Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
The Courts Electronic Frontier Foundation Open Source

EFF Defends Bruce Perens In Appeal of Open Source Security/Spengler Ruling (perens.com) 132

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. "The Electronic Frontier Foundation has filed an answering brief in defense of Bruce Perens in the merits appeal of the Open Source Security Inc./Bradley Spengler v. Bruce Perens lawsuit," reads his latest submission -- with more details at Perens.com: Last year, Open Source Security and its CEO, Bradley Spengler, brought suit against me for defamation and related torts regarding this blog post and this Slashdot discussion. After the lower court ruled against them, I asked for my defense costs and was awarded about $260K for them by the court.

The plaintiffs brought two appeals, one on the merits of the lower court's ruling and one on the fees charged to them for my defense... The Electronic Frontier Foundation took on the merits appeal, pro-bono (for free, for the public good), with the pro-bono assistance of my attorneys at O'Melveny who handled the lower court case...

You can follow the court proceedings here

"Sorry I can't comment further on the case," Perens writes in a comment on Slashdot, adding "it's well-known legal hygiene that you don't do that." But he's willing to talk about other things.

"Valerie and I are doing well. I am doing a lot of travel for the Open Source Initiative as their Standards Chair, speaking with different standards groups and governments about standards in patents and making them compatible with Open Source."
This discussion has been archived. No new comments can be posted.

EFF Defends Bruce Perens In Appeal of Open Source Security/Spengler Ruling

Comments Filter:
  • by 110010001000 ( 697113 ) on Saturday August 25, 2018 @02:47PM (#57193804) Homepage Journal
    Keep up the good fight. People like the Grsecurity folks are the scourge of the industry in my opinion.
    • by gweihir ( 88907 )

      Indeed.

  • Bruce - YOU ROCK (Score:5, Insightful)

    by gavron ( 1300111 ) on Saturday August 25, 2018 @03:29PM (#57193968)

    Giving up mod privs for this thread by posting in it and IT'S WORTH IT!

    Bruce, I've been an FOSS advocate in every company I've worked in, for, managed, ran, owned, started, and directed.

    YOU are the champion of living the word.

    Thank you!

    Ehud Gavron
    Tucson AZ
    FAA CPL-H

  • Not sure who this Bruce guy that everyone keep talking about but to assert my superiority, I demand to fight him in an epic battle for the ages! [popsugar-assets.com] ;)

  • by macraig ( 621737 ) <mark DOT a DOT craig AT gmail DOT com> on Saturday August 25, 2018 @03:41PM (#57194026)

    The entire proceeding reads like a personal grudge unsupported by facts and yet executed in the public court system. That would be the very textbook definition of frivolous.

  • by ooloorie ( 4394035 ) on Saturday August 25, 2018 @05:24PM (#57194436)

    This was a defamation lawsuit. It didn't settle the issue of whether the copyright issue itself is prohibited.

    Perens' argument on the legal issue itself strikes me as dubious. He's claiming that GPL copyright automatically extends to separately distributed patches that, themselves, do not contain any of the GPL'ed code. I'm not sure why that would be the case, and I'm not convinced that that would be a ruling that would be in the interest of open source software, because it seems to put a lot of other open source software at risk of being considered "derivative works" of proprietary software.

    • by UnknowingFool ( 672806 ) on Saturday August 25, 2018 @06:27PM (#57194666)
      I suspect it's because that they couldn't win on any copyright claim as Perens (as is anyone) can voice an opinion about copyright just like you just did above. If someone sued you for what you just wrote, that's the equivalent of what happened. Is Perens right about it? That was never the point. It was about trying to silence him.
      • Re: (Score:2, Insightful)

        by ooloorie ( 4394035 )

        I suspect it's because that they couldn't win on any copyright claim as Perens (as is anyone) can voice an opinion about copyright just like you just did above.

        You're stating the obvious. I mean, Perens can obviously bloviate as much as he wants to on things he doesn't know anything about; god knows he's been doing that a lot throughout his career.

        Now answer me this: if this is a GPL violation, why don't the Linux kernel developers actually sue?

    • Suppose you write a novel. Perhaps, like Stephen King, you're living in a broken down trailer with no telephone when you're book sells 13,000 copies, netting you $2,500. Then someone turns your book into a movie. The movie doesn't have any pages of the book read aloud in the movie. It doesn't "contain" the book per session, it's a transformation, an adaptation, of the book. The author is entitled to a share of the movie revenue because it's his novel, adapted to the screen. That's a derivative work. "Deriv

      • It doesn't "contain" the book per session, it's a transformation, an adaptation, of the book

        A movie is a transformed version of the original novel.

        A patched kernel is a transformed version of the original kernel.

        A kernel patch is not a transformed version of the original kernel.

        That's a derivative work. "Derived from" doesn't mean "contains".

        Under your standard, a commentary on a movie is "derived from" the movie even if it doesn't contain any content at all from the movie. I consider that undesirable.

        • Have you never seen kernel patch? Or any patch for any project? If not, it made be good to stop making assertions about things you've never even seen in your life.

          > A kernel patch is not a transformed version of the original

          Actually that's EXACTLY what a patch is - the relevant section of code, with some lines marked out and the new version of those lines added. Here's a trivial patch as an example:

          printk("comedi%d: ni_labpc: %s, io 0x%lx", dev->minor, thisboard->name,
          • Are you so inexperienced with UNIX that the only patch format you have ever seen is a context diff?

            • Please enlighten us oh great unix guru:

              What type of patch does not specify which content is being deleted as part of the edit?

              • What type of patch does not specify which content is being deleted as part of the edit?

                "diff -e"

                • Ok, that is a fair point. I had not seen that option before.

                  So rewinding a couple of steps to the part of the argument that led here:

                  Assume that a patch is created as an ed script, it does not contain any of the kernel code. Its only use is to transform the kernel source. Who owns the coyright on the transformed source that results after the patch is applied?

                  • Its only use is to transform the kernel source. Who owns the coyright on the transformed source that results after the patch is applied?

                    Original Linux Kernel: Linux kernel authors hold the copyright and define copy terms for the kernel. Since that's the GPL, you can redistribute it under the GPL.

                    Patch: patch authors hold the copyright and define copy terms for the patch itself. If that prohibits redistribution, it can't be redistributed.

                    Patched kernel: both the Linux kernel authors and the patch authors ho

        • In most cases, the patch would be utterly unusable, indeed wouldn't make sense, without the Linux kernel.

          To understand, consider a patch that wouldn't be a derivative work: imagine NVidia writes a windows driver for their video card. It's 50,000 lines of code. Then they write a small compatibility layer to get the driver running on Linux. In that case, the driver would likely not be a derivative work, because most of it is orthogonal to the Linux kernel.

          With the grsecurity patches, the entire reason the
          • With the grsecurity patches, the entire reason they exist is to modify the Linux kernel. If the kernel didn't exist, they wouldn't either. It's hard to argue they are not a derivative work.

            So your criterion is that "if X wouldn't exist without Y then Y's copyright applies to X"? If that's the principle, then you can kiss FOSS goodbye.

            • Do you understand the very definition of the word "patch"? A patch is inherently a derived work.

              And if X is a derived work from Y, then licensing terms of X apply. This has always been the case, it's not some new concept. Indeed, GPL (a large part of FOSS) is built on that concept.

              • A patch is inherently a derived work.

                As I was saying:

                A movie is a transformed[/derived] version of the original novel.

                A patched kernel is a transformed[/derived] version of the original kernel.

                A kernel patch is not a transformed[/derived] version of the original kernel.

                Do you understand the very definition of the word "patch"?

                Do you?

            • This isn't even a point grsecurity disputes: they know it is a derivative work, and their work is released under the GPL. As far as that goes, they aren't in violation. It's the "extra" terms they add in the contract that is under dispute.
              • they know it is a derivative work, and their work is released under the GPL

                Notice how you say "their work is released"? Thanks for proving my point.

                This isn't even a point grsecurity disputes:

                Well, obviously they do, otherwise they wouldn't be applying the extra terms, since they obviously can't apply extra terms to someone else's GPL'ed code, but they can apply it to their own.

                • You're not allowed to call just any license "GPL". Only the GPL license can be called by that trademark name. The GPL does not allow adding clauses. Therefore it cannot be licensed "GPL with additional clauses".

                  They have said their software is GPL licensed. Therefore if they try to say "no, we mean our own special 'GPL', with extra terms added", that would violate the GPL trademark.

                  • PS I forgot to say they COULD legally use a license that is similar to thr GPL, but different, and call it by a different name. They haven't chosen to do that. At least, under trademark they could.

                    If they chose to do that, they wouldn't be violating trademark, but since they are distributing things copy-pasted from the GPL kernel, it's a derivative work and would violate the license.

                    Bottom line:
                    If you sell a modified version of GPL software, it as to be GPL licensed, and you can't change the GPL to whatever

                    • If you sell a modified version of GPL software,

                      But they aren't. They are neither selling kernel sources nor are they distributing kernel sources. All they are distributing is their own patches. It is the end user that creates the "modified version of GPL software".

                      I forgot to say they COULD legally use a license that is similar to thr GPL, but different, and call it by a different name. They haven't chosen to do that.

                      How do you know what license they distribute their kernel patches under to paying customers

                    • > How do you know what license they distribute their kernel patches under to paying customers?

                      It's stated quite plainly on their web site. It'll be the top result if you Google "grsecurity license". (Kinda sad you didn't bother to Google it before arguing about it.)

                      > They are neither selling kernel sources nor are they distributing kernel sources. All they are distributing is their own patches. A patch IS modified kernel sources. Here's a trivial kernel patch so you can see what they look like:

                    • It's stated quite plainly on their web site. It'll be the top result if you Google "grsecurity license". (Kinda sad you didn't bother to Google it before arguing about it.)

                      I'm way ahead of you. That is what they distribute public patches under.

                      It's not only the new lines derived from the original (a derivative work), but also which lines to remove, copy-pasted exactly from the original GPL kernel.

                      Most people assume that context diffs consider fair use, just like quotations, and hence do not fall under the G

                  • They have said their software is GPL licensed. Therefore if they try to say "no, we mean our own special 'GPL', with extra terms added", that would violate the GPL trademark.

                    That might be the case, but that's a different claim from what Perens claims. Perens claims that they violate the GPL on the kernel.

                    Now, I have no reason to believe that they distribute their patches to paying customers under the GPL; do you know?

                • A derivative work doesn't belong to the original creator. The kernel devs can't sue grsecurity and "steal" their work, but the creator of the derivative work has obligations to the creator of the original work under the law. Grsecurity is accused of not following those obligations.
                  • A derivative work doesn't belong to the original creator.

                    Discussing who the software "belongs to" is a red herring and legally irrelevant. What matters is that if you distribute the derivative work, you must comply with all legal obligations you have, under the original GPL, under the patches, and under any other legal agreements you have entered.

                    but the creator of the derivative work has obligations to the creator of the original work under the law

                    The GPL only imposes obligations when you distribute, not w

                    • Grsecurity has no obligations under the kernel GPL because they aren't distributing the GPL'ed kernel code. All they distribute is patches. The derivative work is created by the people who are applying the patches to the original kernel. And those people then cannot redistribute the combined work under their legal agreement with Grsecurity. This is pretty much the same when you work for a corporation and use GPL code: you may be creating derivative works from the GPL'ed software as part of your job, but you cannot redistribute that because your employment contracts forbids it, even though the GPL allows it.

                      Yes, this is GRSecurity's argument. GRSecurity's contract doesn't even forbid you from redistributing it (which actually would be illegal). They merely say they will punish you if you redistribute it.

                      Bruce points out that actually they are actively discouraging people from redistributing, and he claims it is illegal. I think he's right on that point, if it went to court I don't think GRSecurity would win (but who knows). Bruce also suggests that anyone who uses GRSecurity would be liable for infringement

        • Comment removed based on user account deletion
          • I am not a lawyer, but I was under the impression that commentary is "protected" as fair use

            The commentary itself is a new work with a new copyright; it is neither a copy of the original work nor a transformation of it.

            As part of writing the commentary, you are allowed to copy parts of the work you are commenting on under the "fair use" doctrine. That is the sense in which "fair use" applies to commentary.

  • by lawyers I mean. It's really a shame that so much money is spent on things like this, and other frivolous legal actions. While hopefully the right people are vindicated by this (you know who you are, Bruce), the only ones who really win are the lawyers. Their profession is such a twisted self-fulfilling prophecy of sorts.

According to the latest official figures, 43% of all statistics are totally worthless.

Working...