Bruce Perens Warns Grsecurity Breaches the Linux Kernel's GPL License (perens.com) 474
Bruce Perens co-founded the Open Source Initiative with Eric Raymond. Now he's sharing a "strong opinion" that companies should avoid the Grsecurity security patch for the Linux kernel "because it presents a contributory infringement and breach of contract risk." Slashdot reader NewGnu shared Bruce's comments:
[I]t would fail a fair-use test... Because of its strongly derivative nature of the kernel, it must be under the GPL version 2 license, or a license compatible with the GPL and with terms no more restrictive than the GPL. Earlier versions were distributed under GPL version 2... My understanding from several reliable sources is that customers are verbally or otherwise warned that if they redistribute the Grsecurity patch, as would be their right under the GPL, that they will be assessed a penalty: they will no longer be allowed to be customers, and will not be granted access to any further versions of Grsecurity. GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition...
This is tantamount to the addition of a term to the GPL prohibiting distribution or creating a penalty for distribution. GPL section 6 specifically prohibits any addition of terms. Thus, the GPL license, which allows Grsecurity to create its derivative work of the Linux kernel, terminates, and the copyright of the Linux Kernel is infringed. The contract from the Linux kernel developers to both Grsecurity and the customer which is inherent in the GPL is breached.
Perens advises companies to discuss his position with their attorneys, adding "In the public interest, I am willing to discuss this issue with companies and their legal counsel, under NDA, without charge."
This is tantamount to the addition of a term to the GPL prohibiting distribution or creating a penalty for distribution. GPL section 6 specifically prohibits any addition of terms. Thus, the GPL license, which allows Grsecurity to create its derivative work of the Linux kernel, terminates, and the copyright of the Linux Kernel is infringed. The contract from the Linux kernel developers to both Grsecurity and the customer which is inherent in the GPL is breached.
Perens advises companies to discuss his position with their attorneys, adding "In the public interest, I am willing to discuss this issue with companies and their legal counsel, under NDA, without charge."
Does Anyone Use That? (Score:5, Funny)
Re: (Score:2)
Linus, is that you?
Re: Does Anyone Use That? (Score:5, Interesting)
Submit good patches and we'll merge them. Hell, report some bugs. But no, that's not how you guys operate. You work in an ivory tower for months and send us a massive patch that lacks any organization or any reasonable way to break it down for review. At this point, we think you should take your pile of "security" patches and go write your own kernel to go with it.
Re: Does Anyone Use That? (Score:2)
Seems like the Grsecurity guys have no idea how to work with others and instead of respecting the copyright of many of their past contributors, they simply steal it in the hopes of making a buck before it dies in obscurity.
Re: Does Anyone Use That? (Score:2)
Comment removed (Score:5, Informative)
Re: Does Anyone Use That? (Score:5, Interesting)
What I hear: "wah, you should be spoonfeeding us this because it's over our heads. Fuck the good ideas and flaws that get fixed, submit pretty patches or fuck off."
What I hear from you is that you have no idea how software development works. Yes, absolutely, if you supply something that cannot be integrated, then fuck off.
Re: Does Anyone Use That? (Score:5, Insightful)
Re: Does Anyone Use That? (Score:4, Interesting)
I would be extremely suspect of any company that supplied blob patches, like M$ does to hide the individual elements of that patch. Straight up, I would suspect them of trying to put in a back door. So the question is to put all the effort into tearing down and completely dissecting that blob and only apply those elements of it that have been fully checked or just bin it and do the coding directly, which will likely be quicker.
Everyone knows exactly the reason why kernel patches at keep neat, specific and fully detailed and a security company should know better than others. This code blob probably a try it on and the next one, the attack blob. Lets be honest everyone knows the CIA/NSA would pay tens of millions in corrupt bribes to get a back door forced into Linux.
Not related to their mark (Score:5, Informative)
Dear AC,
If that's really their intent, they're confused. Or maybe you don't understand? The GPL doesn't have anything to do with trademarks. And Grsecurity did not bother to create a trademark for their product that was different from the versions with the old GPL-only terms, which are still in use. If trademark was the problem, they'd need to create a new one for their commercial product.
This, unfortunately, would not mitigate the GPL issue, which is copyright and contract related.
Re: (Score:2)
Hi Bruce, as far as I understand it grsecurity changed its terms back in April. [theregister.co.uk] They seem to suggest that they supply patches to the kernel released under GPLv2 terms, but will refuse to offer further subscription support to anyone who distributes those patches. I don't know if there is a rider over "with our mark on them" on this or not, but if so wouldn't that place them in the same position as Redhat? I seem to recall that a similar situation arose with Virtuozzo in the early days, except they were distr
Re: (Score:3)
Redhat sequesters their support information from non-customers. It's really difficult to make a case that the support data is derivative of the Open Source involved. I don't believe Red Hat has attempted to stop any of their customers from redistributing an actual patch. Just other information.
I don't know about Virtuozzo, sorry.
I did not contact Open Source Security Inc. as they had by that time already had extensive and somewhat acrimonious discussions with others in the community.
I think my legal theory
Re: (Score:2)
I've had a look over their agreement here [grsecurity.net], and there is nothing to prevent redistribution of a patch under the terms and conditions of the GPLv2. It states that if it a patch is distributed outside of the terms of the GPLv2, then access to further patches in the future (not the patch provided) will be denied, on a works for hire basis.
I honestly don't think you've got all your ducks lined up here, and yes, I realise who I'm saying it to and how the hordes here will descend upon me.
Re:Not related to their mark (Score:5, Interesting)
The problem isn't with the text there. It's with what else they have told their customers. It doesn't even have to be in writing.
I have witnesses. If there was ever a case, obviously the prosecution would have to depose people to make this point. I am not actually planning on a case, though. I think this warning will have the desired effect.
Re: (Score:2)
I think there is lots of room for people to make security patches to the kernel, and for them to do them one at a time and get the kernel team to accept them. They belong in the mainline, not a patch.
If they need some special subsystem to support them, they should put that in the form of as small a patch as possible, get the kernel team to accept that, and then to make individual patches that make use of that facility.
In contrast, Grsecurity is a big patch built up over years, and I hear not always a carefu
Re: (Score:2)
I think my legal theory holds water.
Lets say I release (sell) v1.0 of my software to person A, B and C under GPL2. Then B does something I don't like, but I can't do anything about it, because they received the software and can propagate it further under GPL2.
The following year, I sell v2.0 of my software to person A and C under GPL2, but don't sell it to person B any more. They do not have any right to receive it from me. If A or C pass it on to B, they are free to do that. But I can put arbitrary restrictions on to whom I give my software,
Re: (Score:3)
A lot of people are having a problem with the time sequence of events.
Let's say you warn someone in advance that you will harm their business by withdrawing their support and removing them from your customer list, should they exercise their right which is granted to them under the GPL. That's adding a term.
Let's say that you never warn them about anything, they distribute stuff, and you decide to downsize your business and fire them as a customer. That is not adding a term.
It took me a while to get this str
Re: (Score:3)
They chuck patches they *know* won't be accepted upstream, whinge that they are being exploited when someone tries to make them palatable and rinses and repeats the whole process because they know it would destroy their pointless value proposition otherwise. As Linus said, their patches are utter garbage. They can either put up or shut up.
Re: (Score:2)
Re: Does Anyone Use That? (Score:2)
Re: Does Anyone Use That? (Score:2)
Linus on Grsecurity (Score:4, Informative)
Don't bother with grsecurity.
Their approach has always been "we don't care if we break anything, we'll just claim it's because we're extra secure".
The thing is a joke, and they are clowns. When they started talking about people taking advantage of them, I stopped trying to be polite about their bullshit.
Their patches are pure garbage.
Linus
Re: Linus on Grsecurity (Score:5, Insightful)
Re: (Score:2)
Re: Linus on Grsecurity (Score:2)
Re: (Score:2)
Linus is not a God, and often gets things spectacularly wrong (remember BitKeeper?) .
Uh, last I checked, Linus ended up writing an open source clone of BitKeeper that became immensely popular and is now used by just about every software company in the world, including Microsoft. You might have heard of it. What are you trying to say here?
In a sense that's spectacularly wrong, no? I mean, he was wrong (to trust the BitKeeper guy), and he took spectacular revenge. Of course in this sense we should then hope he gets hacked, because the result could be another spectacular piece of software, possibly upstaging grsecurity.
Re: Linus on Grsecurity (Score:2)
How do you upstate grsecurity? Their patches add zero net worth of security, they just hope by calling something security it will sell to some large companies.
If they want to add to security, submit patches to the kernel where things are broken.
Re: Linus on Grsecurity (Score:2)
Since you exist in 2006, can you warn us about the housing crisis and ISIS?
Re: (Score:3)
The only people who like git are trend chasing hipsters (like JavaScript "programmers") who have never used other systems. Professionals, on the other hand, prefer Mercurial or one of the numerous other DVCS and VCS that exist.
If only this were true. But it's not. It's my perspective that most programmers who adopt the usage of any version control tend to stick with the first one they learn. After that, they become loyal to that package, even if it dies off, they cling to the known quantity. That's in my view, how people pick their version control. It's rare anyone switches from one to another, unless forced to do so by an external.
Some people might use one outside of their normal to work with another team, but for their own
Re: Linus on Grsecurity (Score:2)
Re: Linus on Grsecurity (Score:4, Interesting)
You don't sound like a security expert either. If the kernels are so buggy, write patches and demonstrable exploit code.
sounds about right (Score:5, Insightful)
i usually fall into the "GPL is less free than BSD" camp, but in this case I agree fully with Perens. the Linux kernel is GPL, everyone who works on it agrees accepts that. if you don't like the GPL or the conditions it places on you, or how you (and others) can distribute your code - then go the fuck somewhere else.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Whoa! Aren't you talking about the most successful strategy for developing a kernel ever? There seem to be no shortage of developers of high competence working on the Linux kernel, includi
Re: (Score:2)
What a marvelous way to stop innovation in it's tracks.
[sarcasm]How dare people who draw up a contract expect you to abide by the contract when you agree to it. How dare they, sir![/sarcasm]
Forcing the same license requirements on actual changes to the kernel versus imposing the same license restriction on any downstream externally linked code is not going to attract many competent developers or those who specifically employee developers who can extend and enhance the functionality running against the kernel.
Er what? The patches that grsecurity are to the kernel which they are bundling with their code and then enforce new conditions on the kernel.
It seems the only ones who are allowed to reap any monetary rewards from the Linux ecosystem are the GPL cheerleaders collecting their consultant fees for their efforts in spreading the Open Source gospel. And who really cares what Linus thinks? The man seems to have graduated with honors from the Donald Trump public speaking University.
Ad hominem attack. Who cares what the maintainer/developer of Linux says about Linux? Are you daft?
The man basically ported the Unix kernel to the x86 architecture.
Um, you don't know the history of Linux or Unix do you? By port, you mean "write from scratch?" If you knew anything about the history of
Re: (Score:2)
by 'innovation', you mean whatever snakeoil your company wants to sell using the work of others? You do know that the kernel license doesn't apply to userspace, right? Userspace libs and executables have their own licenses (GPL or otherwise).
If you think linux is a 'unix kernel' then you are seriously misinformed. It's a unix work-a-like.
Please Read The Entire Statement (Score:5, Informative)
You should read the entire statement [perens.com], because there are things missing from the quote above that are important. The most important part is the legal theory:
Also, this is important to keep me in compliance with the law:
It's important to consider the goals of the GPL. You get great Free Software, but it's not a gift. It is sharing with rules that must be followed. You are required to keep it Free. And one of the implied purposes of the GPL is to cause more great Free Software to be made. This means that derivative works that are not shared really go against the purpose as well as the wording of the GPL.
Re:Please Read The Entire Statement (Score:5, Insightful)
It's important to consider the goals of the GPL. You get great Free Software, but it's not a gift. It is sharing with rules that must be followed. You are required to keep it Free. And one of the implied purposes of the GPL is to cause more great Free Software to be made. This means that derivative works that are not shared really go against the purpose as well as the wording of the GPL.
Amen, it's especially through the GPL that future developers are enabled to stand on the shoulders of the present.
Nothing gets lost, we all win.
Re:Please Read The Entire Statement (Score:5, Informative)
They don't want to play well with others. They should base on BSD or make their own kernel. No legal issues if they did that.
Re: (Score:2)
To me this smells like a blurb written to create a PR stink even though it has no legal substance. Nobody has the right to future business, I can say stuff like "If you start selling real fur products I'll boycott your store" and it would be "tantamount to the addition of a term" for our business relationship but legally it doesn't exist. You're not obliged to listen, I'm not obliged to come back. That loss of business might be seen as a "penalty" but it's the flip side of voting with my wallet. I don't see
Re: (Score:3)
Re: Please Read The Entire Statement (Score:2)
Not really. If you have entered into a contract with a company that buy your products you cannot after the fact add terms such as those about your customer using real fur.
It is similar to what happens here, the company has entered into a contract with Linux (the real fur) and GRsecurity has entered into the same contract but now GRsecurity is saying you can't execute your contract with Linux and they won't either even though you have the contract with them that explicitly says otherwise.
GRSecurity cannot pa
Re: (Score:2)
Yes, and you don't get to change the rules either, Bruce.
What they're doing is not "tantamount to the addition of a term t
Re: (Score:3)
A lot of people are not understanding the the importance of the time sequence. Because of the actions of Open Source Security Inc. to date, the customer already knows that there is a threat to cause them business damage if they exercise their right to distribution, before they perform the act of distribution. That's an additional term.
You are treating this as if the consequences of distribution are the only relevant element, and as if they only happen after distribution. This is not the case.
Re: (Score:2)
Bruce,
Your blog post states that "the contract from the Linux kernel developers to both Grsecurity and the customer which is inherent in the GPL is breached."
This is quite concerning. Please explain how you believe that the contract from the Linux kernel developers to the customer has been breached. What violation has the customer committed? More specifically, since the GPLv2 sec. 6 specifies that "[e]ach time you redistribute the Program (or any work based on the Program), the recipient automatically re
Re: (Score:3)
Let's look at what the magistrate said:
Re: (Score:2)
Why yes, Bruce, I have, and am licensed in multiple states. I actively practice intellectual property law as well.
The license granted
Re: (Score:3)
OK, if you're a real lawyer, I have no problem arguing law with you. I've won against folks who were admitted to the supreme court before.
The customer has that license for the kernel. They do not have that license for Grsecurity, because Grsecurity's license to the kernel terminated, and Grsecurity did not have the right to grant the GPL to the customer for an infringing derivative work. If Grsecurity was an independent work rather than deriv
Re: (Score:3)
I admitted no such thing. And telling me what I admitted, when I haven't, is a rhetorical trick, not argument.
Grsecurity is an unlicensed derivative work and it's owned in part by the kernel developers because it necessarily includes portions of the orig
Re: (Score:3)
In this case, it's the reverse. I understand how the software is applied (this is why I'm an expert witness in demand) and you're out of your expertise, sorry. The customer applies the patch. That gives them control of the infringing activity.
Perception of the GPL (Score:3)
Actually, all I see so far is that an intentional GPL violator's customers are not protected from that intentional violation. It's not at all clear that this is in any way different from the proprietary software licensing world, where a contributory infringement case brought on the customer rather than the vendor is a frequent strategy.
I check out the software
Re: (Score:2)
This is a problem affecting all OSS licenses (Score:2)
Re:This is a problem affecting all OSS licenses (Score:4, Interesting)
Re: This is a problem affecting all OSS licenses (Score:2)
No you cannot do that under proper open source licenses such as the GPL. In the cases of paint.net and classic shell and many more, they just want to have other people build and fix their product and then once successful, they want to close it and sell a commercial product. It's the main reason never to contribute to anything obscure that is under a MIT or BSD license.
Re: (Score:2)
Do like... (Score:2)
Re:Good example of why to avoid the GPL. (Score:5, Insightful)
Unless of course the goal is to keep the software open/modifiable by all while disallowing poaching by closed source developers. This frees the project from parasitic closed developers. They'll have to write their own code if they want to keep it closed.
Re:Good example of why to avoid the GPL. (Score:4, Insightful)
The GPL keeps the existing software and its derivatives free to use by and for all.
Re: Good example of why to avoid the GPL. (Score:2)
Re:Good example of why to avoid the GPL. (Score:5, Interesting)
* Yes, please link to one of the approximately 17,000 near-identical discussions of this nature we've already had on Slashdot over the years.
* No, I'd rather pointlessly go through the exact same longwinded to-ing and fro-ing and restatements of the same old facts purely to indulge my personal need, despite the fact I know the chances of any new insight coming out of the billionth tedious discussion of this long-established subject is next to nothing, despite the fact that those on both sides feel the need to repeat the same entrenched positions- which mostly come down to personal philosophy and not an incomplete understanding of the issues (which everyone knows full well by now) and will therefore be unlikely to change in the face of the discussion (not that this was the point anyway).
(Joking aside, I'm pretty sure the OP knows all this and is intentionally trolling; I'm also pretty sure the replying AC above isn't, which IMHO makes it worse).
Re: (Score:2)
The GPL is reasonable, You want to use someone elses code you should give back the improvements you make. I dont see anything wrong with that.
Re: Good example of why to avoid the GPL. (Score:4, Informative)
The GPL does not require any "giving back". It says that if you change the software, and give the changed version to somebody else, you must give them (a) the source code and (b) a GPL-compatible license for the combined/modified software. You could call that obligatory giving forward, but not obligatory giving back.
Re: (Score:3)
How is doing things secretly under NDA "in the public interest"?
It's the first question he would be asked. "Will do discuss this under NDA". So he's getting that out of the way before they start.
Re:Good example of why to avoid the GPL. (Score:5, Informative)
Re: (Score:2)
If the GPL was really about freedom then it would contain exactly one sentence.
"You are free to do whatever you want with this software. "
Wow, why do you hate freedom so much?
How am I "free" if I, as you claim, am forced to grant permission to others that allows them to assume ownership of everything I make, and at the same time deny me usage and possession of everything I make?
Sounds like forced slavery to me...
Re: (Score:2, Interesting)
Re: (Score:2)
I understand the GPL is "word libertarianism" a.k.a "just do as I say libertarianism" a.k.a. not libertarianism at all. Many (not most) GPL adherents see it as an inspired text with religious meaning and try to redefine common terms. No you people don't get to change the meaning of freedom and you don't get to define what people should want.
The GPL have an important place among other software licenses. It however do allow people to keep the metaphorical slaves as long as they swear to uphold the holy GPL. M
Re:Good example of why to avoid the GPL. (Score:4, Informative)
It however do allow people to keep the metaphorical slaves as long as they swear to uphold the holy GPL.
No one is forcing the GPL on anyone.
Absolutely no one is forced to take GPL code and do anything with it. Not a single person.
Slaves do not by definition have the choice to not be a slave.
If you don't want to "uphold the holy GPL" as you call it, you are perfectly free to get code in any one of many other ways.
You can find code licensed in some other way.
You can learn to code and write your own.
You can pay someone to write it for you and give you copyright ownership, after which you can license it in anyway you please, including not licencing it at all.
You are the one redefining "freedom", "slaves", and "forced" here.
Question mark abuse (Score:5, Funny)
Did you really ask this? Seriously. Did you?
Your opinion of GPL aside, are you remotely aware of law at all? Seriously. Are you?
I'd be curious to see if on your keyboard the "?" key is as worn down as the space bar.
Re: (Score:2)
The problem with using the Founder's Copyright is that Public Domain is not more free for the aggregate of all people than the GPL would be. It's just an invitation to integrate the public code into private works without returning anything, while the GPL promotes that more code is shared.
Re: (Score:3)
I'm so sick of seeing this bullshit.
The ONLY (alleged) "freedom" that the GPL restricts is the "freedom" to fuck over downstream users and take away the rights granted to them by the upstream authors and all contributors.
Only psychopaths, wannabe-psychopaths, and psychopath-sympathisers think that that's a "freedom" worth supporting.
Re: (Score:2)
Code have no freedom, nor rights. Information have no desires.
Re: (Score:3)
Re:Good example of why to avoid the GPL. (Score:4, Informative)
That's your right. Of course, this matters more if you've actually released anything under it.
I should tell you, though, I have had more than one person who used gift-style licenses come crying to me about how badly they were abused. Some decide the GPL is a better idea too late...
Re: (Score:2, Informative)
Re:Good example of why to avoid the GPL. (Score:4, Interesting)
The growth in use of permissive licenses (particularly if you look at github) over restrictive ones is a demonstration of pragmatism and the idea that not everything must be free and we can have non-free and free components working together and cooperating rather than focussing on a pure free software ideology.
I wouldn't necessarily even go that far. I am entirely in favour of a world in which all software comes with the FSF's four freedoms. The reason I release code under FreeBSD / MIT licenses is that this seems like a path that has an actual transition plan. If there's a BSDL project available that does 90% of what you need, then you can adopt it and add the remaining 10% without needing to change your business model. Most of the time, it's then cheaper to release the code. If it doesn't give you a competitive advantage, then upstreaming your changes means that your maintenance costs go down (and, often, other people will fix your bugs, in exchange for being able to use your new features).
If there's only a GPL'd project available, then I've worked with a lot of companies that aren't 100% sure that they will never want to do anything that the GPL prohibits and so will instead write a proprietary version (if you're lucky, you can persuade them to write a permissively licensed version). The GPL'd project doesn't ever enter the company (particularly with GPLv3, where anyone who owns patents gets very nervous) and so they never see the benefits of Free Software. It doesn't provide them with a transition path.
This transition path is particularly important because around 90% of all software developers are employed by companies that are not primarily computer companies. They are developing software for in-house use and so implicitly have all of the four freedoms (because they own the copyright), but don't contribute anything to the wider ecosystem (other than money to Microsoft, Oracle, SAP, and so on). Getting them to start using, contributing to, and then preferring open source solutions can unlock a lot of developer resources.
Re: (Score:3)
Good. The GPL is working as designed.
You do realise that that's a feature, not a bug, don't you? It's an anti-leeching provision. They should not be benefiting from the work of GPL developers if they're unwilling to abide by the terms.
In that case. they should be writing their own or payi
Re: (Score:2)
"Most quotes on the internet are made up."
- Albert Einstein
Re:Good example of why to avoid the GPL. (Score:5, Funny)
"Most quotes on the internet are made up."
- Albert Einstein
Yeah, right there you've demonstrated the "internet problem" in a nut shell... taking an Abraham Lincoln quote and then mis-attributing it to Albert Einstein.
Re:Good example of why to avoid the GPL. (Score:5, Funny)
"The definition of insanity is misquoting the same thing over and over and expecting different attributions."
- President Benjamin Franklin
Re: (Score:2)
"When the Internet is invented, I think it would be really cool if people misquoted me on it."
-- Abraham Lincoln
Re: Good example of why to avoid the GPL. (Score:4, Insightful)
How? You're completely forbidden to make derivative works of Microsoft Windows. You're also forbidden to distribute it in any way.
Re: (Score:2)
I completely disagree. Situations like Grsecurity make me glad it is written the way it is.
Re: (Score:2)
Re: (Score:2)
Why, so you can take other people's hard work like Grsecurity and force them to release their code publicly....
Errrrr, they've taken an entire fucking kernel that they didn't write to peddle their snakoil.
Re: (Score:2)
This means that merely linking your own original code with GPL code (that remains open source) and distributing it requires that you also release your own original code under the GPL.
No it doesn't. Nvidia do this with their binary kernel module and have done for a very long time. The deciding factor is distribution.
Re: (Score:2)
There's a subset of symbols that nongpl kernel modules are allowed to link to.
Re:Community (Score:5, Informative)
Bill,
Debian would have the previous version before this licensing problem came up.
I am not the plaintiff in any theoretical case, and in any case am not interested in suing Debian. That's not me. But this should be a wake-up call to Debian.
Regarding CDDL vs. GPL, Sun quite deliberately applied that license and refused to dual-license. One would imagine they had Linux in mind when that decision was made. Oracle continues that. It doesn't seem that anyone on the Linux side started that fight. And given the decision in Oracle v. Google that copyright can pass across APIs, at Oracle's behest, it does not seem to me that CDDL-GPL combinations are legally safe even if you dynamically link.
Re: (Score:3)
They don't have to distribute the kernel to violate the GPL in this case. Copyright also restricts the creation of derivative works. Grsecurity definitely is derivative of the kernel. The GPL would be their only permission to create and distribute a derivative work of the kernel. And one of the terms of the GPL is that you can't add any rules to your derivative that aren't in the GPL itself.
With respect, your understanding of copyright and licensing isn't quite complete. This is not a personal criticism, it
Re: (Score:2)
Hi Bruce,
Since you say that GRSecurity is 'definitely' a derivative work, and since you know about a million times more than I do, let's accept that claim as a fact for a moment.
GRSecurity is primary distributed as a set of patches which modify the Linux kernel's operation in various ways. The end user takes those patches and combines them with the kernel to achieve the desired (or maybe not, doesn't matter). According to your claim, they are not permitted to do so without license from the original work (th
Re:Sounds wrong: do they distribute anything that' (Score:4, Interesting)
This is a very large discussion and I'm not going to put in the hour necessary to explain it fully. One of the relevant cases is Galoob Games v. Nintendo. In that case, the Game Genie made by Galoob, which let you have infinite lifetime and ammo and thus cheat in Nintendo games, was thought to be a derivative work by Nintendo. Galoob won, because the Game Genie connected to a plug and only modified a few memory locations.
Unlike the modularity of the Game Genie and that of some of the other things you mention, Grsecurity does not limit itself to dealing with Linux through its APIs (like the plugs in the Nintendo console and game cartrige). Instead, Grsecurity gets dirty fingers all over the kernel internals. So, it's derivative.
I am very much a supporter of right to repair and to interoperate, and we should discuss that another time.
Re: Sounds wrong: do they distribute anything that (Score:2)
You are more than welcome to make derivatives of the Linux kernel and sell them (see Android). You do however have to comply with the license and thus you should see GPLed release code on sites from Samsung etc (which you often but not always do).
The company is not required to release the code publically either, only their customers can demand the code, however this has to be under the same license (thus you cannot do like Amlogic does and claim NDA for the Linux kernel)
Re: (Score:2)
Re: (Score:2)
There's been a few articles on this already.
It's an external patch-set that adds security features to the Linux kernel.
And now the guy who runs it wants to charge for it, and stop people distributing it, even though it is inherently a GPL-based work.
He's also a pain in the arse, but that's besides the point.
Re: (Score:2)
You would think. But look at the previous problem children: Larry McVoy did not comport himself very well around the Bitkeeper issue, and the then board of OSI tell me he wasn't too nice around them either. Things might have gone better for him had he behaved differently.
Hans Reiser. Had a reputation for abusing the kernel community before he killed poor Nina. I only talked with her on the phone and had lunch once with him, but I am astonished I don
Re: (Score:2)
Sadly, it's not just the open source community, it's the whole damn industry...
Re: (Score:2)
Re: (Score:3)
The entire point of the langauge in section 6 of the GPL is so that another party can not cause you to negot