common errors like memory overflows. Perens, meanwhile, is known for using the Debian Free Software Guidelines to draft the Open Source Definition, with the help of others.
Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code -- a right under the GPLv2 license -- will no longer be customers and will lose the right to distribute subsequent versions of the software. According to Perens, "GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition." A legal complaint (PDF) filed on behalf of Grsecurity in San Francisco, California, insists the company's software complies with the GPLv2. Grsecurity's agreement, the lawsuit states, only applies to future patches, which have yet to be developed. Perens isn't arguing that the GPLv2 applies to unreleased software. Rather, he asserts the GPLv2, under section 6, specifically forbids the addition of contractual terms.
Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code -- a right under the GPLv2 license -- will no longer be customers and will lose the right to distribute subsequent versions of the software. According to Perens, "GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition." A legal complaint (PDF) filed on behalf of Grsecurity in San Francisco, California, insists the company's software complies with the GPLv2. Grsecurity's agreement, the lawsuit states, only applies to future patches, which have yet to be developed. Perens isn't arguing that the GPLv2 applies to unreleased software. Rather, he asserts the GPLv2, under section 6, specifically forbids the addition of contractual terms.
Prove it's true (Score:4, Insightful)
That would put a full stop to Gr's suit.
But besides that, it's pretty clear this is an intimidation move because it would be relatively trivial to just show you're not doing it.
Re: (Score:3, Insightful)
Yeah, suing the god damned web hoster as well is a sure sign they want to discourage this kind of talk in future.
Re:Prove it's true (Score:5, Informative)
I would suggest that if that is their intention, they do not know Mr Perens very well, and have not done their homework.
I suspect they are currently experiencing bit of a surprise in the reaction to their attempted strong-arming..
I also suspect they are rather wet-behind-the-ears (at least their decision makers) in the area of kernel security, to try such a play.
They are trying to play a legal-loophole game, when never goes down very well with the kernel maintainers, to say the least.
And they have quite possibly forgotten the fact that the maintainers could make their lives a LOT harder basically at well, by making their patches unworkable in subsequent releases..
Or they could just say sorry, and hope that they get some forgiveness - I am betting they wont..
Re: (Score:3, Informative)
And they have quite possibly forgotten the fact that the maintainers could make their lives a LOT harder basically at well, by making their patches unworkable in subsequent releases..
That isn't really a viable solution.
Writing kernel code specifically to make it incompatible rather than to get the best solution will cause all sorts of problems.
They could release new code under a non-GPL license that is mostly identical with GPL but prohibits usage together with grsecurities software, but I'm not sure such a license will hold up in court and it is a bit against the free software mindset.
(OK, BSD is a bit more along the lines of "You can do whatever you want, even if you use the code for
Re: (Score:3, Interesting)
The problem with this is that you wrongly assume that kernel developers are also security experts. I don't mean "aware of security", I mean real bono-fide experts, of which there are very few indeed.
Attempts to do just as you suggest, that is to take an existing patch and break it up, have been criticised due to their missing important points or changing something in such a way as to make it ineffective. Basically, unless you understand what you are doing, you are going to make some mistakes.
This applies to
Re: (Score:2)
I would suggest that if that is their intention, they do not know Mr Perens very well, and have not done their homework.
I would suggest that they definitely know who Bruce Perens is, and that their legal counsel is simply a typical self-described type A who wants to fuck everything.
Re:Prove it's true (Score:5, Interesting)
Their legal counsel is a one-man firm, and if you read his online reviews, they are all about his patent filings. It sounds like he is in over his head.
Perens is using a big firm that has lawyers for every sort of legal issue, and his lead attorney wrote a book on Open Source licensing. If she has built expertise in Open Source, she and Perens would have worked together before.
Re: (Score:2)
Re: Prove it's true (Score:2, Insightful)
How would it be trivial to show? They assert what they do is legal; Bruce asserts it is not. It's mostly a dispute of law, not of facts.
Re: Prove it's true (Score:5, Insightful)
Even so, regardless of the facts on the matter, Bruce is entitled to his opinion, even if he ends up being wrong. GRSecurity just shot themselves again in the other foot with this.
Re: Prove it's true (Score:5, Funny)
GRSecurity just shot themselves again in the other foot with this.
Only four more feet to go, then.
Re: (Score:2)
Worse, they are gonna get anti-SLAPP'd in court and pay Bruce's legal fee's as well as their own. Not the smartest thing to do.
Re: (Score:3)
Re: (Score:2, Insightful)
This demand proves Perens' point about dealing with Grsecurity stuff inviting legal trouble.
Either way from GPL violations or from a litigious company like this case.
Re:Prove it's true (Score:4, Insightful)
Proving it's true would not put a full stop to the suit; it would be a thing that you prove in the suit itself. This is expensive because it means you're paying lawyers lots of money. The thing that's supposed to put a full stop to the suit is an anti-SLAPP motion, because this appears to be a Strategic Lawsuit Against Public Participation; among other things, this typically stays all discovery, saving much expense,
Unfortunately I'm not up to speed on California-specific anti-SLAPP statutes.
Re:Prove it's true (Score:5, Insightful)
Proving it's true would not put a full stop to the suit; it would be a thing that you prove in the suit itself. This is expensive because it means you're paying lawyers lots of money.
Bruce Perens' councel is Heather Meeker of Oâ(TM)Melveny and Meyers, author of a book about use of Open Source software in the enterprise. I wouldn't be surprised if she gives him a good deal for representation in court if needed. (I thought Bruce Perens is a lawyer as well, but probably respects the old saying "a man who represents himself in court has a fool for a lawyer and a fool for a client").
What he said is "It is my strong opinion..." which I think stops what he says from being libel. GrSecurity could have replied "It is our strong opinion that Bruce Perens is incompetent and has no idea what he is talking about", which would probably not be libel for the same reason, being an opinion and not declared to be fact. Suing him has no chance of winning, and the huge risk that a court might agree that Bruce Perens' opinion is actually correct. That's most likely something that he would argue, in addition to the 100% winner argument "I said it was just my opinion".
Re:Prove it's true (Score:5, Insightful)
Bruce Perens' councel is Heather Meeker of Oâ(TM)Melveny and Meyers...
I suspect Perens and Ms Meeker will also have some assistance from the EFF. The potential chilling effects of this suit, and its blatant misuse of judicial process, are too important for the EFF to remain on the sidelines for long.
Re: (Score:2)
While he's not an attorney at law, he knows a few things about it, and I'm sure he'll use lawyers quite well.
And I also suspect that he won't be posting here, but will follow the generally sound advice that when hit with a lawsuit, do not comment on it except through lawyers. Anything said is potential ammunition or intel for your adversaries, neither of which helps your case.
Re: (Score:2)
And I also suspect that he won't be posting here, but will follow the generally sound advice that when hit with a lawsuit, do not comment on it except through lawyers.
I suspect that there will be a public statement, because cases in the public interest are won partly in the public sphere. I further suspect that Bruce himself will let us know about it when it happens, but that he won't engage in [much] commentary in the story, and that any he does engage in will be cleared through his lawyer. But that costs money, so he won't do any more of it than is absolutely necessary.
Re: (Score:3)
I thought Bruce Perens is a lawyer as well, but probably respects the old saying "a man who represents himself in court has a fool for a lawyer and a fool for a client"
He is not. In this situation he has consistently presented himself as an expert witness.
The problem here is that GRSecurity grants their customers patches under the GPL2, but then explicitly states that if the customers redistribute the patches to other people, then GRSecurity will punish them by not giving them any more patches in the future. This obviously contrary to the spirit of the GPL, but GRSecurity claims the exact wording of the GPL, "You may not impose any further restrictions on the recipients
Re: (Score:2)
What he said is "It is my strong opinion..." which I think stops what he says from being libel.
No, merely stating "this is my opinion" is not enough to stop a statement from being libel. The lawsuit pre-emptively makes an argument against that, quoting another judgement:
If a speaker says, ‘In my opinion John Jones is a liar,’ he implies a knowledge of facts which lead to the conclusion that Jones told an unt ruth. Even if the speaker states the facts upon which he bases his opinion, if those facts are either incorrect or incomplete, or if his assessment of them is erroneous , the statement may still imply a false assertion of fact.” Milkovich v. Lorain Journal Co. 497 U.S. 1, 18 (1990)
Anti-SLAPP (Score:2, Informative)
In California, SLAPP stops all discovery and requires the plaintiff to pay the defendant's expenses if they lose.
Re: (Score:2)
Defendants, in the Posting, stated that "[Customers] should avoid the Grsecurity product sold at grsecurity.net because it presents a contributory infringement and breach of contract risk.”
Defendants further stated that Plaintiff was in violation of the GPLv2, and thus “[a]s a customer, ... [Plaintiff’s clients] would be subject
to both contributory infringement and breach of
contract by employing this product in conjunction with the Linux kernel under the no-redistribution
policy currently employed by Grsecurity.”
Re: Prove it's true (Score:2)
from the summary, their attack will be "our current modules can be distributed, that's why we made them gpl2. our announcements were for future modules, which will not be gpl2. the acused told everyone they would be criminals by being our clients because we would release the new modules as gpl2, which we won't. hence he is disrupting our business. "
to help the truth come out, everyone here who is their clients and never distributed the current modules because everyone knows that is what they were s
"Grsecurity..." "...could invite legal trouble. " (Score:2)
Perens vindicated.
Re: (Score:2, Funny)
It's defamation to claim we're likely to launch a spurious lawsuit! ...
We're suing!
pissing contest.. (Score:5, Interesting)
this is going to be interesting to watch. one of the world's best-informed advocates of software libre, who has studied the GPL for many years, versus some idiots who will have been ill-advised by some moron whose only saving grace is the indemnification insurance provided as a sop to corporate madness. for those people not familiar with what indemnification insurance is: it's where lawyers can basically get away with making fundamental errors, and the corporation to whom they give the advice can sue their company quite safely, *as long as they follow that advice*.
i really look forward to seeing how this turns out.
Stupid lawsuit, but useful (Score:5, Insightful)
This is a stupid lawsuit. According to the attorneys for the plaintiff company:
"Mr Perens has made false statements, claiming them to be facts, and based on those statements employed fear-mongering tactics to intentionally hurt Open Source Security Inc's business."
Perens actually wrote: "it's my opinion that..."
Opinion, not assertion of fact. This lawsuit will be thrown out almost immediately. However, it is useful in helping the community identify a company that we should never do business with. So thanks for that, at least...
Re: (Score:2, Interesting)
Maybe we'll get another one of these [scribd.com] ("ACLU Brief on Behalf of John Oliver").
Re: (Score:2)
Re: Stupid lawsuit, but useful (Score:2)
An assertion of a fact does not legally become an opinion merely by adding "in my opinion" or "I believe". For example, "I believe X molests his child" is actionable.
Re: (Score:2)
An assertion of a fact does not legally become an opinion merely by adding "in my opinion" or "I believe". For example, "I believe X molests his child" is actionable.
Bruce is not a lawyer, so he's not giving legal advice, so he's allowed to have an opinion and express it. That right is explicitly legally (constitutionally!) protected! It's more likely that they are attacking not the part following "As a customer, it's my opinion" but other ancillary statements, since nobody looks good if they attack opinions. Surely they have something slightly more clever in the fire.
Re: (Score:2)
Bruce is not a lawyer, so he's not giving legal advice, so he's allowed to have an opinion and express it. That right is explicitly legally (constitutionally!) protected!
True, but he is also the CEO of Legal Engineering, "which specializes in resolving copyright infringement in relation to open source software" (Wikipedia). Unless he's clear about it being a personal opinion, his opinion could potentially be seen as a legal opinion, or gratis expert advice from Legal Engineering.
Either way, I don't think (as a private person) that this lawsuit has much merit, even in a common law system that doesn't pay much attention to the intent of contracts. But it must be an embugger
Re: (Score:2)
Unless he's clear about it being a personal opinion, his opinion could potentially be seen as a legal opinion,
No, no it cannot. Because he is not a lawyer, he cannot give legal advice. And unless he explicitly claims that he is giving legal advice, he's not giving legal advice, because he is not a lawyer. It works coming and going. Only lawyers have to give disclaimers about each little thing not being legal advice, because only lawyers can give legal advice.
or gratis expert advice from Legal Engineering.
He said he was willing to discuss the issue with companies under NDA, but this is just something he said in the public sphere, so he has not created any expect
Re: (Score:3)
Well, he may not be offering legal advice, but he most certainly is offering advice to lawyers.
No, no he is in fact not doing so in this case. He is publicly sharing his opinion with everyone, as opposed to being paid to provide an expert opinion in a legal case. The two are absolutely not the same thing.
Re: (Score:2)
You are utterly wrong. To quote directly from his blog: "In the public interest, I am willing to discuss this issue with companies and their legal counsel, under NDA, without charge."
Right, he's not doing that. He says that in the public interest, he is willing to do so. Posting his opinion publicly is not that discussion. Thanks for making my point for me.
Re: (Score:2)
He's not doing what he says he's doing? Riiiight......
He's not doing what he said he would be willing to do. The difference is substantial, and if you cannot see it, you need to go order liberally from the Scholastic catalog, and work on learning to read. Legal cases are decided on even more apparently trivial points than this.
Re: Stupid lawsuit, but useful (Score:2)
The basic doctrine is called undisclosed defamatory facts. The statement is not "pure" opinion, of the kind that everyone can differ. Rather, it is an inference that is based on fact, without providing those facts so that a listener or reader may draw their own conclusions about whether the inference is sound.
Because Perens explained the parts of the GPL and the actions that he thinks violate the GPL that underlay his conclusions, I expect that the GRSecurity people will have a very hard time winning as a
Re: Stupid lawsuit, but useful (Score:2)
What if the facts and/or inferences are absurd like #pizzagate? Is the genuine belief enough to stave off a defamation lawsuit?
Re: (Score:2)
If the facts are accurate, and you don't omit any material facts, then saying what you infer from those facts is probably going to be protected speech. If the inference is underwear-on-head stupid, such as "... and so politicians are clearly running a child-prostitution ring from this pizzeria" (when the facts do not reasonably support that), then a reasonable reader will harshly judge the speaker rather than the politicians in question.
Re: (Score:2)
Maybe in shitty jurisdictions, but in the US of A, truth is an absolute defense to defamation claims.
I could tell people how this guy named Jeffrey Dahmer did ... well, even just a few of the terrible things he did ... with the intent of damaging his reputation (rather than informing my listeners about what he did), and I would be protected by the First Amendment -- even if Dahmer were still alive, or the US legal system allowed suits over alleged defamation of dead people.
Re: (Score:2)
Uh, no, it doesn't work like that. "It's my opinion" is not a magic phrase that wards off all charges of defamation. If I say "It's my opinion that John Smith is a child rapist," John Smith can still sue me for defamation. Mind you, I think this is an utterly invalid suit, but not because Bruce Perens said "it's my opinion."
Re: (Score:3)
They filed in California where anti-SLAPP laws provide for heavy penalties? Oh, dear.
Bruce, do you need a gofundme?
Re: (Score:2)
Dont' worry about Bruce. He's getting well paid to spread FUD, IN MY OPINION.
Who are you?
Re: (Score:2)
Perens actually wrote: "it's my opinion that..."
I suppose if they could prove that this was not actually his opinion, but that he lied about it, they might be able to win.
Re: (Score:2)
Perens actually wrote: "it's my opinion that..." Opinion, not assertion of fact. This lawsuit will be thrown out almost immediately.
FWIW the lawsuit deals specifically with your point, by quoting another case:
“If a speaker says, ‘In my opinion John Jones is a liar,’ he implies a knowledge of facts which lead to the conclusion that Jones told an untruth. Even if the speaker states the facts upon which he bases his opinion, if those facts are either incorrect or incomplete, or if his assessment of them is erroneous, the statement may still imply a false assertion of fact.” Milkovich v. Lorain Journal Co. 497 U.S. 1, 18 (1990)
There are two quotes from Bruce that the lawsuit specifically states as false:
[Customers] should avoid the Grsecurity product sold at grsecurity.net because it presents a contributory infringement and breach of contract risk.”
Defendants further stated that Plaintiff was in violation of the GPLv2, and thus “[a]s a customer, ... [Plaintiff’s clients] would be subject
to both contributory infringement and breach of
contract by employing this product in conjunction with the Linux kernel under the no-redistribution
policy currently employed by Grsecurity.”
Re:Stupid lawsuit, but useful (Score:4, Insightful)
if Bruce wins then it gives the impression that open source is a cancer that prevents you from charging for your work.
If companies can't tell the difference between not being able to charge for code and not being able to charge for work then we don't need them
Re: (Score:2)
There are no winners here
Sure there are. I'm pretty sure that Grsecurity's lawyers don't work pro bono, and that any judges and other court officials involved get paid too.
Hell, even some web blogs that profit on advertising might post about this and make a small win...
Re: (Score:2, Interesting)
You completely misunderstood what GrSecurity does.
They give people code that says in the license they can give it to others, but then they make them sign a contract forbidding them to do exactly that.
If you make your customers sign a contract for GPLv2 code at least in part NOT WRITTEN BY YOU that forbids them to give it to anyone else the you the hell should leave your hands from it.
It's not really relevant if its your own project where either nobody else contributed or they gave you a license to do whatev
Re: Stupid lawsuit, but useful (Score:5, Insightful)
It's infringement from the GPLv2 point to even add those terms. They are adding terms to the GPLv2 license by modifying the code, and distributing the code with those new terms, that's breach of contract from GRSecurity's contract with the Linux community.
The GPLv2 explicitly tells you you cannot change the terms:
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it.
Re: (Score:3)
Re: (Score:2)
If GPL required you to distribute, you would be right, but it doesn't - you can choose whether to distribute or not, for any reason.
GPL requires you to grant the right of distribution. Having granted that right, it is doubtful that they can then create another contract which contradicts it without one of the contracts being deemed invalid, or being modified. But the GPL can't be modified, they agreed to those terms when they chose to distribute under the GPL, so they'd have to modify their other contract.
Re: (Score:2)
But their whole position hinges on the fact that it doesn't contradict it, i.e. you still have the right to distribute - they just don't want to do business with you if you do.
There's no material difference! One contract says you may do something, the other contract says that you may not do it or you will be punished.
It stinks, but AFAIK there is no legal basis for saying you can't offer a contract which requires you to waive rights you otherwise have.
Well, of course there is, you can't sign away your actual rights. NDAs only work because you don't have a right to give away someone else's information, and because you're getting something (a look at the thing) in exchange for something (agreeing to remain quiet about the thing for a time.)
The situation is a lot more complicated when it comes to contradictory contra
Re: (Score:2)
Very likely. However, I disagree with court opinions saying GPL is a contract;
Your disagreement is immaterial; The GPL has been shown to be a contract which one agrees to by distributing under it.
it's only a license since it doesn't require you to do anything and there is no consideration on the software author's side.
What? That's nonsense. It's a contract, which you enter into when you distribute the code. It doesn't require you to do anything unless you distribute it. And what you get in exchange for carrying the license forward is the right to distribute. There is a clear exchange here, which is what makes it a contract. Without the contract, you do not have the right to distribute the code. It's not y
Re: (Score:2)
Your disagreement is immaterial; The GPL has been shown to be a contract which one agrees to by distributing under it.
No, you have permission to distribute under certain terms. If you distribute it legally implies that you accept those terms, but you don't need to agree to DO anything to use it.
False. You are agreeing to include the license. Otherwise, that's what I just said. You fail both at understanding the license, and at understanding English.
You need permission to distribute someone else's code, and GPL grants that permission conditionally.
Yes, just like I said, it's contingent on including the unmodified license. You get to distribute the code, but you have to include the unmodified license. Quid pro quo and violates no rights (in fact it grants them, contingent upon acceptance and following the terms of the contract) and thus it's a valid contract. That's what the court said, and it cle
Re: (Score:2)
You get to distribute the code, but you have to include the unmodified license.
You MAY distribute the code IF you include the license. Difference.
I think if you open a dictionary and figure out how to use it, that you will learn that those two statements can mean precisely the same thing.
Re: (Score:2)
The GPL is not a contract, it is a license.
Without that license, if you distribute someone else's GPL'd code, you are violating their copyright. You can't distribute something somebody else has a copyright on without a license from them.
Now, in other cases, a contract may grant a license. But a contract is not itself a license, and vice versa. Only the owner of a copyright has the right to distribute that work. Everyone else requires a license. The license does not confer a right, it grants permissio
Re: (Score:2)
Law doesn't forbid you to kill people. It just tell what may happen if you do.
This is not the case, at least not in most places. Killing someone without explicit authorization goes under "malum in se", which is forbidden no matter what the penalties are or aren't.
Re: (Score:2)
Courts generally interpret contracts as narrowly as possible.
Good thing the GPL isn't a contract, then. It's a license that grants permission to distribute somebody else's copyright code.
court is going to rule that the term is too broad and like violates Grsecurities civil rights.
Grsecurity has no right to distribute anyone else's code. If they don't like that term in the license, they don't have permission to violate the Linux copyright holders' rights. Grsecurity's civil rights are not affected at all.
Re: (Score:2)
Personally I think that GRsecurity should amend its complaint to include a declaratory judgment count for non-infringement
I would entirely bet that Bruce would be happy with that. He wants the case to center around the GPL, because he (rightly or wrongly) believes the GPL will support him. He doesn't care particularly about GRSecurity as a company, he wants to prevent them keeping their code secret. For Bruce, the entire thing centers around the GPL.
Interestingly, if GRsecurity did include a declaratory judgement count for non-infringement, I don't know who would bring counter-claim. I don't think Bruce Perens is actually a
Re: Stupid lawsuit, but useful (Score:2)
Part of the problem is that the git repository only goes back to 2011-ish? I'm thinking of his work with UserLinux and Debian, but I may have misinterpreted that.
Comment removed (Score:3, Informative)
Re:How stupid can they be? (Score:4, Interesting)
Why? I do not need to like Bruce Perens to read his opinion and evaluate whether I agree with him or disagree. By concept it should even be irrelevant for my evaluation how sane his previous comments were. Linus Torvalds can also be a 'dick', but still is competent regarding the topic of Linux kernel development.
Re: (Score:2)
The only thing that has changed is that they are suing Bruce Perens, so any "shitstorm" regarding this must come down to your personal like or dislike of him and his camp.
That's a stupid thing to say. You can also be against lawsuits designed to stifle public speech, which is to say, you can be pro-constitution or pro-rights or just pro-speech. There may have formerly been a shitstorm, but there was not an actual case.
Why their patches were not integrated... (Score:2, Insightful)
If anyone was still wondering why their patches never made it in the kernel...
It shows a lot about their attitude and delusions, there are good reasons not to want code from people not able to objectively judge their own work, especially when they are asses on top...
Grsecurity pure garbage. (Score:5, Informative)
Linus Torvalds called grsecurity patches garbage earlier this year. https://www.theregister.co.uk/... [theregister.co.uk]
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Tortious interference.
I'm not saying they would win, but there's no reason for Linus to stir up that kind of trouble.
Re: (Score:2)
Linus already has done that; he put it under the GPL
Re:Grsecurity pure garbage. (Score:5, Informative)
Re: (Score:3)
Key word in the post nullifies the suit (Score:2)
The key word/phrase is "it's my opinion".
Grsecurity needs to be hit with a SLAPP countersuit.
Good way to make yourself look even worse... (Score:2)
Streissand effect. Grsecurity should hire another lawyer, if they survive this one.
Not only what Perens wrote is always reason for precaution, even if it wasn't, he repeatedly states in his blog post that this is his opinion, and that furthermore, he's open to discussion and that he's not a lawyer.
https://perens.com/blog/2017/0... [perens.com]
Lawsuit won't pass because it has no grounds. Courts can't define opinions as "false statements", he explicitly claimed several times that this is his opinion, and it's a huge stre
Wonder if GRS can patch Streisand (Score:2)
so it has no effect.
Those Slimey Sacks of Shit! (Score:2)
And I don't Title this post just to flamebait.
The subscription agreement they use is definitely against the spirit of the GPL, but could be within the letter if they were distributing a completely original work, for which they held all copyrights and had the correct sort of patent licenses to distribute code that way. But the question naturally arises why the hell wouldn't they just outright pick a restrictive license if they just outright held all rights to an original work and wanted to restrict redistrib
Re: (Score:2)
I don't think the GPL stops them doing this. They aren't stopping you from redistributing GPL software, they're just saying that if you redistribute the software, they won't give you future updates. GPL doesn't require supplying future updates, it just says that you must provide an offer of source with binaries, and can't restrict redistribution of source/binaries. It looks like they've found another way to follow the letter of the GPL without following the spirit of it.
So someone who buys some version o
Re:I'm happy the GRSecurity folks are doing this (Score:5, Interesting)
GPL doesn't require supplying future updates, it just says that you must provide an offer of source with binaries, and can't restrict redistribution of source/binaries. It looks like they've found another way to follow the letter of the GPL without following the spirit of it.
They're actually trying to do an end run around the contract to which they've already agreed, which guarantees the right of redistribution. The question becomes whether grsecurity contains any GPL code to which they do not hold the copyright. If so, then they're risking losing the right to distribute that code.
Re: (Score:3, Interesting)
They may be complying with the terms of the GPL, whether you call it a contract or not. Their customers have the right to redistribute the software that they've received. GRsecurity is then saying t
Re: (Score:2)
I rather think that disallowing future revisions to paying customers contingent on their "exercise of the rights granted herein" IS a further restriction on their exercise of those rights. It certainly violates the spirit of the license, and it would not surprise me at all for a court to find that it also violates the letter.
I'm not familiar with the contributory-infringement issue, but it seems clear that GRSecurity has indeed violated the GPL in this way.
Re:I'm happy the GRSecurity folks are doing this (Score:4, Interesting)
"You may not impose any further restrictions on the recipients' exercise of the rights granted herein."
But the GPLv2 does not grant a right to obtain future revisions, whether you're a paying customer or otherwise. The GPLv2 does not require that the (re)licensor grant a right to distribute anything more than what has already been distributed to the recipient. Those are not "rights granted herein." The first is a right granted by grsecurity's paid support contracts -- contracts for services. The second is a right that is reserved and carved out from the first.
Tivoization violates the "spirit" of the GPLv2, but what matters is whether a licencee has violated the letter of the license. That violation is not as clear cut as you think.
Re: (Score:2)
That violation is not as clear cut as you think.
What I think makes it clear cut is that they're issuing both licenses. They've given you the right to distribute by using that license. Then they want to take it away again, by depriving you of a service for which you have paid. I think that specifically is what is going to bite them. If they were providing service for someone else's software, which someone else had distributed, I think it would be a different story.
Since no lawyers have stepped in to comment (how unusually wise of them) this is all wild sp
Re: (Score:2)
Re: (Score:2)
I find the biography statement to be sufficient.
Like someone who trivially ties their real world identity to a pseudonym while posting the dreck that you do?
Re: (Score:3)
Like someone who trivially ties their real world identity to a pseudonym while posting the dreck that you do?
You mean, someone who is not a coward? Run along, frightened one. I tie my slashdot identity to my real identity because I have the courage of my convictions. You don't because... you don't. Feel free to make up bullshit excuses, though.
Re: (Score:2)
Some call it courage. Most call it ignorance. But freedom is the ability to trash your professional statute on social media whenever the bloody hell you want. And not.
Re: (Score:2)
Some call it courage. Most call it ignorance. But freedom is the ability to trash your professional statute on social media whenever the bloody hell you want. And not.
My professional social media qualification is that any prospective employer who actually cares about such things and is competent* can look through my posting history and determine that I've never violated an NDA, and never brought the slightest trouble on any employer due to my online activities, in spite of consistently using my real name online for many years. A measurable percentage of the USENET and internet old guard knows my secrets because of the company I've kept over the years; I've shared none of
Re: (Score:2)
Re: (Score:2)
But the GPLv2 does not grant a right to obtain future revisions, whether you're a paying customer or otherwise.
You have echoed GRSecurity's argument. GRSecurity's argument is clearly against the spirit of the GPL, which is "to guarantee your freedom to share and change free software." I don't think you'll disagree here.
Let
Re: (Score:3)
This explains it [slashdot.org]. I am actually now leaning towards it being a violation by GRsecurity, but that turns entirely on what a court construes a "restriction[] on the recipients' exercise of the rights granted herein" to include. If I offer to pay you $20 if you do not redistribute the package for a year, is that a restriction? If w
Re: (Score:2)
I've disgreed with Bruce on this specific issue and I still do. While GRsecurity may be in violation of GPLv2 sec. 6 ("You may not impose any further restrictions on the recipients' exercise of the rights granted herein. "), the idea that their customers may be liable for contributory infringement and breach of contract is off-the-wall crazy. Bruce's theory is directly contradicted by GPLv2 secs. 2, 4, and 6 -- the customers are free to use GRsecurity's product and there is no potential violation of the GPLv2 unless the customers themselves redestribute that code.
"Yes, we're breaking the license. No, our customers can't be liable for our theft, only we can be." is not going to win them this court case.
Because as soon as they publicly admit that they broke the license and stole the code, then any customer who knowingly uses that code after that would be "liable for contributory infringement and breach of contract". In other words, the company is placing itself in an awkward legal position. It can't publicly admit that it broke the license.
And yet, the company must st
Re: I'm happy the GRSecurity folks are doing this (Score:2)
No, because the customer has an independent license to use both the kernel and the modifications. Reread GPLv2 sections 2 and 4. They are not sublicensing from GRsecurity. They are not even redistributing the code with the "no updates" restriction. And under section 2, they can combine the k
Re: (Score:3)
"The code" meaning?
The user still has a license to the Linux kernel:
1. GPLv2 sec 6 says that "Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions."
2. GPLv2 sec 4 says that "Parties who have rece
Re: (Score:2)
The part of the post that you omitted, with quotes from the GPL, is not an explanation?
The cited sections and quoted language of the GPL, along with the linked copy of the Stable Patch Access Agreement and quoted language. You know, 85% of the content of the post, which you cut out.
Re:I'm happy the GRSecurity folks are doing this (Score:4, Interesting)
The question becomes whether grsecurity contains any GPL code to which they do not hold the copyright.
The answer is absolutely yes, it is a derivative work. It is a derivative work because there is no part of the patches that would exist without the Linux kernel: their entire purpose is to modify the kernel (and theoretically make it more secure). I would like to point out that at DEFCON last week, trixr4skids took a Point of Sale device with GRSecurity on it, and hacked it to run DOOM. The keyboard input on the device was not user friendly.
Re: (Score:2)
Or they only need at most one subscriber per version. The rest can have it redistributed.
Re: (Score:2)
Here is where I think GRSecurity's argument fails:
In other words, GRSecurity can terminate access and keep their client's money.
Re:I'm happy the GRSecurity folks are doing this (Score:4, Interesting)
I'm not sure it is as clear cut as you seem to think. They distribute the software to you under the GPL and ask you to sign a second contract if you also want support. The second contact has the restrictive clause.
Furthermore, the contract doesn't say "you can't redistribute this software", it says "we won't give you future versions of this software". I think they have a point, although I am not a lawyer.
As for whether Bruce Perens is committing libel by publishing an opinion that they are in breach of GPL, we'd better hope they find for the defendant, otherwise it would be impossible for anybody to argue a company is breaching a software licence (or any licence or contract or law) without being potentially a target for a libel suit.
It is that clear cut (Score:2, Insightful)
If version A says you can't distribute this without losing rights to version B, then either
you just get version B and then distribute THAT and "lose rights" to distribute version C and so on and so on
OR
you lose rights to GET version B because of a violation of a term on the same GPL software (version A) which is either illegal to do because
a) a license for B can't be contingent on a license for another bit of software, copyright does not give you that right at all
b) the license addition is to both A and