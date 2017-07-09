Bruce Perens Warns Grsecurity Breaches the Linux Kernel's GPL License (perens.com) 28
Bruce Perens co-founded the Open Source Initiative with Eric Raymond. Now he's sharing a "strong opinion" that companies should avoid the Grsecurity security patch for the Linux kernel "because it presents a contributory infringement and breach of contract risk." Slashdot reader NewGnu shared Bruce's comments: [I]t would fail a fair-use test... Because of its strongly derivative nature of the kernel, it must be under the GPL version 2 license, or a license compatible with the GPL and with terms no more restrictive than the GPL. Earlier versions were distributed under GPL version 2... My understanding from several reliable sources is that customers are verbally or otherwise warned that if they redistribute the Grsecurity patch, as would be their right under the GPL, that they will be assessed a penalty: they will no longer be allowed to be customers, and will not be granted access to any further versions of Grsecurity. GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition...
This is tantamount to the addition of a term to the GPL prohibiting distribution or creating a penalty for distribution. GPL section 6 specifically prohibits any addition of terms. Thus, the GPL license, which allows Grsecurity to create its derivative work of the Linux kernel, terminates, and the copyright of the Linux Kernel is infringed. The contract from the Linux kernel developers to both Grsecurity and the customer which is inherent in the GPL is breached.
Perens advises companies to discuss his position with their attorneys, adding "In the public interest, I am willing to discuss this issue with companies and their legal counsel, under NDA, without charge."
This is tantamount to the addition of a term to the GPL prohibiting distribution or creating a penalty for distribution. GPL section 6 specifically prohibits any addition of terms. Thus, the GPL license, which allows Grsecurity to create its derivative work of the Linux kernel, terminates, and the copyright of the Linux Kernel is infringed. The contract from the Linux kernel developers to both Grsecurity and the customer which is inherent in the GPL is breached.
Perens advises companies to discuss his position with their attorneys, adding "In the public interest, I am willing to discuss this issue with companies and their legal counsel, under NDA, without charge."
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
* Yes, please link to one of the approximately 17,000 near-identical discussions of this nature we've already had on Slashdot over the years.
* No, I'd rather pointlessly go through the exact same longwinded to-ing and fro-ing and restatements of the same old facts purely to indulge my personal need, despite the fact I know the chances of any new insight coming out of the billionth tedious discuss
Re: (Score:3)
Unless of course the goal is to keep the software open/modifiable by all while disallowing poaching by closed source developers. This frees the project from parasitic closed developers. They'll have to write their own code if they want to keep it closed.
Does Anyone Use That? (Score:5, Funny)
Re: Does Anyone Use That? (Score:1)
Thanks for that well reasoned remark, way to contribute. The core kernel crowds utter unreasoning hostility toward grsecurity is well documented by now. Its made a laughing stock of the security of the stock kernel for decades, and nobody likes to be shown to be an idiot. Grsecurity recently changed its terms due to widespread abuse of its mark. I assume it has something to do with these new terms, and potentially these announcements were triggered by complaints made by way of retaliation.
Linus on Grsecurity (Score:4, Informative)
Don't bother with grsecurity.
Their approach has always been "we don't care if we break anything, we'll just claim it's because we're extra secure".
The thing is a joke, and they are clowns. When they started talking about people taking advantage of them, I stopped trying to be polite about their bullshit.
Their patches are pure garbage.
Linus
Re: (Score:2)
Getting a second opinion? (Score:2)
What does Bruce Brackets have to say about all this?
;)
Re: (Score:2)
I completely disagree. Situations like Grsecurity make me glad it is written the way it is.
sounds about right (Score:3)
i usually fall into the "GPL is less free than BSD" camp, but in this case I agree fully with Perens. the Linux kernel is GPL, everyone who works on it agrees accepts that. if you don't like the GPL or the conditions it places on you, or how you (and others) can distribute your code - then go the fuck somewhere else.
Community (Score:2)
Look, I don't give a shit about violating copyright for the sake of violating copyright. The companies that are all-take-and-no-give, like cheap router manufacturers, that cause the community danger with their unpatched crap - the community tolerates the lawsuits against them.
But if Bruce or Eric decide to sue Debian or Canonical (or whomever) for shipping GRSecurity with the kernel, I'll watch while the community turns on them like a pack of fucking wolves and their reputation takes a perpetual hit.
It's b
Please Read The Entire Statement (Score:2)
You should read the entire statement [perens.com], because there are things missing from the quote above that are important. The most important part is the legal theory: