Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Open Source Linux

Bruce Perens Warns Grsecurity Breaches the Linux Kernel's GPL License (perens.com) 474

Bruce Perens co-founded the Open Source Initiative with Eric Raymond. Now he's sharing a "strong opinion" that companies should avoid the Grsecurity security patch for the Linux kernel "because it presents a contributory infringement and breach of contract risk." Slashdot reader NewGnu shared Bruce's comments: [I]t would fail a fair-use test... Because of its strongly derivative nature of the kernel, it must be under the GPL version 2 license, or a license compatible with the GPL and with terms no more restrictive than the GPL. Earlier versions were distributed under GPL version 2... My understanding from several reliable sources is that customers are verbally or otherwise warned that if they redistribute the Grsecurity patch, as would be their right under the GPL, that they will be assessed a penalty: they will no longer be allowed to be customers, and will not be granted access to any further versions of Grsecurity. GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition...

This is tantamount to the addition of a term to the GPL prohibiting distribution or creating a penalty for distribution. GPL section 6 specifically prohibits any addition of terms. Thus, the GPL license, which allows Grsecurity to create its derivative work of the Linux kernel, terminates, and the copyright of the Linux Kernel is infringed. The contract from the Linux kernel developers to both Grsecurity and the customer which is inherent in the GPL is breached.

Perens advises companies to discuss his position with their attorneys, adding "In the public interest, I am willing to discuss this issue with companies and their legal counsel, under NDA, without charge."

Bruce Perens Warns Grsecurity Breaches the Linux Kernel's GPL License

Comments Filter:
  • by segedunum ( 883035 ) on Sunday July 09, 2017 @02:19PM (#54774101)
    Grsecurity is snakeoil dogshit.
    • by volkerdi ( 9854 )

      Linus, is that you?

  • Linus on Grsecurity (Score:4, Informative)

    by Anonymous Coward on Sunday July 09, 2017 @02:26PM (#54774123)

    Don't bother with grsecurity.

    Their approach has always been "we don't care if we break anything, we'll just claim it's because we're extra secure".

    The thing is a joke, and they are clowns. When they started talking about people taking advantage of them, I stopped trying to be polite about their bullshit.

    Their patches are pure garbage.

    Linus

  • sounds about right (Score:5, Insightful)

    by spongman ( 182339 ) on Sunday July 09, 2017 @02:45PM (#54774195)

    i usually fall into the "GPL is less free than BSD" camp, but in this case I agree fully with Perens. the Linux kernel is GPL, everyone who works on it agrees accepts that. if you don't like the GPL or the conditions it places on you, or how you (and others) can distribute your code - then go the fuck somewhere else.

  • by Bruce Perens ( 3872 ) <bruce@perens.com> on Sunday July 09, 2017 @02:53PM (#54774233) Homepage Journal

    You should read the entire statement [perens.com], because there are things missing from the quote above that are important. The most important part is the legal theory:

    By operating under their policy of terminating customer relations upon distribution of their GPL-licensed software, Open Source Security Inc., the owner of Grsecurity, creates an expectation that the customer's business will be damaged by losing access to support and later versions of the product, if that customer exercises their re-distribution right under the GPL license. This is tantamount to the addition of a term to the GPL prohibiting distribution or creating a penalty for distribution. GPL section 6 specifically prohibits any addition of terms. Thus, the GPL license, which allows Grsecurity to create its derivative work of the Linux kernel, terminates, and the copyright of the Linux Kernel is infringed. The contract from the Linux kernel developers to both Grsecurity and the customer which is inherent in the GPL is breached.

    Also, this is important to keep me in compliance with the law:

    I am an intellectual property and technology specialist who advises attorneys, not an attorney. This is my opinion and is offered as advice to your attorney. Please show this to him or her. Under the law of most states, your attorney who is contracted to you is the only party who can provide you with legal advice.

    It's important to consider the goals of the GPL. You get great Free Software, but it's not a gift. It is sharing with rules that must be followed. You are required to keep it Free. And one of the implied purposes of the GPL is to cause more great Free Software to be made. This means that derivative works that are not shared really go against the purpose as well as the wording of the GPL.

    • by Teun ( 17872 ) on Sunday July 09, 2017 @03:14PM (#54774341) Homepage

      It's important to consider the goals of the GPL. You get great Free Software, but it's not a gift. It is sharing with rules that must be followed. You are required to keep it Free. And one of the implied purposes of the GPL is to cause more great Free Software to be made. This means that derivative works that are not shared really go against the purpose as well as the wording of the GPL.

      Amen, it's especially through the GPL that future developers are enabled to stand on the shoulders of the present.
      Nothing gets lost, we all win.

    • by Kjella ( 173770 )

      To me this smells like a blurb written to create a PR stink even though it has no legal substance. Nobody has the right to future business, I can say stuff like "If you start selling real fur products I'll boycott your store" and it would be "tantamount to the addition of a term" for our business relationship but legally it doesn't exist. You're not obliged to listen, I'm not obliged to come back. That loss of business might be seen as a "penalty" but it's the flip side of voting with my wallet. I don't see

      • It's the time sequence that is important in proving a legal theory of this sort. The customer has been warned before the act of distribution that their business would be damaged as a consequence of distribution. If they just coincidentally fired a customer without warning them first, it would be much harder to make a case.
      • Not really. If you have entered into a contract with a company that buy your products you cannot after the fact add terms such as those about your customer using real fur.

        It is similar to what happens here, the company has entered into a contract with Linux (the real fur) and GRsecurity has entered into the same contract but now GRsecurity is saying you can't execute your contract with Linux and they won't either even though you have the contract with them that explicitly says otherwise.

        GRSecurity cannot pa

    • by DRJlaw ( 946416 )

      It's important to consider the goals of the GPL. You get great Free Software, but it's not a gift. It is sharing with rules that must be followed. You are required to keep it Free. And one of the implied purposes of the GPL is to cause more great Free Software to be made. This means that derivative works that are not shared really go against the purpose as well as the wording of the GPL.

      Yes, and you don't get to change the rules either, Bruce.

      What they're doing is not "tantamount to the addition of a term t

      • A lot of people are not understanding the the importance of the time sequence. Because of the actions of Open Source Security Inc. to date, the customer already knows that there is a threat to cause them business damage if they exercise their right to distribution, before they perform the act of distribution. That's an additional term.

        You are treating this as if the consequences of distribution are the only relevant element, and as if they only happen after distribution. This is not the case.

    • by DRJlaw ( 946416 )

      Bruce,

      Your blog post states that "the contract from the Linux kernel developers to both Grsecurity and the customer which is inherent in the GPL is breached."

      This is quite concerning. Please explain how you believe that the contract from the Linux kernel developers to the customer has been breached. What violation has the customer committed? More specifically, since the GPLv2 sec. 6 specifies that "[e]ach time you redistribute the Program (or any work based on the Program), the recipient automatically re

      • Let's look at what the magistrate said:

        Defendant contends that Plaintiff's reliance on the unsigned GNU GPL fails to plausibly demonstrate mutual assent, that is, the existence of a contract. Not so. The GNU GPL, which is attached to the complaint, provides that the Ghostscript user agrees to its terms if the user does not obtain a commercial license. Plaintiff alleges that Defendant used Ghostscript, did not obtain a commercial license, and represented publicly that its use of Ghostscript was licensed unde

        • by DRJlaw ( 946416 )

          You are taking a very simplistic view of the GPL that doesn't fit what you appear to be representing with your user name. Did you actually sit for the Bar?

          Why yes, Bruce, I have, and am licensed in multiple states. I actively practice intellectual property law as well.

          The customer is obtaining and making use of an infringing derivative work. The status of the kernel is "All Rights Reserved" because the GPL has terminated, and that very clearly makes the customer a contributory infringer.

          The license granted

          • OK, if you're a real lawyer, I have no problem arguing law with you. I've won against folks who were admitted to the supreme court before.

            The license granted to the customer certainly has not terminated.

            The customer has that license for the kernel. They do not have that license for Grsecurity, because Grsecurity's license to the kernel terminated, and Grsecurity did not have the right to grant the GPL to the customer for an infringing derivative work. If Grsecurity was an independent work rather than deriv

  • I've seen multiple pieces of software, including Paint.net and Classic Shell, change to proprietary licenses because of this exact issue; being able to effectively plagiarize a program just because it's open source and you can theoretically do anything to it, like change the name and claim it as your own, claim it's a "new version" that's littered with malware or add-ons that aren't open source, etc. Open source licenses do not give you a carte blanche to infringe on any other proprietary intellectual prope
  • Linux should do like OpenBSD did with pf and just replace it. All this yelling and screaming just turns people away.

A bug in the code is worth two in the documentation.

Working...