Bruce Perens Warns Grsecurity Breaches the Linux Kernel's GPL License

Bruce Perens co-founded the Open Source Initiative with Eric Raymond. Now he's sharing a "strong opinion" that companies should avoid the Grsecurity security patch for the Linux kernel "because it presents a contributory infringement and breach of contract risk." Slashdot reader NewGnu shared Bruce's comments: [I]t would fail a fair-use test... Because of its strongly derivative nature of the kernel, it must be under the GPL version 2 license, or a license compatible with the GPL and with terms no more restrictive than the GPL. Earlier versions were distributed under GPL version 2... My understanding from several reliable sources is that customers are verbally or otherwise warned that if they redistribute the Grsecurity patch, as would be their right under the GPL, that they will be assessed a penalty: they will no longer be allowed to be customers, and will not be granted access to any further versions of Grsecurity. GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition...

This is tantamount to the addition of a term to the GPL prohibiting distribution or creating a penalty for distribution. GPL section 6 specifically prohibits any addition of terms. Thus, the GPL license, which allows Grsecurity to create its derivative work of the Linux kernel, terminates, and the copyright of the Linux Kernel is infringed. The contract from the Linux kernel developers to both Grsecurity and the customer which is inherent in the GPL is breached.
Perens advises companies to discuss his position with their attorneys, adding "In the public interest, I am willing to discuss this issue with companies and their legal counsel, under NDA, without charge."

Does Anyone Use That?

[segedunum]

Grsecurity is snakeoil dogshit.

Re:Does Anyone Use That?

You haven't a clue

Re: Does Anyone Use That?

Thanks for that well reasoned remark, way to contribute. The core kernel crowds utter unreasoning hostility toward grsecurity is well documented by now. Its made a laughing stock of the security of the stock kernel for decades, and nobody likes to be shown to be an idiot. Grsecurity recently changed its terms due to widespread abuse of its mark. I assume it has something to do with these new terms, and potentially these announcements were triggered by complaints made by way of retaliation.

Re: Does Anyone Use That?

Submit good patches and we'll merge them. Hell, report some bugs. But no, that's not how you guys operate. You work in an ivory tower for months and send us a massive patch that lacks any organization or any reasonable way to break it down for review. At this point, we think you should take your pile of "security" patches and go write your own kernel to go with it.

Re: Does Anyone Use That?

[segedunum]

Anonymous cowards protesting how Grsecurity have been so badly abused by everyone. Diddems. How predictable.

They chuck patches they *know* won't be accepted upstream, whinge that they are being exploited when someone tries to make them palatable and rinses and repeats the whole process because they know it would destroy their pointless value proposition otherwise. As Linus said, their patches are utter garbage. They can either put up or shut up.

Re: Does Anyone Use That?

If Linus said so then it's true, of course. Of course.

Re: Does Anyone Use That?

Winge is a synonym for cringe. What is with the alliterates on the internet these days?! Do you ever look up words you're unfamiliar with? Perhaps you were searching for whining, rather than whinging?

Why would somebody cringe when a patch is rejected if they had anticipated that rejection? Makes no sense at all.

If you're going to stamp your feet like that, at least correct your demands.

Re: Does Anyone Use That?

[Desler]

Whinge means to whine. It is not a synonym of cringe.

Re: Does Anyone Use That?

Linux has a rather looooooong history of rejections of totally fine patches.

Linux project is just a clique of corporate monkeys who cannot stand unknown faces around them.

Re: Does Anyone Use That?

[segedunum]

FFS, we really have brought out the fuckwits today. Mind you, I'm not on Slashdot much these days so it could be a regular occurrence. 'Whinge'. Google is your friend.

Re: Does Anyone Use That?

It's more the other way round: Linus said so because it is true. Of course.

Re:Does Anyone Use That?

Such snakeoil that other kernel devs take their patches, rework them till they're "mergable" in Linus's eyes, and submits them. Sometimes they even remove gresecurity's copyright notices and pass the patches off as their own. Accidentally, of course.

Re:Does Anyone Use That?

[volkerdi]

Linus, is that you?

Re: Does Anyone Use That?

[james_marsh]

Yep it's like someone is testing a bot designed to drown out reason, much like the comments on news sites seem to be these days. People are pushing BSD and no one has even mentioned netcraft. Not like the old days at all.

Re: Does Anyone Use That?

[Brockmire]

What I hear: "wah, you should be spoonfeeding us this because it's over our heads. Fuck the good ideas and flaws that get fixed, submit pretty patches or fuck off."

Re: Does Anyone Use That?

[Brockmire]

There's history between grsecurity and the kernel people going back years. Bitching about large patch and disagreeing on importance of various behaviour sums it up. It's super paranoid security people against defensive kernel programmers who feel attacked for their code and decisions. At no time did I get the impression it was as bad as dealing with someone like apk. But there was a lot of butt hurt to go around.

Re: Does Anyone Use That?

[Brockmire]

Alliterates. Is this irony?

Re: Does Anyone Use That?

[guruevi]

Seems like the Grsecurity guys have no idea how to work with others and instead of respecting the copyright of many of their past contributors, they simply steal it in the hopes of making a buck before it dies in obscurity.

Re: Does Anyone Use That?

[geoskd]

Fuck the good ideas and flaws that get fixed, submit pretty patches or fuck off

Patches can introduce bugs and security flaws as easily as they can fix them.

Every where I have worked has a had a strict policy of one issue per pull request for that very reason. Reviewing code is hard enough when its a single issue at a time.

Re: Does Anyone Use That?

[gnasher719]

What I hear: "wah, you should be spoonfeeding us this because it's over our heads. Fuck the good ideas and flaws that get fixed, submit pretty patches or fuck off."

What I hear from you is that you have no idea how software development works. Yes, absolutely, if you supply something that cannot be integrated, then fuck off.

Re: Does Anyone Use That?

[Zero__Kelvin]

You don't hear very well. The kernel is good because they follow a process. That process involves submitting code that can be readily reviewed before being accepted. "Trust us, it's great" gets a "go fick yourself", and that is exactly as it should be. If you think ANYTHING is over their head but not over the heads of the grsecurity devs you are clueless, but even if that were the case it is up to them to justify and explain their code or beat rocks.

Re: Does Anyone Use That?

Spoonfeeding? Over their heads? Bullshit. Rather that the submitters are way out of their league when it comes how to submit code.

The burden of work should be on those submitting the patch not those receiving it.

If you submit shitty patches or patches so massive it takes unreasonable amount of time to review them, I would be pissed off if they were accepted.

Also, if you submit a patch that addresses several issues, how should the review process be handled? If one part is not approved, then the entire patch is denied, right? Or do you always want someone else to do your work for you?

Re: Does Anyone Use That?

[Zero__Kelvin]

Great point. Linus should really consult someone who has written some quality code and has experience reviewing and accepting or rejecting patches ... oh, wait!

Re: Does Anyone Use That?

[rtb61]

I would be extremely suspect of any company that supplied blob patches, like M$ does to hide the individual elements of that patch. Straight up, I would suspect them of trying to put in a back door. So the question is to put all the effort into tearing down and completely dissecting that blob and only apply those elements of it that have been fully checked or just bin it and do the coding directly, which will likely be quicker.

Everyone knows exactly the reason why kernel patches at keep neat, specific and fully detailed and a security company should know better than others. This code blob probably a try it on and the next one, the attack blob. Lets be honest everyone knows the CIA/NSA would pay tens of millions in corrupt bribes to get a back door forced into Linux.

Re: Does Anyone Use That?

Submit good patches and we'll merge them.

If you pay us.

Hell, report some bugs.

If you pay us, then take our solution as a whole, including potentially substantial performance regressions.

You work in an ivory tower for months and send us a massive patch that lacks any organization or any reasonable way to break it down for review.

Years, actually. And there's plenty of organization. It just can't be broken down. grsecurity is the systemd of kernel patches.

At this point, we think you should take your pile of "security" patches and go write your own kernel to go with it.

But we're awesome! And every time there's a security bug, we'll plug how awesome grsecurity is [even if it wouldn't have necessarily helped]!

PS - Seriously, reading their posts on lkml or on lwn is just a great exercise is why good code != good people. Not that all of grsecurity is good. The whole Stack Clash thing is an unfixable mess from a kernel perspective (at least how I've heard it described) without minimally fundamentally breaking user space; and that still might not be enough but only enough to mitigate. So, of course, when someone rubs that in on a CVE, grsecurity people counter with a lot (and there are a lot) of Linux kernel security bugs.

Like you say, at this point they should just move on and either (1) use another kernel or (2) write their own. We can pick through grsecurity and incorporate good ideas, and yes, invariably introduce more bugs or not enough mitigation than we should. That's just a sad truth because incorporating all of grsecurity would be a bad idea. Even if we did and properly attributed PaXTeam, they'd still bitch and moan about it. Like others have suggested, I don't think they want to be paid to incorporate their changes into Linux mainline anyways because it fundamentally undermines their consulting business and their generally pissiness.

At this point? Fuck 'em.

Re: Does Anyone Use That?

if only this tiny bit of reason was to be used while merging systemd crap into the kernel...

Re: Does Anyone Use That?

I smell a lawyer. Or is that a rat?

Re: Does Anyone Use That?

It's super paranoid security people against defensive kernel programmers

Super paranoid security people that don't know the value of small readable improvements?

The only thing one huge patch has to do with security, is security by obscurity.

Re: Does Anyone Use That?

Your argument would be valid if it were true, but: the grsecurity patch can be integrated, this is obvious for the very simple reason that kernels built with it work, in real life scenarios, with very real servers.

Re: Does Anyone Use That?

Netcraft confirms it: Netcraft is dying.

Re: Does Anyone Use That?

I get your point, Brockmire - I'm thinking I could make good money televising "Nerd Fight", although it never really gets beyond slapping at a distance while looking the other way.

Re: Does Anyone Use That?

I don't think we're hearing the whole story. This post by Brad, in response to Linus' infamous "garbage" remark, seems to indicate that the patches are and have been split before, only Brad is (quite evidently) fed up of jumping through hoops for years for no pay with nothing to show for it at the end. He's right in that under the GPL there is no obligation to perform further work for free. If Bruce's legal theory holds, then it implies that coders releasing code under the GPL must continue to supply further work on that project whether they want to or not. That doesn't sound right to me, in fact it sounds like indentured slavery.

Re: Does Anyone Use That?

[Zero__Kelvin]

It doesn't sound right because you are the only one making such a ridiculous claim.

Re: Does Anyone Use That?

At this point, we think you should take your pile of "security" patches and go write your own kernel to go with it.

Oh, so wander off with systemd then?

Re: Does Anyone Use That?

How did that not bring that mad man out of the wood work?

Re:Does Anyone Use That?

You're an idiot.

Re: Does Anyone Use That?

Please keep it civilised, if you'd like to read further down in the comments you'll find that at least two other people have discussed this same issue. The situation is that grsecurity seems to be providing works for hire, the work product being derivative code released under the GPLv2. Bruce's witnesses say that there is an unwritten verbal clause saying that if you redistribute the derivative code, then no further work will be done for you. Now, the written license says "if you redistribute the code outside of the terms of GPLv2", but we'll assume his witnesses are correct.

What Bruce has said is that he believes that this refusal to provide more work product upon redistribution effectively adds an extra restriction under the terms of the GPLv2.

Okay, so let's try playing devil's advocate. Let's start with something simple, bear with me:

Let's say I'm a programmer doing work and providing changes to someone's GPLv2 based codebase. At some point, that code gets used in a way that I don't like, maybe a copy was used in a missle system, perfectly within the GPLv2 but against my personal ethics. At no point is there any suggestion that the GPLv2 prevents me from quitting on the spot, even if by doing so I have damaged them if they were critically relying on me for changes. But wait, "not working on missles" is an extra term to the GPLv2! Except it isn't, the licensing terms on the copyright remain the same, I can't stop that code from being redistributed and used, it's my own work that is being withdrawn.

Likewise, it would be absurd to suggest when entering into a work contract to work on GPLv2 code I can't negiotate terms that say I don't want to work on the codebase if you start using it to make Furbies, or indeed if you start distributing the code to people I don't like. I can't prevent anyone from legally redistributing under the terms of the GPLv2, and I can't get my employers to change the terms of the license if its derived from other GPLv2 work, but I can stop working for them.

I think the distinction I wish to make is that all of these are extra restrictions to the conditions under a work for hire, but none of them are extra restrictions to the license under with the copyrighted work is used. They aren't preventing the code being redistributed under the GPLv2, they just don't want to carry on working for people who do. In that regard, it's clear that it is not the same as an NDA.

Don't get me wrong, I don't like the way this is being used, but just because I want someone to work for me, doesn't mean I believe that I have a right to coerce them to.

Re: Does Anyone Use That?

To look at it another way: logically, no valid GPL code has ever been produced within the US, as export restrictions constitute an additional restriction under the terms of the GPL. Now, I don't believe this, it's clearly aburd as it is conflating the terms of a copyright license with an export restriction, in much the same way as it should be absurd to conflate an employment contract with a copyright license.

Re: Does Anyone Use That?

Well said. Your comment is so insightful it could well be the only comment needed on this story. Mod the rest down to -1!

Re:Good example of why to avoid the GPL.

[Rockoon]

I for one support the BSD license, and the BSD kernel.

Linus on Grsecurity

Don't bother with grsecurity.

Their approach has always been "we don't care if we break anything, we'll just claim it's because we're extra secure".

The thing is a joke, and they are clowns. When they started talking about people taking advantage of them, I stopped trying to be polite about their bullshit.

Their patches are pure garbage.

Linus

Re: Linus on Grsecurity

Linus is not a God, and often gets things spectacularly wrong (remember BitKeeper?) As such, rather than take his statements as gospel, try using your own judgement. It's a crying shame that the kernel community chose to drive out Brad Spengler without reason and lost out on securing the kernel, instead choosing to rely on NSA supplied code that doesn't actually seem to prevent any real world attacks.

Re: Linus on Grsecurity

[110010001000]

I'll take the judgement of the guy who actually wrote the kernel over a Grsecurity shill.

Re: Linus on Grsecurity

Why? The Linux kernel has been shown to have numerous years-old bugs that Linus let slip through. Oh and the "many eyes" have also been an abject failure at finding them. So I'm not sure why he should be trusted.

Re:Linus on Grsecurity

Are we talking about the same guy who still cannot recognize security fixes and the importance to assign them a proper CVE?
The same guy who called openbsd guys "masturbating monkeys"?
Yeah, no wonder why linux is a security joke.

Re: Linus on Grsecurity

Linus is not a God, and often gets things spectacularly wrong (remember BitKeeper?) .

Uh, last I checked, Linus ended up writing an open source clone of BitKeeper that became immensely popular and is now used by just about every software company in the world, including Microsoft. You might have heard of it. What are you trying to say here?

Re: Linus on Grsecurity

[110010001000]

All software has bugs. It is natural. He can be trusted because he has proven himself.

Re:Linus on Grsecurity

Said "Their patches are pure garbage" and then commits LSM garbage.
wow much quality wow

Re:Linus on Grsecurity

Can't you say roughly the same thing about systemd? "we don't care if we break anything, we'll just claim it's super-fast on startup"

Re: Linus on Grsecurity

Your paranoia and hostility speak louder about the attitude I was referring to than I could ever hope to, it's pure toxic hate. I'm not related to grsecurity in any way, although no doubt you'll now claim that I'm lying. Once someone is that paranoid, nothing you can say or do will ever convince them otherwise.

Re:Linus on Grsecurity

Yes but systemd is made by "one of us"! You don't get it buddy?
Linux has stopped being technical long ago, it's just a social dance this days with a full-mouthed bouncer on the door.

Re: Linus on Grsecurity

On GrSec:

First of all Linus is a demi-god. He's going to tell you in his very crude words what he really, really thinks. How many people with his notoriety do that? Even Trump can't get to his heel and they call it the god emperor.

Sure, it could be said in a nicer way but personally I value genuine statements much more than I value PC garbage.

Second, for I know Brad (and pipacs) since 15 years - Brad has some mental issues. He's not a bad guy, but with his problems AND the fact that he doesn't understand why GPL'd software he builds on can't make money and pay the rent makes for a rather bad outcome. It's always tantrums and bs with Brad. pipacs is alright.

Finally, some of the GrSec patches are or were truly useful, though they do indeed break a lot of kernel stuff "in the name of security", aren't very well written and sometimes, oops, introduce really, really bad kernel exploits. This doesn't bode well with Linus. He wants the patches, but only if they're properly written. That is the reason why Linux is so successful by the way. He will balance these things well. As soon as Linus is gone it's going downhill.

On SELinux:
Few people actually use SELinux. Is this the best thing since sliced bread? Nope. There's been much better efforts, better OSes (than Linux !) but none runs the stuff you want them to run. SELinux is otherwise actually alright and when configured does help - but for most, it's easier to run multiple VMs or.. err, containers (which security is funny when you understand how namespacing works and it's current status in the kernel vs how AVC works)

Re: Linus on Grsecurity

Obviously you're too young to remember. For three years Linus insisted that the kernel source should be stored using BitKeeper after warnings from all quarters that he shouldn't be using them. It was only once it came back to bite him in the arse as he had been repeatedly told it would (whoops! free license revoked) that git came about. It may be immensely popular and widely used now, but at its birth it was an emergency panic reaction after Linux lost its DVCS.

Pulling truimph from catastrophe like that is why people stick with Linus (and make no mistake, I am not anti-Linus in any way at all), but it doesn't stop the original call being a bad one, and now with hindsight those who were critical can say with certainty that they were correct.

The point is that being critical of a decision is not the same as being critical of a person or organisation, and you should feel free to criticise some decisions. Hell, Linus loves criticising bad code, and it's not personal. My criticism is that grsecurity makes a tremendously positive impact in terms of hardening the linux kernel to attack, and that going with the NSA was a bad decision. Rather than act like rabid attack dogs, finding a way to work together would have been far better for the linux community as a whole.

Unfortunately, it's far too late now. And here we are.

Re: Linus on Grsecurity

Proven how? Even basic security methods have seen a bad joke implementation on linux e.g ASLR, not to speak about anything non-trivial.
They even refuse to assign CVEs and properly report security vulnerabilities.
Yeah, that's some rather trusted security skills there.

Re: Linus on Grsecurity

[mean+pun]

Linus is not a God, and often gets things spectacularly wrong (remember BitKeeper?) .

Uh, last I checked, Linus ended up writing an open source clone of BitKeeper that became immensely popular and is now used by just about every software company in the world, including Microsoft. You might have heard of it. What are you trying to say here?

In a sense that's spectacularly wrong, no? I mean, he was wrong (to trust the BitKeeper guy), and he took spectacular revenge. Of course in this sense we should then hope he gets hacked, because the result could be another spectacular piece of software, possibly upstaging grsecurity.

Re: Linus on Grsecurity

logic fail in conclusion attempt. back of the short bus fer you.

Re: Linus on Grsecurity

The only people who like git are trend chasing hipsters (like JavaScript "programmers") who have never used other systems. Professionals, on the other hand, prefer Mercurial or one of the numerous other DVCS and VCS that exist.

Re:Linus on Grsecurity

Brad Spengler of GRsecurity replies

So Linus, you called the patches garbage when someone asked how we fixed the heap stack gap issue 7 years ago when you failed to. Can you provide any technical details demonstrating why that fix is garbage, the fix that looks very similar in form and function to what's present upstream now finally (in some of the kernels at least, and minus ours being configurable and cleaner)?
Can you explain how our fix breaks userland and how your 2010 fix didn't?

If not, I'd suggest you keep your lies and FUD to yourself. No one but lackeys for your cult of personality are buying it. You and others trot out the same old tired excuse about "breaking userland" and never offer up any real facts. If it were the case, it wouldn't be possible to run grsec on anything but distros with recompiled userland, and yet we work just fine on any distro. It's a meaningless crutch for people apparently have never looked at any kernel code of ours who refuse to
accept the simple facts:
1) You're not security experts
2) You view security as an annoyance
3) The Linux kernel's security track record is terrible

It's the only way they can justify it in their minds -- the problem surely can't be that you've ignored the problem for years and lied to people telling them it's the best that can be done. When some outside group proves you wrong, you have to pretend there's no way you could have done what they did, because you care so much about code quality. How can you explain the verbatim copy+pasting of our code if that's the case? Please explain to the world how if our code is such garbage, you haven't been able to come up with any significant security improvements without it?

Put up or shut up, for once.

> Please.
Please.

-Brad

Re: Linus on Grsecurity

You've got the BitKeeper story wrong. He was never out for revenge. He was rather upset with Tridgell though...

Re: Linus on Grsecurity

[nitehawk214]

Since you exist in 2006, can you warn us about the housing crisis and ISIS?

Re: Linus on Grsecurity

Yeah, I remember BitKeeper. I remember Linus being loyal to Larry. I remember Larry taking his ball home. I remember Linus writing the replacement himself because all other options were bullshit.

It's a crying shame that the kernel community chose to drive out Brad Spengler

LOL. Are you Brad or something? Did you run to Slashdot to spam the shit out of this thread, because AC? Haha.

Re: Linus on Grsecurity

[guruevi]

How do you upstate grsecurity? Their patches add zero net worth of security, they just hope by calling something security it will sell to some large companies.

If they want to add to security, submit patches to the kernel where things are broken.

Re: Linus on Grsecurity

[guruevi]

You don't sound like a security expert either. If the kernels are so buggy, write patches and demonstrable exploit code.

Re: Linus on Grsecurity

[Zero__Kelvin]

You win the "Most Ridiculous Faux Reasoning on the Internet" award!

Re: Linus on Grsecurity

[Zero__Kelvin]

We know the whole story better than you. Those warning Linus didn't think, like I am sure Linus DID, "This works and saves time. If anything changes I will take a couple weeks and spin something up that is better when it is time." He also couldn't have predicted that another guy would violate the terms, reverse engineer the protocol, and try to implement a bikeeper clone. Blame that asshat.

Re: Linus on Grsecurity

As far as I understand it, originally patches were submitted, over a period of time, which were rejected. There was a falling out with insults flying around, and as a result no further patches were submitted to the mainline.

The good news is that recently it looks like some of those patches are now being resubmitted as part of the kernel self protection project (if they can sort out the copyright and attributation, I wonder if Bruce Perens will be as vocal if copyright is stripped for code going into the kernel?)

If you honestly believe it adds net zero worth of security, then it's pointless arguing further with you as it's obvious you have absolutely no idea what you're talking about.

Re: Linus on Grsecurity

[vux984]

"In a sense that's spectacularly wrong, no?"

Was Linus spectacularly wrong or were the BitKeeper people spectactularly wrong? I've always taken that sequence of events as a calculated risk... he didn't expect bitkeeper would revoke their use of bitkeeper; but he also know he could replace it quickly if they were boneheaded enough to do it.

They revoked the license. He wrote git over the weekend. And ... problem solved. Not really a big deal after all.

Re: Linus on Grsecurity

"i" did. I submitted it as part of a 20MB binary blob. Gitguud! :p

Re: Linus on Grsecurity

[Bruce+Perens]

This is hysterically funny if you actually understand what Tridge did.

Re: Linus on Grsecurity

Someone failed first grade debating....

When do you move on to calling them a poopyhead?

Re: Linus on Grsecurity

[duke_cheetah2003]

The only people who like git are trend chasing hipsters (like JavaScript "programmers") who have never used other systems. Professionals, on the other hand, prefer Mercurial or one of the numerous other DVCS and VCS that exist.

If only this were true. But it's not. It's my perspective that most programmers who adopt the usage of any version control tend to stick with the first one they learn. After that, they become loyal to that package, even if it dies off, they cling to the known quantity. That's in my view, how people pick their version control. It's rare anyone switches from one to another, unless forced to do so by an external.

Some people might use one outside of their normal to work with another team, but for their own projects, they'll stick to their first/favorite.

Re: Linus on Grsecurity

[Bruce+Perens]

Tridge used telnet to get to the Bitkeeper server port, and typed "HELP". That was the great crime!

Most people who understand this believe that Larry over-reacted.

My personal conclusion was that Larry made things much worse for himself with his own behavior. I hope he learned something and is doing better now.

Re: Linus on Grsecurity

[Bruce+Perens]

Walter Tichy is our savior! :-)

The truth is that most people don't use 95% of the feature set of a version control system, and everything they wanted was there in RCS back in 1982.

Re: Linus on Grsecurity

Meanwhile, grsec also tends to be publicly dismissed by certain anonymous employees of certain organizations due to their toolsets generally not working on them.

It's pretty sad what passes as "secure" by the average Linux admin these days. It's as though nobody's learned a god damned thing.

Re: Linus on Grsecurity

He also couldn't have predicted that another guy would violate the terms, reverse engineer the protocol, and try to implement a bikeeper clone. Blame that asshat.

For one, the terms themselves were asshat. But lets stop for a minute and pretend that it was an asshat thing to violate the terms. So, the terms were violated, and one developer got his license revoked. Could he just buy another license? Nope, he'd still be in the same boat and get that license revoke. Hmm...it's almost as if the terms themselves were asshat because they relied upon terms that inherently incompatible to a Free software development system or really any system that allows for some third party to revoke a license.

In short, it was only a matter of time before some "asshat" who was important enough got his license revoked because of asshat licensing terms. Hell, the whole fact that the Linux kernel was being maintained on third-party servers with no real ability to be cloned was a recipe for disaster regardless. It was all something Linus should have saw coming, but he just wasn't interested at making yet another version control system and Bitkeeper suited him.

So, definitely a fuck up on Linus' part. Just like it's a fuck up on Linus' part to dismiss grsecurity code just because the developers are asshats. It's great than KSPP is at least heading towards adopting code of grsecurity and presumably at least some of PaXTeam's complaint of partial patches or obvious lack of understanding will improve as KSPP progresses. I also agree with PaXTeam in they should receive more attribution when their code is heavily the inspiration for or heavy copy-and-pasted from--although I imagine they'll still bitch because nothing short of a complete inclusion will make them happy and undoubtedly some of their code is going to be shown to be the sort of exploits in the future.

PS - Seriously, asshats pretty much all around. Except Linus. I do think he's guilty of arrogance and pompousness, though. But that's sort of what most leaders are about. *shrug*

Re: Linus on Grsecurity

[phantomfive]

Local branches are super-great, though.

Re: Linus on Grsecurity

I spoke with Tridge about a week or two after at Wineconf in Germany.

His reply to my questions was something along the lines of 'HAH what a joke this has turned in to, I used to telnet to hit the port, put in the raw commands and checked out my stuff in to CVS' or words to that effect.

He never agreed to the license, he accessed a public server, and he made a way for anyone to import the code. But bloody hell, he is evil for violating Larry's insane terms or Linus verbal bro's agreement with him.

- sedwards

Re: Linus on Grsecurity

[Zero__Kelvin]

So Tridgell ... the guy who reverse engineered Microsoft's SMB protocol and created SAMBA, was just curious about the protocol but had no intent of doing anything with the information then? Is that really what you believe?

Re: Linus on Grsecurity

[Zero__Kelvin]

So ... You DO know that EVERY version of the Linux kernel is freely available via git, thereby disproving your claim in its entirety, right? Also, your Stallmanesque/ idealistic version of "free" and Linus' pragmatic, free as in "open" version differ. He made a choice you didn't like, but time has shown that it wasn't a debilitating choice.

Re: Linus on Grsecurity

First of all Linus is a demi-god.

Aaaand you lost me. Sorry, I never debate with anyone who goes full kook on the first sentence.

Re: Linus on Grsecurity

Amusingly this is something like the 7th accusation here that any AC supportive toward grsecurity is Brad in disguise. You can't buy paranoia like that, and shows clearly the kind of kooks he's up against. No, I'm not Brad. Try the AC further down, he looks a lot more like Brad. Maybe try other stories, too? Hey, you're posting AC, maybe you're Brad!

Re: Linus on Grsecurity

[jeremyp]

And now because of the Linus Worship, we are all stuck with having to use the pile of shit that is git.

Re: Linus on Grsecurity

[jeremyp]

My first was CVS, then I progressed to svn, after that to Mercurlal which is my favourite, but I grudgingly use git now because my dev tool only supports it and svn. Of the source code control tools I have used, git is without doubt not as bad as CVS. Other than that it would have been better if it had never existed.

Re:Linus on Grsecurity

Thanks for posting that Brad.

Re: Linus on Grsecurity

[BadDreamer]

So where is the damage caused by Linus in all this? The whole point of bringing this up is to show how Linus is not to be trusted, and that means that the decision by Linus must have caused damage, or it would be pointless bringing it up.

So where is the damage? What bad thing does Linux carry with it from this decision? How are we crippled by Linus' decision?

Re: Linus on Grsecurity

I am sure Linus _didn't_ think "if anything changes I will take a couple weeks and spin something up that is better". If that would have been his thought, it would have been stupid not to take those couple of weeks at the time the thought occured since the continued dependency _did_ cause friction in kernel processes (and likely also affected his friendship with Larry McVoy).

At any rate, Tridgell did _not_ "violate the terms" when reverse engineering the Bitkeeper protocol since he wasn't even a Bitkeeper customer, and McVoy did not have actual terms for the "free" license of Bitkeeper to Linux rather than volatile "understandings" of what he did or did not expect others to do to keep providing Linux developers with Bitkeeper.

Linus trusted those conditions/understandings to stay compatible with the needs of Free Software developers engaged with Linux, McVoy being a friend of his. When the arrangement did not work, he separated friendship from business (often a good idea) and created Git.

Re: Linus on Grsecurity

[mean+pun]

The whole point of bringing this up is to show how Linus is not to be trusted, and that means that the decision by Linus must have caused damage, or it would be pointless bringing it up.

Wot? No. I have no idea where you get all this from.

Look, I like Linus. He knows what he's doing, both technically and with people management. I trust his evaluation of grsecurity.

My lighthearted point is simply that (arguably) Linus was wrong to use BitKeeper, but that he recovered from the issue in a spectacular way by writing his own software that has upstaged BitKeeper. Therefore, he was 'spectacularly wrong' about BitKeeper. See? It's a joke. No? I guess you had to be there then...

Re:Linus on Grsecurity

[martinfb]

Do you care to site where this can be verified?

Re:Linus on Grsecurity

> Do you care to site where this can be verified?

No, but he can probably cite it.

Re: Linus on Grsecurity

So ... You DO know that EVERY version of the Linux kernel is freely available via git, thereby disproving your claim in its entirety, right?

Because Bitkeeper was proven to be unreliable because it had a fit when a developer chose to violate its terms of use which amounted to any attempt to clone Bitkeeper. Yes, as a compromise Bitkeeper had ran a gateway to access the in-development kernel with open tools, but they weren't 1st class citizens--ie, you had to use Bitkeeper's software or you got an inferior version. Want to make it better? Oops, again, that violates the terms of use.

Also, your Stallmanesque/ idealistic version of "free" and Linus' pragmatic, free as in "open" version differ.

Right, and his pragmatic choice bit him in the ass.

He made a choice you didn't like, but time has shown that it wasn't a debilitating choice.

Granted. And rarely is it a debilitating choice unless you rely upon a massive ecosystem of software. Thankfully Linus was only using one, relatively easily replaceable bit of software. It was still a dumbass move when he could have made git a short while after using Bitkeeper and realizing it wasn't going to work out in the long-term. Just like he started Linux because Minix's system of patches-only for redistribution wasn't a long-term solution for a project that inherent was at odds with the end goal.

So, Linus shits on grsecurity and PaXTeam because they're asshats and he says their code sucks? Fine. The answer to that is to, you know, take the core idea of what grsecurity was after and implement that. Instead, we're now how 16 years in to grsecurity as a separate patch set and a lot of the valid complaints are still there and as much as I would out that we don't want a lot of grsecurity-like ideas in the mainline kernel and grsecurity's patches don't prevent or mitigate a lot of security vulnerabilities, there's still a lot of good ideas that should have been put in the mainline kernel a long time ago.

And before you say, "make your own patches", the point is that (1) invariably Linus has to approve them to get into mainline and hence get the widest adoption and (2) I do agree with PaXTeam that someone should be being paid--although I think not them--to implement those patches and not on the scale that KSPP is being done. Instead of seeing how Windows security in 2001 onward was a clusterfuck and they tried to get their act together, a large part of the Linux community--Linus included--has rested on his laurels on the notion that the Linux kernel is just somehow better. It's irrelevant to me or an attacker if Linux is better. It matters to me if it's exploitable.

Re: Linus on Grsecurity

[almitydave]

The only people who like git are trend chasing hipsters (like JavaScript "programmers") who have never used other systems. Professionals, on the other hand, prefer Mercurial or one of the numerous other DVCS and VCS that exist.

If only this were true. But it's not. It's my perspective that most programmers who adopt the usage of any version control tend to stick with the first one they learn. After that, they become loyal to that package, even if it dies off, they cling to the known quantity.

Well, I started with Rational ClearCase and use git now; in between I used (in no particular order) VSS, PVCS, CVSNT (+TortoiseCVS), and TFS. git is my preferred system of all of those, solving every shortcoming I personally experienced.

I doubt your assertion holds for programmers who moved from file-locking "checkout-and-edit" based systems to an "update-and-merge" paradigm. The latter is so much easier. By the end of my use of VSS, I was basically doing that anyway with one directory containing the source-controlled copy, and another directory containing the copy I actually worked on, and just merging back and forth as necessary.

Re: Linus on Grsecurity

[Zero__Kelvin]

Hopefully you realize I didn't waste my time reading your drivelous rant about nothing.

Re: Linus on Grsecurity

[duke_cheetah2003]

I doubt your assertion holds for programmers who moved from file-locking "checkout-and-edit" based systems to an "update-and-merge" paradigm. The latter is so much easier. By the end of my use of VSS, I was basically doing that anyway with one directory containing the source-controlled copy, and another directory containing the copy I actually worked on, and just merging back and forth as necessary.

I can only speak from my own experience. I've been using Perforce for far too long. I don't wanna migrate to anything else cuz it's a pain in the ass and I'll likely lose all the prior versions of my stuff if I resubmit to a new system. There's supposedly conversion tools for Perforce to around, but I'm wary. I stick to my known quantity. It's still old school 'checkout-and-edit.' Which is good in my book, cuz damn as I get older, I have trouble keeping track of what I was working on. Knowing what I have checked out is a pretty good indicator of what I need to be looking at.

I suppose my original post in my own experience, and from the people I've met in my life, most folks my age dislike learning new systems, so I guestimated most people think like I do, and those I've been in contact with.

Re: Linus on Grsecurity

To me it's telling that these patch sets haven't managed to get merged into the mainline kernel, and they had _years_ to figure it out. That should tell us something about the quality of the code.

Locking it behind a copyright license is even more evidence it's snake oil. They took from the libre software community, built on it, and don't want to contribute back without being paid. That's how you know they don't give a shit about security; they'd rather have a paycheck instead.

If one doesn't want to write code for free, then they shouldn't get involved in libre software. Alternatively, they can sell themselves to a company and then do their bidding, corrupting libre software with the profit motive. See: PulseAudio, systemd, *kit, logind, FreeDesktop in general.

Re: Linus on Grsecurity

I really applaud Linus for his kernel. As far as DVCS's go, though, I wish that the other kernel developer to write one that month had met with more success. Mercurial is sure a sight easier to use that Git. Oh, how I wish Matt Mckall had had written it in C.

Re: Linus on Grsecurity

So, Linus shits on grsecurity and PaXTeam because they're asshats and he says their code sucks? Fine. The answer to that is to, you know, take the core idea of what grsecurity was after and implement that.

One problem is that it's not a single core idea, rather a cornucopia of different hardening techniques to prevent exploits from various different avenues. Many of them rely on each other and don't work by themselves. The other problem is that on the whole the mainline kernel devs are not security experts, as evidenced by cargo cult behaviour where they will attempt to implement a security feature without understanding the implications of what they're doing (nb from a security, not code, perspective), and leave themselves exposed as a result. Personally, as much as I would like to see some of those features get into mainline, I wouldn't trust the mainline devs to get them right alone.

So, unfortunately to get any of the features in sanely would probably involve close collaboration between grsec and mainline - can you imagine that ever happening? Me neither.

Instead, we're now how 16 years in to grsecurity as a separate patch set and a lot of the valid complaints are still there and as much as I would out that we don't want a lot of grsecurity-like ideas in the mainline kernel and grsecurity's patches don't prevent or mitigate a lot of security vulnerabilities, there's still a lot of good ideas that should have been put in the mainline kernel a long time ago.

The reason for me personally is that grsecurity patches do mitigate and prevent a whole lot of security vulnerabilities, especially the ones that waltz by idiot placebos like selinux. Unfortunately the amount of irrational hatred and vitriol flying around from the highest levels of both camps mean that I've given up hope of linux ever being as secure as even the windows kernel now. Due to the hell I'm having trying to support bug-riddled systemd in a sane fashion I'm thinking about moving over to BSD, Linux is done, killed by egos, stick a fork in it.

Re: Linus on Grsecurity

I doubt that you hurt anyone's feelings.
You may have made some people sad about the juvenile level of discourse here, though.

Re: Linus on Grsecurity

(sounds of hole digging intensifies)

Re: Linus on Grsecurity

You're under the delusion that they have ever tried to, that is not the case. A lot of people are confusing criticisms about the awful security of the kernel with a desire to get a patch accepted. It's always been third parties that have tried to get grsecurity features in, and have been shot down by both sides for one reason or another; the mainline is the poor relation in this scenario.

Re: Linus on Grsecurity

Hmm, no. There is no way I am going back to CVS. I got used to git, and it stays well enough out of the way (i.e. it is fast and does what I need), so I never had much reason to use Mercurial. Between CVS and git, I used SVN, arch, tla, and darcs.

I dislike SVN heavily, and nothing outside of a lot of pay can get me to interact with either CVS or arch/tla.

OTOH, I can still tolerate RCS for single-file VCS (e.g. a stand-alone document), go figure...

Re:Good example of why to avoid the GPL.

"Linux is worse than cancer"

    -- Steve Ballmer

Getting a second opinion?

[Gravis+Zero]

What does Bruce Brackets have to say about all this? ;)

Re:Getting a second opinion?

[_merlin]

That would be Bruce Breckets

you're after.

Re: Getting a second opinion?

What is this, some kind of Cave Story?

The GPL is asinine

It's one thing to require that modifications to source code remain open source. I think it's onerous, but at least it's not infecting anything it links to. However, the GPL require that any derivative works that make use of any GPL code be released under the GPL if they're distributed at all. This means that merely linking your own original code with GPL code (that remains open source) and distributing it requires that you also release your own original code under the GPL. This is an asinine restriction on freedom, and precisely why the GPL is evil. If you actually care about freedom, require that the original code and direct modifications to it remain open source, but let linked code be released under any license. That's a completely reasonable compromise, but the asinine GPL doesn't allow for it.

Re:The GPL is asinine

[Eravnrekaree]

I completely disagree. Situations like Grsecurity make me glad it is written the way it is.

Re: The GPL is asinine

Why, so you can take other people's hard work like Grsecurity and force them to release their code publicly, just because it happens to link to GPL code? That's not freedom, but finding a sneaky way to steal other people's code. Freedom my ass.

Re: The GPL is asinine

[110010001000]

How is it sneaky? The GPL is open and readable. Poor Grsecurity guy: you are going to lose.

Re:The GPL is asinine

[segedunum]

This means that merely linking your own original code with GPL code (that remains open source) and distributing it requires that you also release your own original code under the GPL.

No it doesn't. Nvidia do this with their binary kernel module and have done for a very long time. The deciding factor is distribution.

Re: The GPL is asinine

And what if it doesn't just "happen to" link to that GPL code, but actually does so because it is a derivative work? It seems that in that case, Grsecurity are the ones taking somebody's work. They should actually do their own work, write their own kernel, and offer it to the world under their preferred license. The problem wouldn't even exist if Grsecurity did their own work instead of stealing somebody else's.

Re:The GPL is asinine

It's one thing to require that modifications to source code remain open source. I think it's onerous, but at least it's not infecting anything it links to. However, the GPL require that any derivative works that make use of any GPL code be released under the GPL if they're distributed at all. This means that merely linking your own original code with GPL code (that remains open source) and distributing it requires that you also release your own original code under the GPL. This is an asinine restriction on freedom, and precisely why the GPL is evil. If you actually care about freedom, require that the original code and direct modifications to it remain open source, but let linked code be released under any license. That's a completely reasonable compromise, but the asinine GPL doesn't allow for it.

GPL does exactly what it is designed to do: it gives freedom to its users by preventing evil companies to use unscrupulous methods against the people.

For example, if GPL did not exist and Linux was where it is today but it had a BSD license, Microsoft could use their same old monopolistic technique of "embrance, extend, extinguish" and:
1) start selling their own "Linux" solution
2) modify the kernel to add extra features so companies adopt it and becomes very popular
3) introduce "proprietary" extensions (that are copyrighted and licensed under proprietary license) that make it incompatible with the original kernel but all new apps require it
4) charge everyone increasing prices for same old thing because users are now locked into single solution
5) spy on users and sell their private information for additional profit

See here: https://en.wikipedia.org/wiki/Embrace%2C_extend_and_extinguish

The point is, GPL is good for the people (i.e. end users).

The only people that think GPL is bad are:
1) Companies that want to screw everyone to make a profit (think SCO).
2) People that are fanboys of windows/apple/whatever
3) People that don't know any better

Re: The GPL is asinine

If it wasnt for "other peoples code" being free, they wouldnt have anything to patch. I cant tell if youre trolling or if youre really that stupid.

Re: The GPL is asinine

[segedunum]

Why, so you can take other people's hard work like Grsecurity and force them to release their code publicly....

Errrrr, they've taken an entire fucking kernel that they didn't write to peddle their snakoil.

Re:The GPL is asinine

[epyT-R]

There's a subset of symbols that nongpl kernel modules are allowed to link to.

Re: The GPL is asinine

Lose what? Grsecurity isn't going after any of their customes who releases their patches as that would violate the GPL. What they are doing, and what other companies like Red Hat used to do, is contractually ceasing doing business with customers who release grsecurity's patches to the public. That is not restricting distribution per the GPL no matter what PR smear-meisters-for-hire-argue. Grsecurity has embarrassed Linus and the other corporate kernel monkeys for years now due to their lackadaisical approach to kernel security, and its time for some payback.

Re: The GPL is asinine

Linking code to a library does not require you release your own code as GPL.

Re: The GPL is asinine

Yes it does. However most open libraries ate LGPL which allows linking.

Re: The GPL is asinine

You sound bitter. How big an idiot were you made to look? Come on, I want all the juicy details!

Re: The GPL is asinine

[jeremyp]

It doesn't link to GPL code, it is a patch. That means it is a modification of GPL code.

Re:The GPL is asinine

However, the GPL require that any derivative works that make use of any GPL code be released under the GPL if they're distributed at all. This means that merely linking your own original code with GPL code (that remains open source) and distributing it requires that you also release your own original code under the GPL.

YOU are the person who is saying that "merely linking your original code with the GPL code" causes your code to be a derivative work. The GPL's authors think you're right. But not everyone does, and I'm pretty sure that most copyright lawyers and judges would disagree as well.

What's funny is that you are blaming the GPL's authors for your opinion.

What you ought to do, is think about whether or not linking things causes one of them to retroactively become a derivative work. If you come to the same conclusion that many of us do, you will realize that the GPL is irrelevant, because your code is not a derivative work and therefore the GPL's terms don't apply. And since the GPL is irrelevant, it lacks the capacity to be particularly offensive, and definitely never will "infect" other software.

Re: The GPL is asinine

Note: Yes IAAL, and Yes we know you as a lay-person programmer know more about the law than "useless" lawyers and law technicians so you don't have to restate your in-born greatness, please.

From GRSecurity's "Stable Patch Agreement":

"Notwithstanding these rights and obligations, the User acknowledges that redistribution of the provided stable patches or changelogs outside of the explicit obligations under the GPL to User's customers will result in termination of access to future updates of grsecurity stable patches and changelogs."

IE: If you choose to redistribute, other than in the case of a demand made by a user, retaliation will occur.

That is an additional term, between GRSecurity and the distributee, adding a restriction, end of story. This is forbidden by the license terms underwhich GRSecurity had the privilege to modify the kernel, create derivative works, and distribute derivative works, etc.

I say had, because once a license term is violated, the terms of the license distributed by the linux-rightsholders governing the use of their property states that the license is revoked upon violation of a term.

You have to understand that the linux-kernel, even if it is sitting on your harddrive, is the property of the linux-kernel rights-holders. Not GRSecurity, etc.

It's like a piece of land (Copyright is alienable in the same way that real property is). I may allow you to walk over my land, and I may rescind that license at any time. I may also post rules that you must obey when walking over my land which, if you violate, I may set terms that your license to walk over my land be revoked.

One of these rules is that you do not offer terms adding additional restrictions to derived works. GRSecurity has offered such terms. The moment they did so they violated the terms of the license grant.

Re: The GPL is asinine

Note: Yes IAAL, and Yes we know you as a lay-person programmer know more about the law than "useless" lawyers and law technicians so you don't have to restate your in-born greatness, please.

You're arguing from authority, which is a logical fallacy. It usually indicates you don't have a valid argument.

Seems you're more interested in feeling superior than in the actual merits of your argument. I find it hard to believe anyone so childish could make it through law school (ad hom FTW!).

Re: The GPL is asinine

That is an additional term, between GRSecurity and the distributee, adding a restriction, end of story.

What is the restriction, specifically? That is, what may you not do that GPL normally allows you to do?

Don't say you can't distribute, because clearly you still can.

Re: The GPL is asinine

>You're arguing from authority, which is a logical fallacy. It usually indicates you don't have a valid argument.

I have explained at length the legal issues here (see "quick rundown" etc) over and over. It is not my fault that you do not understand.

>Seems you're more interested in feeling superior than in the actual merits of your argument. I find it hard to believe anyone so childish could make it through law school (ad hom FTW!).

I'm a licensed attorney. Would you like to continue libeling me?

Re: The GPL is asinine

> by Anonymous Coward on Wednesday July 12, 2017 @08:24AM (#54792665)

The act of proffering additional restrictive terms is a violation of the license grant in and of itself.

"Notwithstanding these rights and obligations, the User acknowledges that redistribution of the provided stable patches or changelogs outside of the explicit obligations under the GPL to User's customers will result in termination of access to future updates of grsecurity stable patches and changelogs."

(IE: If you choose to redistribute, other than in the case of a demand made by a user, retaliation will occur.)

If you do not understand this, there is nothing I can do for you.
Contracts 101 can help so you can understand what a "term" is and that it can be written, verbal, or implicit; aswell as Real Property to learn about how licensing works. Copyright Jurisprudence draws from both.

Re: The GPL is asinine

I'm a licensed attorney. Would you like to continue libeling me?

Saying I find it hard to believe you're really a lawyer is not libel. If you are, you suck at interpreting law.

Re: The GPL is asinine

It's probably all those 7 and 10 year old root compromises that made it to the WaPo that grsec prevented by default. Big business tends not to look too kindly on that kind of skirtlift, hence grsec are now corporate enemy #1 and we get FUD FUD FUD.

Re: The GPL is asinine

Except that, as many have pointed out, it's not a new license term. It's a term of an agreement that makes reference to the license. They are not saying you can't get a license unless you agree to their terms; they're saying you can't get support and updates.

I think it's dirty pool and against the spirit of the GPL, but I can't see how it's against the letter of the GPL.

Re: The GPL is asinine

"Saying I find it hard to believe you're really a lawyer is not libel. If you are, you suck at interpreting law."

Because you, as a lay person, really know what you're talking about, correct? You just _KNOW_ that you know. You got that gut feeling.

Re: The GPL is asinine

>Except that, as many have pointed out, it's not a new license term. It's a term of an agreement that makes reference to the license. They are not saying you can't get a license unless you agree to their terms; they're saying you can't get support and updates.

The terms of the license govern what agreements you may make between yourself and other parties. It is not solely governing what "the license" (that you publish to the other parties) says.

Section 6 states simply
"You may not impose any further restrictions on the recipients' exercise of the rights granted herein."

Clear as day. What you lay people do not seem to understand is that the terms here are governing what agreements and actions the distributee can take regarding furthur distributees, in reality, in the flesh.

Here the ACTIONS of GRSecurity are to RESTRICT the exercise of the redistribution rights of the further distributee.

This is an action prohibited by the terms offered by the linux-rights holders, and they have written as another term that the permission they give to use their property is revoked upon violation of their terms.

Very simple.

The linux-rights holders could have written "those who eat grapes on a monday have their license revoked at the moment grape is consumed". Linux is their property and they may alienate it as they desire in the same way they may alienate their real and personal property.

Under your theory no revocation would take place unless GRSecurity physically prevented further distributees from redistributing by putting a gun to their heads if they dared attempt so. Clearly that is not how things work. GRSecurity proffered terms designed to restrict one from redistributing the derivative work, terms which have been successful in-fact. A clear violation of section 6.

Very simple.

And yes, IAAL.

>as many have pointed out,
Many lay people, like yourself, who are not studied in the law and are completely ignorant of it's workings, seeing only the surface edifices, yet, in hubris, insist that their opinion on any matter regarding legal outcomes is worth the equivalent value of even one speck of infertile earth.

You do NOT know what you are talking about. Neither do your Programmer friends.

Re: The GPL is asinine

Section 6 states simply
"You may not impose any further restrictions on the recipients' exercise of the rights granted herein."

And none are imposed. However, you are given the option to agree to them. Clear as day.

Re: The GPL is asinine

Section 6 states simply
"You may not impose any further restrictions on the recipients' exercise of the rights granted herein."

From GRSecurity's "Stable Patch Agreement":

"Notwithstanding these rights and obligations, the User acknowledges that redistribution of the provided stable patches or changelogs outside of the explicit obligations under the GPL to User's customers will result in termination of access to future updates of grsecurity stable patches and changelogs."

Clear as day. What you lay people do not seem to understand is that the terms here are governing what agreements and actions the distributee can take regarding furthur distributees, in reality, in the flesh.

Here the ACTIONS of GRSecurity are to RESTRICT the exercise of the redistribution rights of the further distributee.

This is an action prohibited by the terms offered by the linux-rights holders, and they have written as another term that the permission they give to use their property is revoked upon violation of their terms.

Very simple.

>And none are imposed. However, you are given the option to agree to them. Clear as day.

The proffering of the additional restrictive terms is in and of itself a violation of section 2. You are holding the clients to an additional restriction and enforcing this restriction via a threat to suspend business relationships.

YES YOU HAVE IMPOSED AN ADDITIONAL RESTRICTION
(you ____FUCKING____ retard).

Re: The GPL is asinine

https://boards.4chan.org/pol/thread/133715593/suddenly-bruce-perens-doesnt-want-to-talk-to-me

Re:Good example of why to avoid the GPL.

Indeed, only real freedom gives me the right to take away somebody else's rights.

Electric Fence

My favorite Bruce Perens software is Electric Fence. He wrote that in the early days of Linux, originally writing it for SunOS and then porting it to Linux back at the beginning. Bruce knows his shit since way before Linux was even a gleam in Torvalds's eye. Thanks Bruce!

Re:Electric Fence

DUMA appears to be its current incarnation. Still more portable than valgrind, which has replaced it in most modern, fast-enough systems.

Re: Good example of why to avoid the GPL.

Yup, Microsoft gets bashed for their EULAs while the open source EULA, the GPL, is even more onerous and restrictive. I hope the viral provision is tested in court and ruled to be illegal. It's freedom as in you're free to do exactly what we tell you to do but nothing else. Freedom my ass.

Re:Good example of why to avoid the GPL.

"Lick my rectum"

    -- Richard Simmons

Re:Good example of why to avoid the GPL.

[epyT-R]

Unless of course the goal is to keep the software open/modifiable by all while disallowing poaching by closed source developers. This frees the project from parasitic closed developers. They'll have to write their own code if they want to keep it closed.

Re: Good example of why to avoid the GPL.

The original Linux kernel was released over 25 years ago. If copyrights had their original terms, as many here would want, parts of the Linux kernel would no longer be copyrighted, but actually in the public domain. That means the GPL could not apply, due to the lack of copyright protection. The open source community should stop being hypocrites and release GPL code into the public domain after 20 years, as many of their users call for authors of other works to do. Add a clause to the GPL indicating that anything licensed under the GPL will enter the public domain after 20 years, and perhaps I won't complain about the GPL being ridiculous onerous and asinine.

sounds about right

[spongman]

i usually fall into the "GPL is less free than BSD" camp, but in this case I agree fully with Perens. the Linux kernel is GPL, everyone who works on it agrees accepts that. if you don't like the GPL or the conditions it places on you, or how you (and others) can distribute your code - then go the fuck somewhere else.

Re:sounds about right

What a marvelous way to stop innovation in it's tracks. Forcing the same license requirements on actual changes to the kernel versus imposing the same license restriction on any downstream externally linked code is not going to attract many competent developers or those who specifically employee developers who can extend and enhance the functionality running against the kernel.

It seems the only ones who are allowed to reap any monetary rewards from the Linux ecosystem are the GPL cheerleaders collecting their consultant fees for their efforts in spreading the Open Source gospel. And who really cares what Linus thinks? The man seems to have graduated with honors from the Donald Trump public speaking University. The man basically ported the Unix kernel to the x86 architecture. He wasn't even the first person to try before Windows swept them to the curb in the early years of the PC. So while his achievement is impressive he did change water into wine. And he also belongs to the club of people who make a substantial amount of coin while simultaneously telling those lower in the food chain that they need to donate their work for the public good and if they want to make an actual living they should remain in the Republic of the Anonymous Cubicle and take solace in their monkey coding endeavors.

Re:sounds about right

[GerryGilmore]

Wait a danged minute here! How can a core kernel change be considered "externally linked code"? If it truly just links, there's no GPL issue. Methinks you've stretched too far trying to make your point and fell off the logic cliff.

Re:sounds about right

[segedunum]

On the contrary, a huge amount of innovation and development has happened with Linux because everyone knows where they stand. Take a look at the 'open source' competitors to Linux. They are nowhere to be seen.

Re:sounds about right

[Bruce+Perens]

Forcing the same license requirements on actual changes to the kernel versus imposing the same license restriction on any downstream externally linked code is not going to attract many competent developers or those who specifically employee developers who can extend and enhance the functionality running against the kernel.

Whoa! Aren't you talking about the most successful strategy for developing a kernel ever? There seem to be no shortage of developers of high competence working on the Linux kernel, including those supported by companies. Hey, we even got Microsoft to do it after their earlier and widely publicized GPL paranoia.

I seriously doubt any kernel team, no matter the budget, can come close to what has been done with Linux.

Re:sounds about right

[UnknowingFool]

What a marvelous way to stop innovation in it's tracks.

[sarcasm]How dare people who draw up a contract expect you to abide by the contract when you agree to it. How dare they, sir![/sarcasm]

Forcing the same license requirements on actual changes to the kernel versus imposing the same license restriction on any downstream externally linked code is not going to attract many competent developers or those who specifically employee developers who can extend and enhance the functionality running against the kernel.

Er what? The patches that grsecurity are to the kernel which they are bundling with their code and then enforce new conditions on the kernel.

It seems the only ones who are allowed to reap any monetary rewards from the Linux ecosystem are the GPL cheerleaders collecting their consultant fees for their efforts in spreading the Open Source gospel. And who really cares what Linus thinks? The man seems to have graduated with honors from the Donald Trump public speaking University.

Ad hominem attack. Who cares what the maintainer/developer of Linux says about Linux? Are you daft?

The man basically ported the Unix kernel to the x86 architecture.

Um, you don't know the history of Linux or Unix do you? By port, you mean "write from scratch?" If you knew anything about the history of either you'd know why that statement is woefully ignorant.

He wasn't even the first person to try before Windows swept them to the curb in the early years of the PC.

No one claims he was the first any more than anyone claims that Windows was the first GUI. At least anyone who knows the history of computing.

So while his achievement is impressive he did change water into wine. And he also belongs to the club of people who make a substantial amount of coin while simultaneously telling those lower in the food chain that they need to donate their work for the public good and if they want to make an actual living they should remain in the Republic of the Anonymous Cubicle and take solace in their monkey coding endeavors.

I'm sorry but did I miss the edict from Lord Linus about donating my time and programming skills to the public good, Comrade? I seem to think that any donation I made to Linux was of my own free will and that I wasn't chained to a computer slaving away at code for years while being shocked periodically.

Re:sounds about right

If you believe that 28 years is "no time" and over 10000 people are "not many", you should probably actually say that somewhere before using your personally redefined words.

Otherwise people will just claim, rightfully so, that you don't know what you are talking about.
They may even accuse you of spreading lies, since no intelligent person would assume your strange definitions of those words.

Re:sounds about right

What a marvelous way to stop greed in it's tracks.

FTFY.

Re:sounds about right

[epyT-R]

by 'innovation', you mean whatever snakeoil your company wants to sell using the work of others? You do know that the kernel license doesn't apply to userspace, right? Userspace libs and executables have their own licenses (GPL or otherwise).

If you think linux is a 'unix kernel' then you are seriously misinformed. It's a unix work-a-like.

Re:sounds about right

While I don't condone grsecurity's behavior here, there's nothing violating the license going on here. The GPL does not require that the vendor provides support or updates, and grsecurity is not breaking the rules by making support and updates conditional on nonredistribution. It's a SLEAZY move, for sure, but if a customer were to redistribute the patches they received, grsecurity would have no recourse to do anything more than stop giving that customer future updates -- they did, by virtue of the GPL, grant the customer the legal right to redistribute the source code. (grsecurity would probably then refuse to do business with anyone who uses a thus-distributed version of their patchset, but that's their right.)

Re:sounds about right

The LGPL is the one that allows linking, not the GPL.

Re:sounds about right

i usually fall into the "GPL is less free than BSD" camp

Most people who fall into this camp consider their personal freedom. They are free to close source their (or someone else's) code at any time. That was Apple's choice, and they had the legal right to do so. The GPL therefore creates a restriction that the BSD does not.

Most people who fall into the "BSD is less free than GPL" camp are considering the freedom of the software itself. If I purchase a $15,000 sintering printer that uses Linux as an OS, there is a guarantee that the software will remain free. When the company goes out of business, the software is still available to be maintained, patched, and updated (this actually happened at work). The product does not die with the company and become abandonware.

Re:sounds about right

When did the GPL have anything to do with innovation? Talk about moving goal posts... The sole purpose of the GPL is to give developers a license that explicitly gives the users the four core freedoms.

Innovation is completely orthogonal to that aim.

Speaking of innovation, when's the last time Linux got anything from "the new guard" that was innovative? systemd is a ripoff of launchd/smf, PulseAudio is designed much like Windows and Mac audio stacks... containers are a poor man's VM, with the same (or worse) security pitfalls. FreeDesktop hasn't brought a shred of innovation to Linux. Who has? I'll wait.

Libre software is about writing software that doesn't control the user. Everything else is a bonus.

Re:sounds about right

>While I don't condone grsecurity's behavior here, there's nothing violating the license going on here.

Yes there is. You are not a lawyer. I am.

They are blatantly violating the no-additional-restrictive-terms clause.
Blatantly. In writing.

Stay in your lane, lay-person.

Re: sounds about right

Oh no, an internet lawyer! "I am a lawyer, therefore I am right" is a hilarious legal theory that I'd love to see a real lawyer try in court.

Re:Good example of why to avoid the GPL.

""In order to be free must must do exactly as say, only as I say, and nothing else."

    -- L. Ron Hubbard

And more, happens all too often

https://trac.ffmpeg.org/query?...

read about them.

Re:Good example of why to avoid the GPL.

[Dogtanian]

Clippy says, "It appears you're starting yet another GPL vs. BSD holy war discussion. Would You Like Help?"

* Yes, please link to one of the approximately 17,000 near-identical discussions of this nature we've already had on Slashdot over the years.

* No, I'd rather pointlessly go through the exact same longwinded to-ing and fro-ing and restatements of the same old facts purely to indulge my personal need, despite the fact I know the chances of any new insight coming out of the billionth tedious discussion of this long-established subject is next to nothing, despite the fact that those on both sides feel the need to repeat the same entrenched positions- which mostly come down to personal philosophy and not an incomplete understanding of the issues (which everyone knows full well by now) and will therefore be unlikely to change in the face of the discussion (not that this was the point anyway).

(Joking aside, I'm pretty sure the OP knows all this and is intentionally trolling; I'm also pretty sure the replying AC above isn't, which IMHO makes it worse).

Not really a new restriction

There are lots of situations where we violate the terms of GPL if we were to distribute the Linux kernel. The trick has always been to not distribute the kernel in that situation. For example, you don't find too many distros that ship with NVIDIA's proprietary drivers because there was always the question that it would be a GPL violation to do so (yes), but we still have the drivers and the end-user can install them herself if she chooses.

Re:Not really a new restriction

>NVIDIA's proprietary drivers

NVIDIA's proprietary plugin also plugs-in to the windows driver etc, so it is a standalone work that can be used with windows, linux, etc.

GRSecurity's patch snakes through the whole kernel, it is not a stand-alone work and cannot be used as such.

Basic Stuff.

Learn the law. It's not that hard.
Oh sorry, White Men who are Programmers automatically know everything since birth.

Re:Not really a new restriction

NVIDIA's proprietary plugin also plugs-in to the windows driver etc, so it is a standalone work that can be used with windows, linux, etc.

That NVIDIA's driver is stand alone is not relevant in terms of GPL. It only indicates that NVIDIA's drivers are not a derived work and therefor can hold their own copyright status. NVIDIA's drivers can be distributed separately from the Linux kernel, but you would still violate the Linux copyright by distributing it with NVIDIA's driver linked to it. Things become a gray area with GPL when it comes to dynamic linking, but there are some precedents and public announcements from Linux copyright holders (including Linus) that leave NVIDIA in the clear as long as they continue to handle their drivers in the current way. Which is to use a separate installer that is not included with the distribution media or pre-installed on a machine. Forcing the end-user to click something to effectively say "yes - install these modifications to my own system" takes distribution and reproduction out of the picture for NVIDIA and the distros and places it on the end-user who doesn't care.

I am wondering if you have a legal background yourself, or if this is arm-chair bullshit you do for fun? Because it costs me real money if I get this stuff wrong.

Community

[bill_mcgonigle]

Look, I don't give a shit about violating copyright for the sake of violating copyright. The companies that are all-take-and-no-give, like cheap router manufacturers, that cause the community danger with their unpatched crap - the community tolerates the lawsuits against them.

But if Bruce or Eric decide to sue Debian or Canonical (or whomever) for shipping GRSecurity with the kernel, I'll watch while the community turns on them like a pack of fucking wolves and their reputation takes a perpetual hit.

It's bad enough people playing lawyer with the CDDL vs. GPL nonsense with ZFS - these licenses are intended to help the community, not harm it. People who get lost in the weeds of licenses instead of figuring out how to make the community better are our version of bureaucrats and frankly many of us don't have much use for them.

Any form of legal system that harms its society is immoral and ought to be, and will be, dismantled.

Re:Community

[Bruce+Perens]

But if Bruce or Eric decide to sue Debian or Canonical (or whomever) for shipping GRSecurity with the kernel, I'll watch while the community turns on them like a pack of &@#$ wolves and their reputation takes a perpetual hit.

Bill,

Debian would have the previous version before this licensing problem came up.

I am not the plaintiff in any theoretical case, and in any case am not interested in suing Debian. That's not me. But this should be a wake-up call to Debian.

Regarding CDDL vs. GPL, Sun quite deliberately applied that license and refused to dual-license. One would imagine they had Linux in mind when that decision was made. Oracle continues that. It doesn't seem that anyone on the Linux side started that fight. And given the decision in Oracle v. Google that copyright can pass across APIs, at Oracle's behest, it does not seem to me that CDDL-GPL combinations are legally safe even if you dynamically link.

Re:Community

Regarding CDDL vs. GPL, Sun quite deliberately applied that license and refused to dual-license. One would imagine they had Linux in mind when that decision was made. Oracle continues that. It doesn't seem that anyone on the Linux side started that fight. And given the decision in Oracle v. Google that copyright can pass across APIs, at Oracle's behest, it does not seem to me that CDDL-GPL combinations are legally safe even if you dynamically link.

The truth is .. no one is suing: Oracle cannot sue because the CDDL is not being violated. Linus is not suing b cause this is a gray area and there is nothing to gain from a legal suit.

CDDL+GPL is pretty safe in that the compensation either camp could claim is making the source code available which is something that always happens. This is not about license, it is about political control: by merging non-GPL software in the kernel you start losing control over the license.

Re:Community

the CDDL vs. GPL nonsense with ZFS - these licenses are intended to help the community, not harm it.

Are you sure they're both intended to do that?

Please Read The Entire Statement

[Bruce+Perens]

You should read the entire statement, because there are things missing from the quote above that are important. The most important part is the legal theory:

By operating under their policy of terminating customer relations upon distribution of their GPL-licensed software, Open Source Security Inc., the owner of Grsecurity, creates an expectation that the customer's business will be damaged by losing access to support and later versions of the product, if that customer exercises their re-distribution right under the GPL license. This is tantamount to the addition of a term to the GPL prohibiting distribution or creating a penalty for distribution. GPL section 6 specifically prohibits any addition of terms. Thus, the GPL license, which allows Grsecurity to create its derivative work of the Linux kernel, terminates, and the copyright of the Linux Kernel is infringed. The contract from the Linux kernel developers to both Grsecurity and the customer which is inherent in the GPL is breached.

Also, this is important to keep me in compliance with the law:

I am an intellectual property and technology specialist who advises attorneys, not an attorney. This is my opinion and is offered as advice to your attorney. Please show this to him or her. Under the law of most states, your attorney who is contracted to you is the only party who can provide you with legal advice.

It's important to consider the goals of the GPL. You get great Free Software, but it's not a gift. It is sharing with rules that must be followed. You are required to keep it Free. And one of the implied purposes of the GPL is to cause more great Free Software to be made. This means that derivative works that are not shared really go against the purpose as well as the wording of the GPL.

Re: Please Read The Entire Statement

>forcing it to also be released under the GPL because it links to GPL software. Freedom my ass.

It is freedom, of the highest order. You are free NOT to do that as well as to do it.

It isn't stealing, in any respect. You don't have to modify GPL code - you can write your own from scratch and do with it as you please.

Re:Please Read The Entire Statement

[Teun]

It's important to consider the goals of the GPL. You get great Free Software, but it's not a gift. It is sharing with rules that must be followed. You are required to keep it Free. And one of the implied purposes of the GPL is to cause more great Free Software to be made. This means that derivative works that are not shared really go against the purpose as well as the wording of the GPL.

Amen, it's especially through the GPL that future developers are enabled to stand on the shoulders of the present.
Nothing gets lost, we all win.

Re: Please Read The Entire Statement

[110010001000]

Even if that were true, the GPL is open and free to read. You should have read it before you created Grsecurity.

Re: Please Read The Entire Statement

Happens to link to? What kind of ide is this?
If you write kernel patches for a kernel under GPL it does not link to this GPL bound code by chance. It's by design, and unless they're utterly stupid they've known this from day 1.

Re:Please Read The Entire Statement

Well, except for grsecurity, and its users...

Re:Please Read The Entire Statement

[Bruce+Perens]

They don't want to play well with others. They should base on BSD or make their own kernel. No legal issues if they did that.

Re:Please Read The Entire Statement

[Kjella]

To me this smells like a blurb written to create a PR stink even though it has no legal substance. Nobody has the right to future business, I can say stuff like "If you start selling real fur products I'll boycott your store" and it would be "tantamount to the addition of a term" for our business relationship but legally it doesn't exist. You're not obliged to listen, I'm not obliged to come back. That loss of business might be seen as a "penalty" but it's the flip side of voting with my wallet. I don't see that it's any different for suppliers, vendors and subcontractors - they don't have to do any more business than what's already agreed on. Any other interpretation would require Grsecurity to be forced to serve customers they don't want to, which is to read waaaaaay too much into the GPL.

Re:Please Read The Entire Statement

Well, except for grsecurity, and its users...

grsecurity had every possible opportunity to accept the licensing terms offered to them.
They choose not to.

By not accepting the license granting them permissions, then normal copyright law applies, which makes such an action a crime.
If you don't like the limitations copyright laws impose on us all, then you should be complaining to your government about it. It isn't us that wrote those laws.

So yes, everyone except for grsecurity who choose on their own to be excluded.

As for their users, are you suggesting any of their users have not accepted the license offered to them? I am not aware of that being the case.

But if that was the case, then yes, any of their users that choose not to accept the license will not have to accept the license, and no one will force any of the gains upon them that the license grants.

Re:Please Read The Entire Statement

[Bruce+Perens]

It's the time sequence that is important in proving a legal theory of this sort. The customer has been warned before the act of distribution that their business would be damaged as a consequence of distribution. If they just coincidentally fired a customer without warning them first, it would be much harder to make a case.

Re: Please Read The Entire Statement

[guruevi]

Not really. If you have entered into a contract with a company that buy your products you cannot after the fact add terms such as those about your customer using real fur.

It is similar to what happens here, the company has entered into a contract with Linux (the real fur) and GRsecurity has entered into the same contract but now GRsecurity is saying you can't execute your contract with Linux and they won't either even though you have the contract with them that explicitly says otherwise.

GRSecurity cannot patch the kernel and sell their product, regardless how crappy it is without breaking their contract with Linux and/or violating the contract their customers have with Linux.

Re:Please Read The Entire Statement

[DRJlaw]

It's important to consider the goals of the GPL. You get great Free Software, but it's not a gift. It is sharing with rules that must be followed. You are required to keep it Free. And one of the implied purposes of the GPL is to cause more great Free Software to be made. This means that derivative works that are not shared really go against the purpose as well as the wording of the GPL.

Yes, and you don't get to change the rules either, Bruce.

What they're doing is not "tantamount to the addition of a term to the GPL prohibiting distribution or creating a penalty for distribution." The person to whom the code is distributed (for sake of argument, "you") remains free to distribute that code to anyone, and that anyone remains free to distribute the code to anyone else.

What they're doing is refusing to distribute a future version of the code to you -- which the GPL permits (e.g., limited availability). If they distribute the code under section 3a, they have no obligation to distribute the code to any other party, i.e., they cannot be compelled to distribute updated versions of the code to you.

Their only obligation to distribute a future version of the code to anyone in particular would arise under a support contract. But the GPL does not require that support even be provided, much less govern support contracts. If they want to condition further support upon non-disclosure of the code, they could do it stupidly -- by having long term support contracts, lump sum fees, and a termination provision (courts dislike forfeiture-like penalties) -- or wisely -- by having month to month terms, monthly fees, and simply refusing to renew at the end of the term. There's no mechanism, whether in copyright or contract, to force them to continue to accommodate a customer that they do not want to deal with after they've complied with GPLv2 section 3a and any support contract's current term has expired.

If they've done this wisely, they're within the letter of the license and this is another instance, like Tivoization, where the free software community is simply going to have to learn to adapt.

This means that derivative works that are not shared really go against the purpose as well as the wording of the GPL.

You haven't convinced me that this goes against the wording of the GPL. As to the purpose, since you've succeeded in having the GPL held to form a contract, you'll have to take the "four corners" doctrine, construction against the draftsperson, and all the rest of contract law along for the ride as well. Once a party can show literal compliance with a contract's terms, attempts to add "tantamount" obligations or argue "tantamount" violations become extremely difficult. In the end, both sides have to follow the rules of the document.

Re:Please Read The Entire Statement

[Megol]

The FSF have no trademark on the word free and the definition of free isn't done by the FSF. Stop pretending and act like an adult.

Re:Please Read The Entire Statement

[Megol]

It isn't true and GPL software generally isn't where one learn nor where innovations come from. But a true believer will continue to believe...

Re:Please Read The Entire Statement

[DRJlaw]

Bruce,

Your blog post states that "the contract from the Linux kernel developers to both Grsecurity and the customer which is inherent in the GPL is breached."

This is quite concerning. Please explain how you believe that the contract from the Linux kernel developers to the customer has been breached. What violation has the customer committed? More specifically, since the GPLv2 sec. 6 specifies that "[e]ach time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions," how do you contend that the customer is "subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity?" If the customer doesn't redistribute code to a third party, axiomatically they cannot be in breach of anything. I remind you that according to GPLv2 sec. 0, "Activities other than copying, distribution and modification are not covered by this License; they are outside its scope," and that only distribution, not modification alone, triggers secs. 2(b) and 3.

I think that you owe those customers something better than vague threats and an invitation to spend capital contacting their attorney.

Re:Please Read The Entire Statement

[Megol]

You linked blog post is as of now just an example of FUD. If you have evidence post it. Otherwise you are just throwing FUD in order to hurt grsecurity.

(To the large amount of idiots frequenting this site I don't give a flying f*** about grsecurity just honestly when presenting things like this)

Re:Please Read The Entire Statement

[Bruce+Perens]

A lot of people are not understanding the the importance of the time sequence. Because of the actions of Open Source Security Inc. to date, the customer already knows that there is a threat to cause them business damage if they exercise their right to distribution, before they perform the act of distribution. That's an additional term.

You are treating this as if the consequences of distribution are the only relevant element, and as if they only happen after distribution. This is not the case.

Re:Please Read The Entire Statement

[Bruce+Perens]

Let's look at what the magistrate said:

Defendant contends that Plaintiff's reliance on the unsigned GNU GPL fails to plausibly demonstrate mutual assent, that is, the existence of a contract. Not so. The GNU GPL, which is attached to the complaint, provides that the Ghostscript user agrees to its terms if the user does not obtain a commercial license. Plaintiff alleges that Defendant used Ghostscript, did not obtain a commercial license, and represented publicly that its use of Ghostscript was licensed under the GNL GPU. These allegations sufficiently plead the existence of a contract. See, e.g., MedioStream, Inc. v. Microsoft Corp., 749 F. Supp. 2d 507, 519 (E.D. Tex. 2010) (concluding that the software owner had adequately pled a claim for breach of a shrink-wrap license).

You are misinterpreting the GPL when you say this:

If the customer doesn't redistribute code to a third party, axiomatically they cannot be in breach of anything.

The GPL is Open Source Security Inc.'s only permission to create and distribute a derivative work of the Linux kernel. I don't believe that anyone is denying that Grsecurity was created and distributed, and is derivative. The customer is obtaining and making use of an infringing derivative work. The status of the kernel is "All Rights Reserved" because the GPL has terminated, and that very clearly makes the customer a contributory infringer.

You are taking a very simplistic view of the GPL that doesn't fit what you appear to be representing with your user name. Did you actually sit for the Bar? I know there are a lot of people with a J.D. who don't ever practice, it's a personal choice, but I would have expected a bit more depth in interpretation.

Re:Please Read The Entire Statement

[DRJlaw]

You are taking a very simplistic view of the GPL that doesn't fit what you appear to be representing with your user name. Did you actually sit for the Bar?

Why yes, Bruce, I have, and am licensed in multiple states. I actively practice intellectual property law as well.

The customer is obtaining and making use of an infringing derivative work. The status of the kernel is "All Rights Reserved" because the GPL has terminated, and that very clearly makes the customer a contributory infringer.

The license granted to the customer certainly has not terminated. Section 6 grants the customer that license separate and apart from Grsecurity, and the GPL does not provide any grounds for terminating the customer's license, as opposed to Grsecurity's license. You should also reread the termination provision of GPLv2 sec. 4: "However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance."

In addition, your alleged infringer has granted the customer a license to the infringer's modification under the GPLv2, and nobody else has standing to assert that the customer is allegedly infringing that "infringing derivative work."

Your argument is that if the license to an upstream distrubtor has been terminated, the downstream users are unlicensed and become liable for e.g., copyright infringement and breach of contract. In my view that directly contradicts GPLv2 secs. 4 and 6, and also raises a great big "red flag" for people like my clients.

I suppose I'll simply have to refer your argument to Eben....

Re:Please Read The Entire Statement

[Bruce+Perens]

OK, if you're a real lawyer, I have no problem arguing law with you. I've won against folks who were admitted to the supreme court before.

The license granted to the customer certainly has not terminated.

The customer has that license for the kernel. They do not have that license for Grsecurity, because Grsecurity's license to the kernel terminated, and Grsecurity did not have the right to grant the GPL to the customer for an infringing derivative work. If Grsecurity was an independent work rather than derivative, it would have been different.

This belongs to a class of arguments I see very frequently, in which the defendant has not complied with the GPL but repeatedly offers the language of the GPL in their defense as if they get to cherry-pick the terms they like.

Sure, refer it to Eben. He's already been copied and has so far not chosen to differ. Richard chose not to be involved because he felt Grsecurity would not listen to him, and he has bigger fish to fry.

Re:Please Read The Entire Statement

[Kjella]

It's the time sequence that is important in proving a legal theory of this sort. The customer has been warned before the act of distribution that their business would be damaged as a consequence of distribution. If they just coincidentally fired a customer without warning them first, it would be much harder to make a case.

What theory? It doesn't matter if they tell you why up front, after the fact or not at all. Tortuous interference with business is when a third party sabotages a business relationship, a company's own choice to stop doing business with you is not damage under any theory of liability I've heard of. You might have expected future business and its absence may cause all kinds of problems, but basic freedom of association says they don't have to if they don't want to. That they're specifically not doing business with you because you exercised your rights under the GPL is to me a bit like using your free speech. It might be legal, but it's not free from consequences and I really doubt any court will try to prescribe that it should be.

Re:Please Read The Entire Statement

[DRJlaw]

The customer has that license for the kernel.

Which means that the original developers cannot properly sue the customers for infringement or breach of contract concerning use of the Linux kernel. Check. You've now admitted that there's no basis for liability absent a customer's own violation of the GPL.

They do not have that license for Grsecurity, because Grsecurity's license to the kernel terminated...

But the original developers do not own Grsecurity's modifications. In addition, the original developers cannot sue a user licensed to use the Linux kernel for using Grsecurity's modifications, since users are expressly licensed to modify the original developers' code themselves by the GPL (sec. 2)! Nor can Grsecurity sue any user for using Grsecurity's modifications, since Grsecurity either licensed the modifications to customers (and all users via the GPLv2) or it will be estopped from claiming infringement due to the purported license.

and Grsecurity did not have the right to grant the GPL to the customer for an infringing derivative work.

Wrong. Grsecurity use a GPL license for its own code whenever it chooses. Whether Grsecurity remains licensed to use the Linux kernel or not, both the Linux kernel and Grsecurity's modifications are GPL licensed - the first sentence of GPLv2 sec. 6 expressly says so. Termination of the kernel license to Grsecurity does not affect the rights of their customers, or any other users, per GPLv2 secs. 4 and 6.

If Grsecurity was an independent work rather than derivative, it would have been different.

Denied. You have not explained how Grsecurity cannot license its own modifications under the GPL, nor how anyone other than Grsecurity could sue users for using those modifications. You have admitted that customers and users are licensed to use the Linux kernel even if Grsecurity is not. You will have to admit that users can modify the Linux kernel if they so choose, even using non-GPLv2 modifications, so long as they do not publish or distribute the result (GPLv2 secs. 2 and 3).

To reiterate, the customer has been licensed by the original developers for the original kernel and by Grsecurity for the modifications. If the customers comply with the GPL by, e.g., not publishing or distributing the combination of licensed code, there is no ground to terminate the license from the original developers to the customers and thus no infringement or breach of contract by those customers.

This belongs to a class of arguments I see very frequently, in which the defendant has not complied with the GPL but repeatedly offers the language of the GPL in their defense as if they get to cherry-pick the terms they like.

This is the sort of sloppy reasoning that I see very frequently. You are attempting to treat Grsecurity and the customers as one and the same, when I have been asking specifically about the customers in this instance. You now concede that the customers are licensed, and you cannot identify anything that the customers themselves have done in breach of the licenses, yet you contend that the customers are potentially liable for "contributory infringement" and breach of contract.

The mere fact that you accuse customers of potential "contributory infringement" shows how wrong you are. A contributory infringer is "[o]ne who knowingly induces, causes or materially contributes to copyright infringement, by another but who has not committed or participated in the infringing acts him or herself, may be held liable as a contributory infringer if he or she had knowledge, or reason to know, of the infringement."

How does the customer induce, cause, or contribute to copyright infringement by another by merely using Grsecurity's product? For that matter, how does a customer breach the GPL merely by using Grsecurity's product?

I'm not cherry picking terms. Identify the specific term of the GPLv2 that the customer, not Grsecurity, has not complied with.

Re:Please Read The Entire Statement

They are adding terms to the GPL2 license, which the license explicitly says they can't do. If they are adding terms to the license then they are in breach of it, therefore no longer able to redistribute the code, therefore in violation of copyright.

If they simply refuse to provide further patches to customers who redistribute their patches, that is likely legal and not a violation of the GPLv2. However, if they tell their customers up front that if they distribute the patches they will no longer get GrSecurity patches, then that is adding a term to the GPL2 license, and thus a violation of it.

Re:Please Read The Entire Statement

[Bruce+Perens]

Which means that the original developers cannot properly sue the customers for infringement or breach of contract concerning use of the Linux kernel. Check. You've now admitted that there's no basis for liability absent a customer's own violation of the GPL.

I admitted no such thing. And telling me what I admitted, when I haven't, is a rhetorical trick, not argument.

Grsecurity is an unlicensed derivative work and it's owned in part by the kernel developers because it necessarily includes portions of the original work. The GPL does not apply to it at all. The fact that the user has the GPL for some other copy of a Linux kernel does not license the infringing derivative work to the user. Nor does it grant Open Source Security Inc. the ability to convey the GPL for that work.

But the original developers do not own Grsecurity's modifications.

Actually, they do! Not the whole thing, but the derivative work necessarily incorporates a significant portion of the original work, and this is definitely true for the patch format used. The GPL doesn't apply to that copy as its terms were not honored, and OSS never had a right to convey the GPL originally on that copy. A GPL conveyed by someone else for another copy of Linux does not apply to the infringing derivative work. Grsecurity has no right to distribute it at all. The Linux kernel developers own the only remedy that will make its legal use possible.

Termination of the kernel license to Grsecurity does not affect the rights of their customers, or any other users, per GPLv2 secs. 4 and 6.

It does indeed if Grsecurity never had the right to convey the GPL on that work to the users in the first place. You can't convey it on a derivative work without a license from the owners of the work it was derived from. Grsecurity did not have that license because they did not comply with it.

Denied. You have not explained how Grsecurity cannot license its own modifications under the GPL, nor how anyone other than Grsecurity could sue users for using those modifications. You have admitted that customers and users are licensed to use the Linux kernel even if Grsecurity is not. You will have to admit that users can modify the Linux kernel if they so choose, even using non-GPLv2 modifications, so long as they do not publish or distribute the result (GPLv2 secs. 2 and 3).

OK, this one is too much. Look, I know that lawyers will try to fool the other side to win an argument. I've had it happen before. It's not going to make me accept your argument. I explained clearly where Grsecurity could not license its infringing derivative work. You're being silly to contend that anyone can license an infringing derivative work to someone else without a lot more permission than the GPL contains.

To reiterate, the customer has been licensed by the original developers for the original kernel and by Grsecurity for the modifications.

The infringing derivative work was never licensed to the customers, because Grsecurity never had a right to license it to anyone. The copies of the kernel that are under the GPL came to the customer another way, if they have any, and the fact that the user has the GPL from someone else on another copy does not automatically license the infringing derivative work to the customer.

A contributory infringer is "[o]ne who knowingly induces, causes or materially contributes to copyright infringement, by another but who has not committed or participated in the infringing acts him or herself, may be held liable as a contributory infringer if he or she had knowledge, or reason to know, of the infringement."

They have now been informed that there's a good chance of risk of contributory infringement and to check with their counsel. It's public knowledge now. They're paying for copies. That's how they become

Re: Please Read The Entire Statement

[Bruce+Perens]

What if they used an NDA instead? And how is the effect any different?

Re:Please Read The Entire Statement

[phantomfive]

Your analysis seems on point: if they've acted to prevent redistributing of their changes, then they've violated the GPL. However I am a little less clear on this paragraph:

As a customer, it’s my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity.

I feel like the customers will still get full rights to use the Linux kernel (as long as they don't redistribute the binaries). I'm not sure where the contributory infringement and breach of contract come from.

Re:Please Read The Entire Statement

> It isn't true and GPL software generally isn't where one learn nor where innovations come from.

You sound like you truly believe what you're writing.

(downright scary how people often aren't able to see the ideology which possesses them).

Re:Please Read The Entire Statement

[phantomfive]

ok, I've read your argument elsewhere regarding the contributory infringement. In a lot of ways, it's like the cleanflicks case.....you are not allowed to edit and sell the edited DVDs, but you are allowed to sell metadata indicating which parts of the original movie can be modified, even though such metadata is clearly a derivative work. That would be analogous to allowing an end-user to download the kernel elsewhere, then apply the patches to it separately.

DVDs are a little different because they fall under the Family Entertainment and Copyright Act. The Linux kernel does not. I can't think of any case that applies to this directly. Applying the abstraction, comparison, filtration test, it seems reasonable that if Grsecurity lost the right to redistribute the Linux Kernel, they would at least lose the right to those portions of the code which allow them to integrate directly with the kernel, or are directly related to Linux. IF that happens, of course the patch would be useless.

So the question is, if you have a license from Grsecurity to use the parts of code they own, and a license from Linux for parts of the code that they own, why can't you use them together? The real question is about the jointly-owned portion of the code (after the abstraction, comparison, filtration test). Are you able use that or not? If not, why not?

Re: Please Read The Entire Statement

[Cacadril]

...taking code written by other people...force it to also be released under the GPL. ...stealing other people's code

This resembles the rapist who thinks the girl forced him to do it by being so female and attractive.

The linux kernel was there first, GPL and all. Nobody was "forced" to write GRSecurity as a patch to Linux. Nobody wrote code innocently only to have it taken away from them afterwards. GRSecurity does not work without the Linux kernel, or, if you can make it work without, you are free to do so,

...that happens to link to GPL code

This is another distortion of the facts. The code does not "happen to link" totally by accident or by evil acts of the Linux crowd. First, I doubt it just links, without any patching of existing code. We are talking about applying patches, that is, creating a derivative work in the form of a modified compilation unit. Who is "taking" other people's code here? And who is applying the patches? Who is doing the linking?

Re:Please Read The Entire Statement

[DRJlaw]

Grsecurity is an unlicensed derivative work and it's owned in part by the kernel developers because it necessarily includes portions of the original work. The GPL does not apply to it at all.

Those portions of the original work have been licensed to the customers by the GPLv2 sec 6. The license to those portions of the original work cannot be terminated per GPLv2 sec 4. The customer is also expressly licensed to make such a combination by GPLv2 sec. 2 so long as they do not publish or distribute the combined work.

End of story.

They're paying for copies. That's how they become a contributory infringer.

No. Merely purchasing the existing combination of code does not provide the required right and ability to supervise or control the infringing activity. You are well outside the bounds of your expertise, and it shows.

Re:Please Read The Entire Statement

[DRJlaw]

Just to be clear Bruce,

The fact that the user has the GPL for some other copy of a Linux kernel does not license the infringing derivative work to the user.

This appears to be the crux of our differences. GPLv2 sec. 4 states:

4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

That section says that the customer has a licence for that copy of the Linux kernel, not any other. Section 4 does not apply only to users who received copies from distributors who were completely in compliance with the GPL, because sec. 6 would make the emphasized language entirely superfluous under that interpretation:

6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions.

The customer is not "sublicensed" by the distributor, and therefore does not have their license terminated by termination of the license to the distributor under sec. 6 alone. In short, GPL2 sec. 4 says that the user is not responsible for the sins of a distributor. Every user of GPL licensed code is independently licensed by every contributor to that GPL licensed code to use the copy of the code that they have received, regardless of the compliance of intermediaries, so long as that individual user complies with the GPL.

The argument to the contrary is the "great big 'red flag'" that I've referred to. I'm quite certain that you haven't run that argument by Eben or the FSF, because it necessarily means that anyone using GPL code must audit the person or entity that they received the code from, not only for the copy that they received, but all copies that that distributor has ever distributed, so ensure that they have a license to "that" copy of the GPL-ed code and not "some other copy" of the code.

If you wanted to stoke the perception that GPLed code is "toxic" in yet another unhelpful and nebulous way, you couldn't have picked a better way...

Re:Please Read The Entire Statement

[Bruce+Perens]

Because the GPL doesn't apply to the infringing derivative work, as it terminated when it was not complied with, and Open Source Security, Inc. doesn't have a right to license it to others or to apply the GPL to it. So, the customers have a work with no valid license and the kernel developers own the only remedy that would permit its legal use.

If the customers had the GPL on that work, distribution might be relevant. They don't. Also keep in mind that distribution is not the only thing you can do to violate the GPL. You can create a derivative work that is in violation even before distribution.

Re:Please Read The Entire Statement

[Bruce+Perens]

No. Merely purchasing the existing combination of code does not provide the required right and ability to supervise or control the infringing activity. You are well outside the bounds of your expertise, and it shows.

In this case, it's the reverse. I understand how the software is applied (this is why I'm an expert witness in demand) and you're out of your expertise, sorry. The customer applies the patch. That gives them control of the infringing activity.

Those portions of the original work have been licensed to the customers by the GPLv2 sec 6. The license to those portions of the original work cannot be terminated per GPLv2 sec 4. The customer is also expressly licensed to make such a combination by GPLv2 sec. 2 so long as they do not publish or distribute the combined work.

Weren't you going to ask Eben about this? Why don't you do so, and get back to me. I still don't believe they're licensed.

By the way, I got the Grsecurity agreement. They actually put down in writing how they restrict the customer's GPL rights.

Re:Please Read The Entire Statement

[Bruce+Perens]

I just copied Eben again this morning, as I'd received a copy of the Grsecurity Stable Patch Access Agreement, which I had not previously had in hand. I also included another link to my article. No word from Eben yet.

While the user may not be responsible for the sins of the distributor, this is only the case after the distributor successfully conveys the GPL to the user upon the work. I contend that the distributor never had the right to convey the GPL to the user at all upon an infringing derivative work, and that a direct grant by the kernel developers to the user is thus never triggered.

Also, keep in mind that if the user does successfully receive the GPL on a work, they must be fully in compliance (section 4) for the GPL to continue. If the "sins" of the distributor are repeated by the user, the user is not in compliance. The point here is that the user need not pay for a "sin" which they do not repeat, nor may the distributor perform a deliberate action which terminates the user's GPL rights unless the user repeats that action.

When the user receives the infringing derivative work, and when the user applies the patch, they inherit the previous infringement from the distributor. The GPL does not wash clean that infringing status for the user.

Re:Please Read The Entire Statement

[phantomfive]

Because the GPL doesn't apply to the infringing derivative work, as it terminated when it was not complied with, and Open Source Security, Inc. doesn't have a right to license it to others or to apply the GPL to it. So, the customers have a work with no valid license and the kernel developers own the only remedy that would permit its legal use.

The counter-argument here is that the customers already have a valid license to the Linux kernel, with the GPL already granted, and the GPL allows them to modify the kernel in almost any way. I see elsewhere that you've written to Eben Moglen on the topic, so I'll wait to see what he says.

You can create a derivative work that is in violation even before distribution.

How would you do that? The GPL allows essentially any kind of modification (as long as you make a 'prominent' note of the modifications in the source).

Re:Please Read The Entire Statement

[phantomfive]

I want to add some analysis here, following the appellate court's ruling in Oracle v Google (if you haven't read it already, I strongly recommend reading it, because it is clear-minded and I fully expect it to set the precedent for software copyright cases for a long, long time).

So, imagine the 'owner' of the Linux kernel sued the customer of Grsecurity. Following OvG, the courts would first apply the Abstraction, Filtration, and Comparison test to figure out what is infringing. So the question is, what is infringing? After running the AFC test, there is nothing left that the customer doesn't have a license to. The Linux kernel 'owner' has given the end-user the right to use all of his(her) code. There is nothing left that the 'owner' can say that the customer doesn't have a license to.

Now, if the user doesn't have the right to use the code remaining after the AFC test, I would be interested in hearing an argument as to why not.

Re:Please Read The Entire Statement

[DRJlaw]

While the user may not be responsible for the sins of the distributor, this is only the case after the distributor successfully conveys the GPL to the user upon the work. I contend that the distributor never had the right to convey the GPL to the user at all upon an infringing derivative work, and that a direct grant by the kernel developers to the user is thus never triggered.

And I contend that you're wrong. In the SFLC's own words:

Automatic Downstream Licensing

Each time you redistribute a GPLâ(TM)d program, the recipient automatically receives a license, under the terms of the GPL involved, from every upstream licensor whose copyrighted material is present in the work you redistribute. You can think of this as creating a three-dimensional rather than linear flow of license rights. Every recipient of the work is âoein privity,â or is directly receiving a license from every licensor.

This mechanism of automatic downstream licensing is central to the working of copyleft. Every licensor independently grants licenses, and every licensor independently terminates the license on violation. In the case of GPLv2, this termination is automatic, while under GPLv3 the party breaching the licenseâ(TM)s terms may be able to cure before termination. Parties further downstream from the infringing party remain licensed, so long as they donâ(TM)t themselves commit infringing actions. Their licenses come directly from all the upstream holders, and are not dependent on the license of the breaching party who distributed to them. For the same reason, an infringer who acquires another copy of the program has not thereby acquired any new license rights: once any upstream licensor of that program has terminated the license for breach of its terms, no new automatic license will issue to the recipient just by acquiring another copy.

It does not matter whether "the distributor []ever had the right to convey the GPL to the user." The user takes their license directly from every contributor, and cannot be liable for using a GPLed work unless they themselves directly violate the GPL.

I no longer need your clarification. It's eminently clear that you're in the wrong.

Re:Please Read The Entire Statement

[ale2011]

GPLv2 sec. 4 states:

4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

That section says that the customer has a licence for that copy of the Linux kernel, not any other. Section 4 does not apply only to users who received copies from distributors who were completely in compliance with the GPL, because sec. 6 would make the emphasized language entirely superfluous under that interpretation:

That would seem to imply that a patch can be considered not to be derivative work. Is it so?

Some versions of the Grsecurity article seem to imply that Bruce is the only one who argues that's a violation. IANAL, and I think if that's not a violation then the GPL is badly written (perhaps thet's why there is v3.) RMS's statement is unusually laconic.

Re:Please Read The Entire Statement

[Bruce+Perens]

The infringing derivative work is not the software which the Linux developers license to people under the GPL. It is a separate work to which the GPL does not apply and to which the Linux developers hold a copyright interest and the only remedy which can permit its legal use. The Linux developers never intended to license that work, they still haven't, the GPL doesn't apply to it.

Re:Please Read The Entire Statement

[Bruce+Perens]

You are also ignoring the paragraph after the one you cited:

Protection Against Additional Restrictions Usersâ(TM) freedoms cannot be protected if parties can add restrictive terms to the copyleft. The âoeno additional restrictionsâ principle is therefore unwaivable if the GPL licenses are to achieve their primary objective. GPLv2 therefore requires that the only license terms available for works based on GPLv2 works are the terms of GPLv2. GPLv3, in Â7, enumerates a few classes of permissible additional terms, to allow very limited license variations in particular circumstances. But with these exceptions, the âoeno further restrictionsâ principle applies strictly. For these reasons, acceptance requirements or ceremonies, including âoeclick to acceptâ installation routines, violate the terms of GPL.

By this interpretation, both the distributor who offered an additional term and the customer who accepted it in breach.

I should also add that SFLC's interpretation of the GPL is not binding upon anyone but SFLC, and arguably not even them. I certainly don't have to accept it or abide by it.

Re:Please Read The Entire Statement

>FUD bla bla bla
Please don't spread libel.

Now on to the show:

Note: Yes IAAL, and Yes we know you as a lay-person programmer know more about the law than "useless" lawyers and law technicians so you don't have to restate your in-born greatness, please.

From GRSecurity's "Stable Patch Agreement":

"Notwithstanding these rights and obligations, the User acknowledges that redistribution of the provided stable patches or changelogs outside of the explicit obligations under the GPL to User's customers will result in termination of access to future updates of grsecurity stable patches and changelogs."

IE: If you choose to redistribute, other than in the case of a demand made by a user, retaliation will occur.

That is an additional term, between GRSecurity and the distributee, adding a restriction, end of story. This is forbidden by the license terms underwhich GRSecurity had the privilege to modify the kernel, create derivative works, and distribute derivative works, etc.

I say had, because once a license term is violated, the terms of the license distributed by the linux-rightsholders governing the use of their property states that the license is revoked upon violation of a term.

You have to understand that the linux-kernel, even if it is sitting on your harddrive, is the property of the linux-kernel rights-holders. Not GRSecurity, etc.

It's like a piece of land (Copyright is alienable in the same way that real property is). I may allow you to walk over my land, and I may rescind that license at any time. I may also post rules that you must obey when walking over my land which, if you violate, I may set terms that your license to walk over my land be revoked.

One of these rules is that you do not offer terms adding additional restrictions to derived works. GRSecurity has offered such terms. The moment they did so they violated the terms of the license grant.

Re:Please Read The Entire Statement

>To me this smells like a blurb written to create a PR stink even though it has no legal substance.

Note: IAAL (I _A_ A L) . Bruce Perens is correct and you are not correct in this instance. Please do not libel Mr Perens by claiming his article is some malicious act or that he is incorrect in his legal thinking.

From GRSecurity's "Stable Patch Agreement":

"Notwithstanding these rights and obligations, the User acknowledges that redistribution of the provided stable patches or changelogs outside of the explicit obligations under the GPL to User's customers will result in termination of access to future updates of grsecurity stable patches and changelogs."

IE: If you choose to redistribute, other than in the case of a demand made by a user, retaliation will occur.

That is an additional term, between GRSecurity and the distributee, adding a restriction, end of story. This is forbidden by the license terms underwhich GRSecurity had the privilege to modify the kernel, create derivative works, and distribute derivative works, etc.

I say had, because once a license term is violated, the terms of the license distributed by the linux-rightsholders governing the use of their property states that the license is revoked upon violation of a term.

You have to understand that the linux-kernel, even if it is sitting on your harddrive, is the property of the linux-kernel rights-holders. Not GRSecurity, etc.

It's like a piece of land (Copyright is alienable in the same way that real property is). I may allow you to walk over my land, and I may rescind that license at any time. I may also post rules that you must obey when walking over my land which, if you violate, I may set terms that your license to walk over my land be revoked.

One of these rules is that you do not offer terms adding additional restrictions to derived works. GRSecurity has offered such terms. The moment they did so they violated the terms of the license grant.

Re: Please Read The Entire Statement

The licensing terms of the linux-kernel forbid additional restrictive terms between distributee and further distributee of linux or derivative rights of linux.

Obviously just because you conjured up an NDA doesn't change the violation: it only serves to scare lay witnesses from testifying.

Re:Please Read The Entire Statement

Kjella:
>not damage under any theory of liability I've heard of.

Damages would be as written in the copyright statute: any and all profits, or (alternatively) statutory damages. Profits is the one one would want to pursue as statutory damages only amount to a bit over 100k.

You did read the copyright statute, right?

>under any theory of liability I've heard of.
Lay-persons are ignorant of a-lot of things, are they not? Isn't there a reason law school is a number of years in length? Oh, I'm sorry, lawyers are "useless" etc etc etc. Silly me for thinking otherwise.

Re:Please Read The Entire Statement

> One of these rules is that you do not offer terms adding additional restrictions to derived works. GRSecurity has offered such terms.

Really? What terms add any restrictions whatsoever to the SOFTWARE LICENSE? As far as I can tell, the license is the same as it ever was, and gives you all the same rights and permissions.

Re:Please Read The Entire Statement

From GRSecurity's "Stable Patch Agreement":

"Notwithstanding these rights and obligations, the User acknowledges that redistribution of the provided stable patches or changelogs outside of the explicit obligations under the GPL to User's customers will result in termination of access to future updates of grsecurity stable patches and changelogs."

IE: If you choose to redistribute, other than in the case of a demand made by a user, retaliation will occur

That is an additional term, between GRSecurity and the distributee, adding a restriction, end of story. This is forbidden by the license terms underwhich GRSecurity had the privilege to modify the kernel, create derivative works, and distribute derivative works, etc.

I say had, because once a license term is violated, the terms of the license distributed by the linux-rightsholders governing the use of their property states that the license is revoked upon violation of a term.

You have to understand that the linux-kernel, even if it is sitting on your harddrive, is the property of the linux-kernel rights-holders. Not GRSecurity, etc.

It's like a piece of land (Copyright is alienable in the same way that real property is). I may allow you to walk over my land, and I may rescind that license at any time. I may also post rules that you must obey when walking over my land which, if you violate, I may set terms that your license to walk over my land be revoked.

One of these rules is that you do not offer terms adding additional restrictions to derived works. GRSecurity has offered such terms. The moment they did so they violated the terms of the license grant.

Re:Please Read The Entire Statement

the customer already knows that there is a threat to cause them business damage if they exercise their right to distribution

Yes but AFAICT the GPL doesn't offer any guarantee against business damage (or a guarantee of any kind). That's between the vendor and the customer.

Or was Freedom 4, freedom from business damage, added when I wasn't looking?

Re:Please Read The Entire Statement

1) The SFLC is not a party here. Linus et al are (being the copyright holders).

2) The derivative work itself is violating copyright.

To create and distribute a non-stand alone derivative work, lawfully, one must have permission to do so (to modify, distribute, etc).

Once GRSecurity proffered more restrictive additional terms they lost the license grant. Thus they no-longer have the permission to modify Linus' et al's property, let-alone distribute derivative works based upon it.

To distribute a violating work is a violation of the property rights of the copyright holder. To modify the linux kernel when one's grant has been revoked is another violation.

To knowingly make a copy of a work that violates another's copyright... you get the idea.

Re:Please Read The Entire Statement

v3 exists because the drafters of v2 of the GPL failed to include a no-revocation clause. Licenses are revokable at the will of the grantor (barring estopple).

IAAL, GRSecurity is blatantly violating the no-additional-restrictive-terms clause.

Re:Please Read The Entire Statement

But they aren't placing restricting anything in what the license allows.

They're taking away something extra they offered which the license doesn't promise anyhow.

Re: Please Read The Entire Statement

The linux kernel was attractive and a kernel.
Clearly it had to be raped.

0 : 1 Linux.
1 : 1 Grsecurity
Eat your heart out RMS.

Re: Please Read The Entire Statement

"This is another distortion of the facts. The code does not "happen to link" totally by accident or by evil acts of the Linux crowd. First, I doubt it just links, without any patching of existing code."

Indeed. Grsecurity is _THE_ most extensive modification of the Linux kernel that has EVER been written and offered as a monolithic patch. If it isn't a derivative work then NOTHING in software is.

Re: Please Read The Entire Statement

Posting the same stuff repeatedly? Perhaps you should stop pounding on the table.

Re: Please Read The Entire Statement

False. There have been far bigger changes commited into the kernel in the past. Keep spreading that FUD, though.

Re: Please Read The Entire Statement

Except that new grsecurity patches do not exist in advance. The client is hiring grsecurity to do the work to make them. The unintended consequence here is that you're saying it is impossible for grsecurity to refuse performing future work as it would constitute a breach of the GPL, so must continue supplying future changes whether they want to or not. Does the GPL apply to future code that only exists in potentia?

Re: Please Read The Entire Statement

You proud White American Men (valiantly making sure no man on earth gets a nice young girl as a bride because Jesus said Better A Millstone, and you hate the Old Testament Jewish God so just ignore Him) keep making the same false claims from your position of ignorance.

So I must continually correct the same false claims you make.

But, you know, you're a proud red-in-the-face valiant White American Man and Programmer so you just know everything since birth.

Re:Please Read The Entire Statement

>Really? What terms add any restrictions whatsoever to the SOFTWARE LICENSE?

That's cute. You Proud (red in the face) White American Man Programmers believe that section 6 of version 2 of the GPL is trying to describe some sort of copyright protection over it's own text right there.

First of all you, yes you, are an ignorant person who thinks the "License" is merely the written memorialization you can print out or read. No. You ignorant fool. You white monkey. You proud American Man (who bombs every pro-marry young girl country in existence to secure the world for the white woman (as you violently oppose your own intrests as a man: as the golem of the white woman you are)), red in the face with angry hubris. The LICENSE is the permission you have from the property owner to use his property. When he tells you that he is ALLOWING you to make derivative works of his property (how gracious of him: it is his right to deny you this PRIVILEGE) he may put restrictions on the dispossession of his PROPERTY (copyright is alienable in the same way real property etc is (see: copyright statute)). Here he has stated that you may not impose restrictions between you and other people you distribute a derived work to that are in excess of the restrictions the license he has granted you. That is you CANNOT ask someone to AGREE to ADDITIONAL RESTRICTIONS. If you do so your permission from the owner is revoked. GRSecurity asks further distributees to agree to not distribute the derivative work.

Basically, you, you stupid ignornant White Man, do not KNOW what a License is. You think it is a piece of paper. You are a fool. But like all the rest of the White Man programmers here from America (proudly being exceptional and making the world safe for women and girls, proudly (rockets red glare, bombs bursting in air.... (tears in eyes (an eagles tears))) will continue forever in your hubris.

I shall explain again:

>Except that, as many have pointed out, it's not a new license term. It's a term of an agreement that makes reference to the license. They are not saying you can't get a license unless you agree to their terms; they're saying you can't get support and updates.

The terms of the license govern what agreements you may make between yourself and other parties. It is not solely governing what "the license" (that you publish to the other parties) says.

Section 6 states simply
"You may not impose any further restrictions on the recipients' exercise of the rights granted herein."

Clear as day. What you lay people do not seem to understand is that the terms here are governing what agreements and actions the distributee can take regarding furthur distributees, in reality, in the flesh.

Here the ACTIONS of GRSecurity are to RESTRICT the exercise of the redistribution rights of the further distributee.

This is an action prohibited by the terms offered by the linux-rights holders, and they have written as another term that the permission they give to use their property is revoked upon violation of their terms.

Very simple.

The linux-rights holders could have written "those who eat grapes on a monday have their license revoked at the moment grape is consumed". Linux is their property and they may alienate it as they desire in the same way they may alienate their real and personal property.

Under your theory no revocation would take place unless GRSecurity physically prevented further distributees from redistributing by putting a gun to their heads if they dared attempt so. Clearly that is not how things work. GRSecurity proffered terms designed to restrict one from redistributing the derivative work, terms which have been successful in-fact. A clear violation of section 6.

Very simple.

And yes, IAAL.

>as many have pointed out,
Many lay people, like yourself, who are not studied in the law and are completely ignorant of it's workings, seeing only the surface edifices, yet, in hubris, insist that their opinion on any matter regarding legal outcomes is worth the equivalent value of even one speck of infertile earth.

You do NOT know what you are talking about. Neither do your Programmer friends.

Re:Please Read The Entire Statement

>Really? What terms add any restrictions whatsoever to the SOFTWARE LICENSE?

That's cute. You Proud (red in the face) White American Man Programmers believe that section 6 of version 2 of the GPL is trying to describe some sort of copyright protection over it's own text right there.

First of all you, yes you, are an ignorant person who thinks the "License" is merely the written memorialization you can print out or read. No. You ignorant fool. You white monkey. You proud American Man (who bombs every pro-marry young girl country in existence to secure the world for the white woman (as you violently oppose your own intrests as a man: as the golem of the white woman you are)), red in the face with angry hubris. The LICENSE is the permission you have from the property owner to use his property. When he tells you that he is ALLOWING you to make derivative works of his property (how gracious of him: it is his right to deny you this PRIVILEGE) he may put restrictions on the dispossession of his PROPERTY (copyright is alienable in the same way real property etc is (see: copyright statute)). Here he has stated that you may not impose restrictions between you and other people you distribute a derived work to that are in excess of the restrictions the license he has granted you. That is you CANNOT ask someone to AGREE to ADDITIONAL RESTRICTIONS. If you do so your permission from the owner is revoked. GRSecurity asks further distributees to agree to not distribute the derivative work.

Basically, you, you stupid ignornant White Man, do not KNOW what a License is. You think it is a piece of paper. You are a fool. But like all the rest of the White Man programmers here from America (proudly being exceptional and making the world safe for women and girls, proudly (rockets red glare, bombs bursting in air.... (tears in eyes (an eagles tears))) will continue forever in your hubris.

I shall explain again:

>Except that, as many have pointed out, it's not a new license term. It's a term of an agreement that makes reference to the license. They are not saying you can't get a license unless you agree to their terms; they're saying you can't get support and updates.

The terms of the license govern what agreements you may make between yourself and other parties. It is not solely governing what "the license" (that you publish to the other parties) says.

Section 6 states simply
"You may not impose any further restrictions on the recipients' exercise of the rights granted herein."

Clear as day. What you lay people do not seem to understand is that the terms here are governing what agreements and actions the distributee can take regarding furthur distributees, in reality, in the flesh.

Here the ACTIONS of GRSecurity are to RESTRICT the exercise of the redistribution rights of the further distributee.

This is an action prohibited by the terms offered by the linux-rights holders, and they have written as another term that the permission they give to use their property is revoked upon violation of their terms.

Very simple.

The linux-rights holders could have written "those who eat grapes on a monday have their license revoked at the moment grape is consumed". Linux is their property and they may alienate it as they desire in the same way they may alienate their real and personal property.

Under your theory no revocation would take place unless GRSecurity physically prevented further distributees from redistributing by putting a gun to their heads if they dared attempt so. Clearly that is not how things work. GRSecurity proffered terms designed to restrict one from redistributing the derivative work, terms which have been successful in-fact. A clear violation of section 6.

Very simple.

And yes, IAAL.

>as many have pointed out,
Many lay people, like yourself, who are not studied in the law and are completely ignorant of it's workings, seeing only the surface edifices, yet, in hubris, insist that their opinion on any matter regarding legal outcomes is worth the equivalent value of even one speck of infertile earth.

You do NOT know what you are talking about. Neither do your Programmer friends

Re:Please Read The Entire Statement

>But they aren't placi

They are restricting their clients from redistributing the derivative work, and are doing so effectively. They require their clients to agree not to redistribute the derivative work. Proffering such terms is a violation of section 6: it is exactly what section 6 was drafted to prevent.

>Except that, as many have pointed out, it's not a new license term. It's a term of an agreement that makes reference to the license. They are not saying you can't get a license unless you agree to their terms; they're saying you can't get support and updates.

The terms of the license govern what agreements you may make between yourself and other parties. It is not solely governing what "the license" (that you publish to the other parties) says.

Section 6 states simply
"You may not impose any further restrictions on the recipients' exercise of the rights granted herein."

Clear as day. What you lay people do not seem to understand is that the terms here are governing what agreements and actions the distributee can take regarding furthur distributees, in reality, in the flesh.

Here the ACTIONS of GRSecurity are to RESTRICT the exercise of the redistribution rights of the further distributee.

This is an action prohibited by the terms offered by the linux-rights holders, and they have written as another term that the permission they give to use their property is revoked upon violation of their terms.

Very simple.

The linux-rights holders could have written "those who eat grapes on a monday have their license revoked at the moment grape is consumed". Linux is their property and they may alienate it as they desire in the same way they may alienate their real and personal property.

Under your theory no revocation would take place unless GRSecurity physically prevented further distributees from redistributing by putting a gun to their heads if they dared attempt so. Clearly that is not how things work. GRSecurity proffered terms designed to restrict one from redistributing the derivative work, terms which have been successful in-fact. A clear violation of section 6.

Very simple.

And yes, IAAL.

>as many have pointed out,
Many lay people, like yourself, who are not studied in the law and are completely ignorant of it's workings, seeing only the surface edifices, yet, in hubris, insist that their opinion on any matter regarding legal outcomes is worth the equivalent value of even one speck of infertile earth.

You do NOT know what you are talking about. Neither do your Programmer friends.

Re: Please Read The Entire Statement

>False. There have been far bigger changes commited into the kernel in the past.
Give some examples of something more extensive than GRSecurity's reach. (Not something confined to one subsection of the kernel)

>Keep spreading that FUD, though.
Want me to sue you for libel? Would you like that buddy?
WOULD YOU LIKE THAT?

If GRSecurity isn't a derivative work then NOTHING in software is.

Re:Please Read The Entire Statement

> And yes, IAAL

You misspelled "fucking fruitcake."

Re:Please Read The Entire Statement

> They require their clients to agree not to redistribute the derivative work.

How are they requiring clients to agree?

Are they holding their babies hostage or something?

Their clients have every right and ability to redistribute. The license is clear on that.

Re: Please Read The Entire Statement

It's cute when children pretend to be lawyers.

Re: Please Read The Entire Statement

I guess Bruce doesn't want to talk to you any more: https://boards.4chan.org/pol/thread/133715593/suddenly-bruce-perens-doesnt-want-to-talk-to-me

Re: Please Read The Entire Statement

You know, trying to bring race, gender, and religion into it doesn't really help your case.

If there's one thing programmers excel at, it's abstracting away useless, irrelevant information. The fact that you're inflating your rhetoric indicates you have nothing substantial at the core and now you're just lashing out in frustration.

Should have spent more time studying psychology and philosophy instead of law.

Re:Good example of why to avoid the GPL.

[K.+S.+Kyosuke]

Good. Everyone who doesn't like Linux's license is perfectly free to support any of the BSDs.

Re:Good example of why to avoid the GPL.

[Stormwatch]

"Most quotes on the internet are made up."
        - Albert Einstein

Not related to their mark

[Bruce+Perens]

Grsecurity recently changed its terms due to widespread abuse of its mark.

Dear AC,

If that's really their intent, they're confused. Or maybe you don't understand? The GPL doesn't have anything to do with trademarks. And Grsecurity did not bother to create a trademark for their product that was different from the versions with the old GPL-only terms, which are still in use. If trademark was the problem, they'd need to create a new one for their commercial product.

This, unfortunately, would not mitigate the GPL issue, which is copyright and contract related.

Re:Not related to their mark

Hi Bruce, as far as I understand it grsecurity changed its terms back in April. They seem to suggest that they supply patches to the kernel released under GPLv2 terms, but will refuse to offer further subscription support to anyone who distributes those patches. I don't know if there is a rider over "with our mark on them" on this or not, but if so wouldn't that place them in the same position as Redhat? I seem to recall that a similar situation arose with Virtuozzo in the early days, except they were distributing a complete kernel binary rather than a patch to the source, with a termination of support clause.

I can clearly see where your bone of contention is, but wonder if by attempting to protect the GPL you aren't potentially relying on an equally bad position (ie is the party modifying the kernel then forced to release their changes whether they want to or not?)

Have you tried contacting them? I'd be interested to learn what their side of the story is. For the record, I am not related to grsecurity in any way. I've had one or two brief contacts with members in the past, that's it.

Re:Not related to their mark

[Bruce+Perens]

Redhat sequesters their support information from non-customers. It's really difficult to make a case that the support data is derivative of the Open Source involved. I don't believe Red Hat has attempted to stop any of their customers from redistributing an actual patch. Just other information.

I don't know about Virtuozzo, sorry.

I did not contact Open Source Security Inc. as they had by that time already had extensive and somewhat acrimonious discussions with others in the community.

I think my legal theory holds water. I am bothered by the sort of action that Open Source Security Inc. is doing, and felt that informing the customers (albeit indirectly, in places like Slashdot) was the best way to effect a change. This was a case where publicity was the most effective means of effecting change (even if the only change is that someone else doesn't try to do what's being done with Grsecurity) and was less expensive for all sides than a lawsuit.

Re:Not related to their mark

I've had a look over their agreement here, and there is nothing to prevent redistribution of a patch under the terms and conditions of the GPLv2. It states that if it a patch is distributed outside of the terms of the GPLv2, then access to further patches in the future (not the patch provided) will be denied, on a works for hire basis.

I honestly don't think you've got all your ducks lined up here, and yes, I realise who I'm saying it to and how the hordes here will descend upon me.

Re:Not related to their mark

[Bruce+Perens]

The problem isn't with the text there. It's with what else they have told their customers. It doesn't even have to be in writing.

I have witnesses. If there was ever a case, obviously the prosecution would have to depose people to make this point. I am not actually planning on a case, though. I think this warning will have the desired effect.

Re:Not related to their mark

Fair enough, far be it from me to actually RTFA (this is Slashdot, after all). Thanks for taking the time to (re)explain that. As much as I'd like to support grsecurity, I tend to do so from a technical perspective. It's a real shame if what the witnesses have said is true, and I have no reason to doubt them. I'd still like to hear the other side of the story, though.

Re:Not related to their mark

[buchner.johannes]

I think my legal theory holds water.

Lets say I release (sell) v1.0 of my software to person A, B and C under GPL2. Then B does something I don't like, but I can't do anything about it, because they received the software and can propagate it further under GPL2.

The following year, I sell v2.0 of my software to person A and C under GPL2, but don't sell it to person B any more. They do not have any right to receive it from me. If A or C pass it on to B, they are free to do that. But I can put arbitrary restrictions on to whom I give my software, if it is a new version -- I can decide for every release.

There is no addition of terms or restrictions of the GPL needed. It's just who you release your software to. Now if A is the general public, all restrictions are basically moot.

Re:Not related to their mark

[Bruce+Perens]

A lot of people are having a problem with the time sequence of events.

Let's say you warn someone in advance that you will harm their business by withdrawing their support and removing them from your customer list, should they exercise their right which is granted to them under the GPL. That's adding a term.

Let's say that you never warn them about anything, they distribute stuff, and you decide to downsize your business and fire them as a customer. That is not adding a term.

It took me a while to get this straight myself, for a while I knew something was wrong but did not realize the importance of the time sequence. But I think I could help to win a case with this, if one came up.

Re:Not related to their mark

[Bruce+Perens]

I think there is lots of room for people to make security patches to the kernel, and for them to do them one at a time and get the kernel team to accept them. They belong in the mainline, not a patch.

If they need some special subsystem to support them, they should put that in the form of as small a patch as possible, get the kernel team to accept that, and then to make individual patches that make use of that facility.

In contrast, Grsecurity is a big patch built up over years, and I hear not always a careful one.

It is difficult to get the kernel team to accept things. That is not a misfeature. They set really high standards, not just that the code works but that it's easy to read and review, is modular and does not put dirty fingers all over the kernel, and is well-architected according to the esthetic style of the kernel developers. Not everything meets those standards, and because there's an esthetic style it's sometimes down to personal style of the programmer and not everyone fits. But that's still not a misfeature.

Re:Not related to their mark

Never miss an opportunity for self-promotion...

Re:Not related to their mark

Oy vey! It's anudda shoah, I tells ya! Anudda shoah!

Re:Not related to their mark

Bruce, I am still more than a little concerned that the only difference from what you say the witnesses claim that license appears to be redistribution, under GPLv2 or not at all. Can you reaffirm that there has not been any miscommunication or misunderstanding on the part of the witnesses you've heard from regarding these terms? That they were told in private that no redistribution at all was possible, rather than under GPLv2? I'm finding it very hard to reconcile what you've said with all of the (quite emphatic) posts over the past 6 months from Brad attempting to enforce GPL compliance with companies redistributing firmware containing grsecurity. This doesn't sound like him at all.

To go back to patch submission, I agree with you in part, in so much that I would like to benefit from grsecurity personally, which I can do if it were under the mainline kernel, and also in that I do not believe that kernel forks are healthy for the community.

However, I also recognise that under the GPL people have the freedom to make their own changes. If those changes aren't good enough for the original developers or don't fit in with their personal vision, then there's no onus on anyone to fix it if they don't want to, the changes are theirs. I understand that Brad gave up trying to satisfy the requirements for the mainline, there was a fundamental clash of cultures - and that is his right. I don't know the specifics of why they were rejected, but I suspect I'd get wildly varying accounts depending on who I ask.

However, having said that I also understand that the Kernel Self Protection Project are attempting to do just as you say at this moment. Since Brad doesn't appear to have made an appearance and, lord knows why, I have a soft spot for him as, in my opinion, an exemplary kernel security expert; may I ask: will you be keeping an equally hawk-like eye to ensure that attributation isn't stripped when grsecurity code is submitted via KSPP or otherwise copied, which seems to have been of some concern to him?

Re:Not related to their mark

[jeremyp]

The GPL says nothing about what support you must provide to your customers. In fact, it says that the software is distributed without warranty of any kind which means you do not have any obligation to provide any support or maintenance.

If you then say we will provide support but only if you don't redistributed our software, you are not infringing any of their rights under the GPL that I can see. I don't think it's right, but I wouldn't be confident that it is illegal.

Re:Not related to their mark

[squiggleslash]

I'm confused, and I'm happy to be proven wrong, but I'm having trouble with this:

Let's say you warn someone in advance that you will harm their business by withdrawing their support and removing them from your customer list, should they exercise their right which is granted to them under the GPL. That's adding a term.

I'm not sure how it's adding a term unless one of the rights granted by the GPL is one of those that the "warning" is stating will be taken away. As I see it, this is little different to a straightforward "You can use this under the GPL, or you can voluntarily give up your rights under the GPL and accept this combination of rights and restrictions instead. Your choice." I don't see the latter as violating the GPL in any way - if it does, perhaps that means we need to revisit what the GPL does, as it's perfectly reasonable under certain circumstances.

For example, if someone wants me to support a piece of software, I don't want them to make changes to it without my knowledge, otherwise it's impossible for me to adequately support them. But if your reading of the GPL is correct, then if the heart of the software is GPL'd, I wouldn't be able to have them to make that agreement, especially if I supply the software to them.

Re:Not related to their mark

[Bruce+Perens]

I got a copy of Grsecurity's Stable Patch Access Agreement. It's a written term, given to you before the act of distribution. It's rather imprudent of them to write it down if you ask me.

The entire point of the language against additional terms in the GPL is so that others can not negotiate with you for you to give up any of your GPL rights.

I don't think this gives you an obligation to support software you didn't provide. You are not, in that case, refusing to support the software that you did provide. In contrast, Grsecurity shuts the customer off entirely.

Re:Not related to their mark

[squiggleslash]

Ah, so (still confused, but I think I see what you're getting at) - are you saying it was a straightforward "You can choose our terms or the GPLs, but if you choose the latter you don't get the software at all (from us, but who else are you going to get it from if nobody else has it who hasn't agreed to our terms)?"

Because yes, I can understand why that would be a problem. Part of me is fearful it might still actually be legal to do that.

Re:Not related to their mark

> Because yes, I can understand why that would be a problem. Part of me is fearful it might still actually be legal to do that.

Allay your fears: It is a blatant violation. Clear as day. They no longer have the right to distribute or modify or make derivative works of the Linux Kernel.

Re:Not related to their mark

You should put together a case.
Grsecurity is going to keep doing what it's doing unless it's stopped and everyone will start to have the opinion that they may do the same with any libre-licensed work.

Re:Not related to their mark

Anon wrote:

"Never miss an opportunity for self-promotion..."

Do you desire a libel and negative-false-light tort suit?

Re:Not related to their mark

jeremyp:

They are forbidden by the terms from adding additional restrictions between an agreement between THEM and furthur Distributees.

They are adding an additional term.

Open and shut. Blatant violation.

No, you programmers who scream "BUT THEY DIDNT ADD THE ADDITIONAL TERM __TO_THE_GPL__!!!!" They added it to the agreement between them and the furthur distributee, which the terms underwhich linux is distributed explicitly forbids.

The licenses is NOT BETWEEN "The GPL" and GRSecurity but between THE LINUX RIGHTS-HOLDERS (linus et al) and GRSecurity. "The GPL" is the memorization of the license grant. It disallows additional restrictions placed by GRSecurity on people to whom it distributes a derivative work.

It is NOT saying (in that section) "oh you just can't pen your restriction in here, go write it on a napkin or something wink wink nod". (*cough codicil*)

No, you Programmers do NOT know what you're talking about when it comes to the Law. Yes I _DO_ know what I'm talking about

Re:Not related to their mark

From GRSecurity's "Stable Patch Agreement":

"Notwithstanding these rights and obligations, the User acknowledges that redistribution of the provided stable patches or changelogs outside of the explicit obligations under the GPL to User's customers will result in termination of access to future updates of grsecurity stable patches and changelogs."

IE: If you choose to redistribute, other than in the case of a demand made by a user, retaliation will occur.

That is an additional term, between GRSecurity and the distributee, adding a restriction, end of story. This is forbidden by the license terms underwhich GRSecurity had the privilege to modify the kernel, create derivative works, and distribute derivative works, etc.

I say had, because once a license term is violated, the terms of the license distributed by the linux-rightsholders governing the use of their property states that the license is revoked upon violation of a term.

You have to understand that the linux-kernel, even if it is sitting on your harddrive, is the property of the linux-kernel rights-holders. Not GRSecurity, etc.

It's like a piece of land (Copyright is alienable in the same way that real property is). I may allow you to walk over my land, and I may rescind that license at any time. I may also post rules that you must obey when walking over my land which, if you violate, I may set terms that your license to walk over my land be revoked.

One of these rules is that you do not offer terms adding additional restrictions to derived works. GRSecurity has offered such terms. The moment they did so they violated the terms of the license grant.

Re: Not related to their mark

That's a good theory, but unless you test it in court it remains just that, a theory.

Re: Not related to their mark

Excuse me, I have a small amount of code in the kernel. You don't have exclusive right to claim it is "just yours", you filthy little thief. And no, an Anonymous Coward posting on a forum somewhere on the internet does NOT constitute termination under the terms of the GPL. You think you have standing and right to terminate, send them legal notice. Anything else is just being a troll blowhard.

Re: Not related to their mark

Personally I'm thinking its time to start avoiding GPL software due to the indentured slavery clause.

Re: Not related to their mark

Not the same AC, but its funny you should bring that up. If Bruce is wrong, and bear in mind that his announcement has gone around the world, appeared on every tech site and been translated into every language, just how much damage has he done to grsecurities business? How exposed is he by making this claim publically?

Re: Not related to their mark

The terms under-which the linux kernel is licensed states termination is automatic upon violation.

You however, can terminate any licensee at will via notification, of-course, as well, without cause.

Re: Not related to their mark

And what if someone doesn't believe themselves to be in violation from their own legal advice? Licenses aren't programs, they can't terminate themselves.

Re: Not related to their mark

It doesn't matter what they believe. What matters is the jurisprudence within the jurisdiction where their principal place of business or head office is located. Additionally what also matters is what the licensor intended and what terms he communicated verbally, in written word, and through course of business dealings.

Let me repeat:
>And what if someone doesn't believe themselves to be in violation from their own legal advice?

What YOU believe. DOES. NOT. MATTER.

You are NOT the owner of the copyrighted work.

>Licenses aren't programs, they can't terminate themselves.
A license grant can certainly automatically terminate upon breach. Your programmers/naive lay-man's logic does not apply to the law (so how about you stop talking about what you don't know the first think about?).

If I post a notice that all persons may walk upon my land, however they may not disturb the land or harm the foliage, except for normal wear-and-tear on the grass from foot traffic, and if they violate these provisions that their license to walk across my land is automatically revoked....

If you then come and cut a tree down on my land: yes your license to walk across my land IS AUTOMATICALLY REVOKED.

You know why? Because it is MY property. You are tresspassing once you violate MY TERMS.

I can also revoke your license at any time for no reason what-so-ever.

Of-course a proud White American Programmer Man just know everything from birth and gets red in the face when anyone informs him otherwise so... you will assume you win no matter what and that I don't know what I'm talking about because "it just can't be so!".

Re:Not related to their mark

Better a millstone: kill any man that likes young girls, right?

Proud White American Man.

Re: Not related to their mark

We already know you are a troll, not a lawyer. Give it a rest.

Re: Good example of why to avoid the GPL.

[viperidaenz]

How? You're completely forbidden to make derivative works of Microsoft Windows. You're also forbidden to distribute it in any way.

Re:Good example of why to avoid the GPL.

[Teun]

Indeed, as we know free is not gratis.
The GPL keeps the existing software and its derivatives free to use by and for all.

Re:Good example of why to avoid the GPL.

[Eravnrekaree]

The GPL is reasonable, You want to use someone elses code you should give back the improvements you make. I dont see anything wrong with that.

Re:Good example of why to avoid the GPL.

How is doing things secretly under NDA "in the public interest"?

Did you really ask this? Seriously. Did you?
Your opinion of GPL aside, are you remotely aware of law at all? Seriously. Are you?

Re:Good example of why to avoid the GPL.

It's been said over and over - it's not about YOUR freedom, it's about the continued freedom of THE CODE

If you're not willing to pay "the price" of the GPL stop whining and go use some other code base with terms you can accept. But if you won't comply with the GPL, nothing else gives you the right to redistribute GPL'd code or or derivative works of it.

Re:Good example of why to avoid the GPL.

[93+Escort+Wagon]

"Most quotes on the internet are made up."

        - Albert Einstein

Yeah, right there you've demonstrated the "internet problem" in a nut shell... taking an Abraham Lincoln quote and then mis-attributing it to Albert Einstein.

Re: Good example of why to avoid the GPL.

Free as in beer?

Re:Good example of why to avoid the GPL.

[Scarletdown]

"When the Internet is invented, I think it would be really cool if people misquoted me on it."

    -- Abraham Lincoln

Re:Good example of why to avoid the GPL.

[lucm]

"The definition of insanity is misquoting the same thing over and over and expecting different attributions."
- President Benjamin Franklin

Re:Good example of why to avoid the GPL.

FAKE NEWS!

Re: Good example of why to avoid the GPL.

I fail to understand the rules of logic in this alternate reality of yours.

Question mark abuse

[lucm]

Did you really ask this? Seriously. Did you?
Your opinion of GPL aside, are you remotely aware of law at all? Seriously. Are you?

I'd be curious to see if on your keyboard the "?" key is as worn down as the space bar.

Re: Question mark abuse

[that+this+is+not+und]

They have trained their dog to bump the ? key with it's nose periodically. The dogs nose is softer and wetter than a finger, meaning there is less wear to the keycap.

Re: Question mark abuse

An excellent solution to a pressing problem!

Re:Good example of why to avoid the GPL.

Exactly this.

This is a problem affecting all OSS licenses

[Lirodon]

I've seen multiple pieces of software, including Paint.net and Classic Shell, change to proprietary licenses because of this exact issue; being able to effectively plagiarize a program just because it's open source and you can theoretically do anything to it, like change the name and claim it as your own, claim it's a "new version" that's littered with malware or add-ons that aren't open source, etc. Open source licenses do not give you a carte blanche to infringe on any other proprietary intellectual property associated with the software, such as trademarks and trade dress.

Re:This is a problem affecting all OSS licenses

[Bruce+Perens]

Actually, the GPL and a trademark registration will keep just what you're talking about from happening. Going proprietary won't give you any more protection unless you're talking about just locking up the source. But you have to enforce once in a while to keep idiots from breaking the rules.

Re:This is a problem affecting all OSS licenses

paint.net changed because scammers were swiping the code and using it without proper attribution, without changing crucial elements like application guid and update urls, etc.

classicshell.net was pretty much the same story.

it's not because they didn't like open source.. it's that their code was abused over and over and over again in violation of even the generous terms they used to be available under. not quite the same situation as here.

Re:This is a problem affecting all OSS licenses

The Paint.net case was just weird. I pretty much took it as the Windows developer community just not understanding open source.

Re: This is a problem affecting all OSS licenses

[guruevi]

No you cannot do that under proper open source licenses such as the GPL. In the cases of paint.net and classic shell and many more, they just want to have other people build and fix their product and then once successful, they want to close it and sell a commercial product. It's the main reason never to contribute to anything obscure that is under a MIT or BSD license.

Re:This is a problem affecting all OSS licenses

[Lirodon]

Well, this is the same case. Their code, despite being heavily modified, is still being attributed to them as their work, thus violating its integrity because it is not the grsecurity..

Re: This is a problem affecting all OSS licenses

"then once successful, they want to close it and sell a commercial product. "

Sounds like this happens with GPL derivative works too... as if the GPL is no shield.

Re:Good example of why to avoid the GPL.

I am become death, destroyer of BSD sphincters.

  -- Bhagavad Torvalds

Re:Good example of why to avoid the GPL.

[TechyImmigrant]

How is doing things secretly under NDA "in the public interest"?

It's the first question he would be asked. "Will do discuss this under NDA". So he's getting that out of the way before they start.

Re:Good example of why to avoid the GPL.

"Lick, lick, lick my balls"

  -- Rick Sanchez

Re:Good example of why to avoid the GPL.

Indeed, if you plan on reaping the benefits of open source while preventing others from doing the same, then you should avoid GPL at all costs.

Of course, that means you shouldn't start a business centered around GPLed software.

However there was no risk here. It's insanely easy to see that what they wanted to do was against the GPL and from that point they should have dropped the entire thing and went on to do something else.

Re:Good example of why to avoid the GPL.

[Bruce+Perens]

That's your right. Of course, this matters more if you've actually released anything under it.

I should tell you, though, I have had more than one person who used gift-style licenses come crying to me about how badly they were abused. Some decide the GPL is a better idea too late...

Re:Good example of why to avoid the GPL.

[Bruce+Perens]

Right. Nobody and their legal counsel want to talk about this without an NDA. I am taking on some liability by accepting an NDA and still doing the whole thing for free.

Sounds wrong: do they distribute anything that's G

I think that argument sounds wrong.
Do they distribute anything that's under the GPL? The summary speaks of patches. That means they don't distribute the Linux kernel, which is GPL, but only their own code.

Since they don't distribute the kernel, they don't need a license for it, as there's no copying for which copyright applies. And their own software they can distribute under whatever terms they like.
As long as it's not bundled along with the kernel, they don't even touch the kernel's GPL. It's the customer that patches their code.

And also, since the GPL is not an EULA, their customers are free to do whatever they want. That includes linking the kernel with a GPL incompatible patch, as long as they do not themselves distribute the result. Only distributing it would violate the GPL.

Re:Good example of why to avoid the GPL.

I think it was eminent physicist Sergei Eisenstein that said that.

Re: Good example of why to avoid the GPL.

[Bruce+Perens]

The problem with using the Founder's Copyright is that Public Domain is not more free for the aggregate of all people than the GPL would be. It's just an invitation to integrate the public code into private works without returning anything, while the GPL promotes that more code is shared.

Re: Good example of why to avoid the GPL.

[Entrope]

The GPL does not require any "giving back". It says that if you change the software, and give the changed version to somebody else, you must give them (a) the source code and (b) a GPL-compatible license for the combined/modified software. You could call that obligatory giving forward, but not obligatory giving back.

Do like...

[101percent]

Linux should do like OpenBSD did with pf and just replace it. All this yelling and screaming just turns people away.

Re:Do like...

What yelling and screaming?

And for that matter, what does Linux need to replace in this case?

Re:Do like...

[101percent]

This drama is on every relevant website.

Re:Sounds wrong: do they distribute anything that'

[Bruce+Perens]

They don't have to distribute the kernel to violate the GPL in this case. Copyright also restricts the creation of derivative works. Grsecurity definitely is derivative of the kernel. The GPL would be their only permission to create and distribute a derivative work of the kernel. And one of the terms of the GPL is that you can't add any rules to your derivative that aren't in the GPL itself.

With respect, your understanding of copyright and licensing isn't quite complete. This is not a personal criticism, it's true for most people. But legal theories based on what you know so far might not be correct.

Re:Good example of why to avoid the GPL.

Citations would be really helpful... Otherwise it's a bit worthless, whatever your name is :-)

Good example of why to avoid Tivo.

Open source can be abused as well that's why you all had to come up with a GPLv-(everyone loves us)-3.0.

Re:Good example of why to avoid Tivo.

GPL v3 was needed because v2 lacks a no-revocation clause...

(Copyright is alienable in the same way property is. Licenses are revokable at will by the grantor (barring estopple))

What is Grsecurity?

I scanned the comments looking for some explanation of what Grsecurity is and where it comes from but no luck. With too many Slashdot stories it's like trying to join a conversation half way through. I could go and look it up but thought I'd post this instead.

Re:What is Grsecurity?

[ledow]

There's been a few articles on this already.

It's an external patch-set that adds security features to the Linux kernel.

And now the guy who runs it wants to charge for it, and stop people distributing it, even though it is inherently a GPL-based work.

He's also a pain in the arse, but that's besides the point.

Re:What is Grsecurity?

[Bruce+Perens]

He's also a pain in the arse, but that's besides the point.

You would think. But look at the previous problem children: Larry McVoy did not comport himself very well around the Bitkeeper issue, and the then board of OSI tell me he wasn't too nice around them either. Things might have gone better for him had he behaved differently.

Hans Reiser. Had a reputation for abusing the kernel community before he killed poor Nina. I only talked with her on the phone and had lunch once with him, but I am astonished I don't get bad dreams...

I am sure there are other examples...

Re:What is Grsecurity?

The problem here however is that you have achieved a most effective advertisement for Grsecurity. I have been using Linux since '96 and had never heard of Grsecurity until reading this story. I am unlikely to start using it now, but still...

Re:What is Grsecurity?

GRSec is a set of kernel patches that fixes a lot of flaws that Linus and the Kernel developers are too lazy or too incompetent to fix.

Re:What is Grsecurity?

[drinkypoo]

The problem here however is that you have achieved a most effective advertisement for Grsecurity. I have been using Linux since '96 and had never heard of Grsecurity until reading this story. I am unlikely to start using it now, but still...

I have heard of it, and I took it as a warning. I'm clearly not going to dick with grsecurity now. Is it an advertisement for, or against?

Re:What is Grsecurity?

Hans Reiser. Had a reputation for abusing the kernel community before he killed poor Nina. I only talked with her on the phone and had lunch once with him, but I am astonished I don't get bad dreams...

Why would you? Your interactions put that murder outside of your experience range.

One reason that Holocaust denial is a significant thing is that it's just completely unbelievable and off anybody's experience scope. The armies freeing the concentration camps contained a lot of soldiers who had heard army and newspaper and witness reports and knew what to expect. But they still were not prepared to believe it until seeing it, and a number of them were traumatized then rather than when reading the news.

In a manner, minding the Holocaust is as meaningless as denying it for someone who did not actually experience it. Its lesson, namely whatever atrocities humans are able to commit in an organized manner against humans differing in some identifying trait will eventually be committed unless one actively, constantly and vigilantly educates against the primitive urges of our tribal nature, is a lesson that has enough other examples in history and mass graves and mounds to remain one of the most important things we need to teach our children if we want humanity to survive.

There is a small path between "this must not be" and "this must not have been".

Re: What is Grsecurity?

Wow, and up until this moment I thought you had some class, Bruce. Comparing someone you dislike and have a licensing quarrel with to a convicted murderer? Nice.

Re:Good example of why to avoid the GPL.

[dissy]

If the GPL was really about freedom then it would contain exactly one sentence.
"You are free to do whatever you want with this software. "

Wow, why do you hate freedom so much?

How am I "free" if I, as you claim, am forced to grant permission to others that allows them to assume ownership of everything I make, and at the same time deny me usage and possession of everything I make?

Sounds like forced slavery to me...

Re:Sounds wrong: do they distribute anything that'

Grsecurity is definitely a derived work of the kernel, which I think grsecurity doesn't even doubt. After all, the patches they distribute are licensed under the GPL. They don't prevent you from using your rights under the GPL, they might not want to do further business with you if you do, but you can still use the rights and share the code legally.

To me it seems the legal question is whether or not they are using their influence to, indirectly, add a non-disclosure clause to the GPL. I am not a judge so I cant answer that but it doesn't look that clear cut to me.

Re:Good example of why to avoid the GPL.

https://cdn.someecards.com/someecards/usercards/1349461349639_258855.png

If insanity is doing the same thing over and over again and expecting different results. Then I guess I'll stop cleaning the house.

Re:Good example of why to avoid the GPL.

[Bruce+Perens]

Creator of the Open Source AMBE codec. He doesn't want his name known because he doesn't want to be sued by DVSI.

Re:Good example of why to avoid the GPL.

[Bruce+Perens]

You understand the difference between "me libertarianism" and "us libertarianism". Some of these folks are offended that they aren't allowed to keep slaves.

Re: Good example of why to avoid the GPL.

Original terms in which country? Finland, USA?

AFAIR the USA original term was 14 years, plus the ability to extend for 14, but I could be wrong.

Isn't that the RedHat Enterprise Linux model?

As sort-of blessed by Stallman? Well, at least before they made their peace with CentOs by eating them?

Re: Isn't that the RedHat Enterprise Linux model?

No you can download thier code all you want, that is how centos existed to begin with.

Re: Isn't that the RedHat Enterprise Linux model?

Indeed, but, and this is the important part, you cannot redistribute Redhat as it is as it is commingled with Redhat trademarks. Yes, it is possible to strip them out, but this requires real work (hence CentOS didn't happen without a lot of work and recompilation). They don't have any moral high ground.

Re:Sounds wrong: do they distribute anything that'

[Wrath0fb0b]

Hi Bruce,

Since you say that GRSecurity is 'definitely' a derivative work, and since you know about a million times more than I do, let's accept that claim as a fact for a moment.

GRSecurity is primary distributed as a set of patches which modify the Linux kernel's operation in various ways. The end user takes those patches and combines them with the kernel to achieve the desired (or maybe not, doesn't matter). According to your claim, they are not permitted to do so without license from the original work (the kernel).

The implications of this claim seem to be very broad and, to me, undesirable. It would seem to indicate that people would not be free to build and share aftermarket enhancements for any commercial product that contains a creative element (that is eligible for copyright) without license from the company that produced it.

For instance, Subaru sells a car containing an ECU, and no doubt that Subaru retains copyright in the code that runs in that ECU. Joe and his friends develop a software patch for this ECU in order to improve the characteristics of their automobile or to make it compatible with some other usage or accessory. According to your claim, this is a derivative work (it patches the ECU software, the ECU software is copyright) and so if Joe distributes this patch without license from Subaru, he is liable for infringement.

Or for another example, a company sells an electronic microscope to Janice's school. Janice and her friends patch the software running on the microscope to improve the noise reduction algorithm or increase the maximum frame rate. Janice wishes to distribute this improvement to other students. Again, the same story.

So much then for Janice and Joe's right to tinker with the software running on their devices then.

[ For what it's worth, if I were writing the law instead of describing it, I would avoid this entire mess and make it clear that a patch or modification on an existing work that does not itself any part of the original is not derivative. It's just a set of instructions for how the rightful possessor of the originator work can change it, nothing more. ]

Re:Sounds wrong: do they distribute anything that'

[Bruce+Perens]

This is a very large discussion and I'm not going to put in the hour necessary to explain it fully. One of the relevant cases is Galoob Games v. Nintendo. In that case, the Game Genie made by Galoob, which let you have infinite lifetime and ammo and thus cheat in Nintendo games, was thought to be a derivative work by Nintendo. Galoob won, because the Game Genie connected to a plug and only modified a few memory locations.

Unlike the modularity of the Game Genie and that of some of the other things you mention, Grsecurity does not limit itself to dealing with Linux through its APIs (like the plugs in the Nintendo console and game cartrige). Instead, Grsecurity gets dirty fingers all over the kernel internals. So, it's derivative.

I am very much a supporter of right to repair and to interoperate, and we should discuss that another time.

Re: Good example of why to avoid the GPL.

Do not feed the trolls.

Re:Good example of why to avoid the GPL.

[Megol]

Code have no freedom, nor rights. Information have no desires.

Re: Good example of why to avoid the GPL.

I don't see the problem. If you work with open source because you expect other people to give something back, then you are in it for the wrong (selfish) reasons.

Re: Sounds wrong: do they distribute anything that

[guruevi]

You are more than welcome to make derivatives of the Linux kernel and sell them (see Android). You do however have to comply with the license and thus you should see GPLed release code on sites from Samsung etc (which you often but not always do).

The company is not required to release the code publically either, only their customers can demand the code, however this has to be under the same license (thus you cannot do like Amlogic does and claim NDA for the Linux kernel)

Re: Good example of why to avoid the GPL.

[Zero__Kelvin]

Likewise, laws against murder are the worst! Sure, they protect me, at least as much as any law can, but they don't allow me to murder whomever I want! This is why laws against murder are horrible and have to go!

Re:Good example of why to avoid the GPL.

[Megol]

I understand the GPL is "word libertarianism" a.k.a "just do as I say libertarianism" a.k.a. not libertarianism at all. Many (not most) GPL adherents see it as an inspired text with religious meaning and try to redefine common terms. No you people don't get to change the meaning of freedom and you don't get to define what people should want.

The GPL have an important place among other software licenses. It however do allow people to keep the metaphorical slaves as long as they swear to uphold the holy GPL. Most other licenses accept that it isn't about the holy idea but about allowing others to modify, study and distribute creations with the question of (still metaphorical) slaves being controlled by other, separate, rules.

All kernel work should be GPL

All kernel work should be GPL. It's time that Linus steps up his act. Because of his stance that it's ok for GPU vendors are ok to make non-GPL licensed kernel modules, we get into this shit. And while that position was defendable in the '90s when Linux was new, now it isn't.

It's because of this that Android phones are stuck at whatever kernel version the proprietary drivers enforce. E-waste galore...

GRSec might be flawed, but it cannot be considered more absurd than the original MySQL license, nor morally worse than proprietary kernel drivers.

Linus, wake up and create a timeline for proprietary drivers to phase out!

Re: Good example of why to avoid the GPL.

Ok, like 3 people use BSD for security roles.

Re: Good example of why to avoid the GPL.

[Gr8Apes]

The problem with using the Founder's Copyright is that Public Domain is not more free for the aggregate of all people than the GPL would be. It's just an invitation to integrate the public code into private works without returning anything, while the GPL promotes that more code is shared.

Well, that depends upon whether you want freedom or a set of rules. I respect your opinion on most things, but in this case you cannot make the case that GPL is about freedom, because its not. It's about controlling those who use it while giving them great latitude in one way, but constraining them greatly in others. The closest thing to freedom regarding copyright and code are licenses such as MIT, BSD, and the Apache 2 licenses, and even those have clauses constraining use. They're just a lot less restraining than the GPL (2 or 3).

Re: Good example of why to avoid the GPL.

[Gr8Apes]

I'd call it relinquishing control of your software. We don't touch GPL source or libraries anywhere I have worked precisely because of this show-stopping feature of GPL.

Re:Good example of why to avoid the GPL.

Anybody who cleans their house and expects it to never get dirty again is simply a retard. It's not the act of doing the same thing over and over again that makes someone crazy, it's the expectation that the outcome will change.

Talk about not getting the point. An idiot must have created that image.

And this is why...

Linux will never takeover the desktop. You spend more time on pedantic licensing arguments than MAKING SHIT WORK BETTER!

Re:And this is why...

[marcle]

Sadly, it's not just the open source community, it's the whole damn industry...

Re:And this is why...

[Bruce+Perens]

Sometimes it seems that people are accusing me of inventing intellectual property. It is the proprietary industry that created this mess. I just try to promote a sane corner where we can get away from them.

Re:Good example of why to avoid the GPL.

Humans can keep these arguments going for literally thousands of years, I wouldn't expect to hear the end of it any time soon.

Re: Sounds wrong: do they distribute anything that

[Bruce+Perens]

My contention is that the current state with Grsecurity is like releasing it under NDA. I just wanted to make sure you understood that part.

Re:Good example of why to avoid the GPL.

Bruce Perens played Mr. Lippman on Seinfeld

Re:Good example of why to avoid the GPL.

[dissy]

It however do allow people to keep the metaphorical slaves as long as they swear to uphold the holy GPL.

No one is forcing the GPL on anyone.
Absolutely no one is forced to take GPL code and do anything with it. Not a single person.

Slaves do not by definition have the choice to not be a slave.

If you don't want to "uphold the holy GPL" as you call it, you are perfectly free to get code in any one of many other ways.
You can find code licensed in some other way.
You can learn to code and write your own.
You can pay someone to write it for you and give you copyright ownership, after which you can license it in anyway you please, including not licencing it at all.

You are the one redefining "freedom", "slaves", and "forced" here.

It just doesn't matter ..at all.

It is a perfectly viable business model: they are not licensing the linux kernel, they are only licensing patches, and possibly some technical support. You don't get any right besides using the patches, whatever you do internally with the linux kernel and the patches is your own thing. If you distribute the kernel, you may have to make the patches available but that is a liability a liability for using linux anyways. Do they care about the community? NO, they are not forced by license to do it.

Don't like it? sue them. VMware got away with much more, so it is pretty likely a waste of time.

Uhhhhhhh

My company has purchased grsecurity patches in a fashion where it's possible for someone to buy a product and request source from us under the GPL. We have been told explicitly by OSS that we are to provide source and honor the GPL. There have been no caveats or asterisks associated with it either, it is very straightforward.

Are people just making this shit up for fun or something? What gives?

Re:Uhhhhhhh

[Bruce+Perens]

No, nobody is making it up. What has your interaction been with them since April?

Re:Uhhhhhhh

This was expressly and explicitly communicated to us in an email specifically describing the April change in licensing.

Re:Uhhhhhhh

[Bruce+Perens]

Could you email that to bruce at perens dot com, please?

Re:Uhhhhhhh

[sexconker]

Will you sign an NDA first?

Re:Uhhhhhhh

From GRSecurity's "Stable Patch Agreement":

"Notwithstanding these rights and obligations, the User acknowledges that redistribution of the provided stable patches or changelogs outside of the explicit obligations under the GPL to User's customers will result in termination of access to future updates of grsecurity stable patches and changelogs."

IE: If you choose to redistribute, other than in the case of a demand made by a user, retaliation will occur.

Re:Uhhhhhhh

[Bruce+Perens]

I got a copy of the agreement. It's here. It's pretty clearly in violation. The offending language is:

Notwithstanding these rights and obligations, the User acknowledges that redistribution of the provided stable patches or changelogs outside of the explicit obligations under the GPL to User's customers will result in termination of access to future updates of grsecurity stable patches and changelogs.

The entire point of the langauge in section 6 of the GPL is so that another party can not cause you to negotiate away your GPL rights.

Re: Uhhhhhhh

Access to future updates is not a GPL right?

Re:Good example of why to avoid the GPL.

[duke_cheetah2003]

You can learn to code and write your own.
You can pay someone to write it for you and give you copyright ownership, after which you can license it in anyway you please, including not licencing it at all.

Not so sure these are entirely viable in every situation. One can easily run afoul of patents when writing your own code. Additionally, if your code looks and/or acts like someone elses code, you can easily be accused of stealing it by entities protecting whatever it is you seemed to have re-invented.

While programming and coding should be fairly free and loose with regards to the above concerns, it is not. Not in this reality. Tread carefully.

Re:Good example of why to avoid the GPL.

[duke_cheetah2003]

As an addendum to the above, I just wanted to point out, the above scenarios won't activate until you start making money with your work. You'll be absolutely amazed how much crazy will come out of the woodwork, then claim patents, theft and/or any other sort of misrepresentation in order to grab a slice of your pie.

Again, tread carefully.

Re:Good example of why to avoid the GPL.

[dissy]

I don't think I understand what you are meaning to say.

Yes, those are valid concerns when writing your own code and hiring someone to write code for you...

But compared to the other options listed (using code under another license, and using GPL code while agreeing to the GPL), plus the option the parent poster said was preferable, namely using GPL code while violating copyright laws in doing so, I'm fairly certain all of those have the same patent risk just the same.

Even purchasing a license to commercial closed code isn't free of those risks.
Although if the commercial entity you purchase the code from is also the patent holder for the process it works by, your risk is greatly reduced at least so far as being sued for a patent violation.

As for the problem of "being accused of a crime you didn't commit", at least in the US, this is a risk everyone is exposed to no matter what they do in life.
Unfortunately that can happen if you stay in bed sleeping for 23 hours a day, if you happen to piss off the wrong person in you one waking hour.

As a warning to people, fair enough.
I just don't see what any of those have to do with the "need" to violate copyright laws like the parent was saying is the best option regarding copyright licenses.

Re:Good example of why to avoid the GPL.

Libertoon ... grok GPL ... because you took, now you must give! A just king would also assert such a social structure. Contra ... if you never took then you need never give. Of-course a strong productive man naturally gives and rarely becomes weaker for it.

Re:Good example of why to avoid the GPL.

It's true, I verified it. Mod parent up.

Re:Good example of why to avoid the GPL.

[hord]

My software is released under this license: "This software is information. It is subject only to local laws of physics." Basically just obey the laws of physics. Like a good lump of matter.

Re: CNN is FAKE NEWS

Have you stopped fellating your neighbor's dog yet?

Re: Good example of why to avoid the GPL.

"Linux sucks my cock"

--Hillary Clinton

Re:Good example of why to avoid the GPL.

Except in this case you mean.

Re: Good example of why to avoid the GPL.

[drinkypoo]

I'd call it relinquishing control of your software.

That's exactly what it is. Some people find that letting go results in a better deal. Some don't.

Re: Good example of why to avoid the GPL.

>> I'd call it relinquishing control of your software.
> That's exactly what it is.

Not quite, because if you make a derivative work, it's not really "yours" under copyright law. GPL has nothing to do with this fact.

Re:Good example of why to avoid the GPL.

The growth in use of permissive licenses (particularly if you look at github) over restrictive ones is a demonstration of pragmatism and the idea that not everything must be free and we can have non-free and free components working together and cooperating rather than focussing on a pure free software ideology.

Even the most prominent FSF project, GNU, has made sacrifices of freedom in service of being pragmatic: Specifically the endorsement of the Linux kernel despite the lack of copyright assignment, the elimination of the 'or later versions' clause and the preamble permitting syscalls from GPL-incompatible software.

Many businesses spend millions or even billions on R&D so often do not want the results of that to be just a charity offering (particularly to their competitors) and the complexity of the legal system and interpretations of the license mean it is much easier to use permissive licenses to be able to make contributions to the open source community than having to consider the ways in which the GPL might be interpreted in the context of how code is integrated. It's easy to provide your own black-and-white definition of what you think it means but we all know the legal system is shades of gray.

Re:Good example of why to avoid the GPL.

"take away" in the same idiotic brain-dead sense of the RIAA/MPAA's "copyright violation is theft" argument.

Re:Good example of why to avoid the GPL.

How am I "free" if I, as you claim, am forced to grant permission to others that allows them to assume ownership of everything I make, and at the same time deny me usage and possession of everything I make?

Sounds like forced slavery to me...

No. If you want to release truly free code then release it to the public domain where nobody has ownership of it and nobody needs to be granted permission to do anything with it.

Re:Good example of why to avoid the GPL.

Unless of course the goal is to keep the software open/modifiable by all while disallowing poaching by closed source developers. This frees the project from parasitic closed developers. They'll have to write their own code if they want to keep it closed.

Then perhaps free software developers should write their own kernel with a license that disallows those "parasitic closed developers" from deploying software on it. But they won't because they need closed source software in fact the GNU project would have been an utter failure if it weren't for the preamble in the Linux kernel license that exempts software making kernel syscalls from being infected with the GPL license terms.

Collaboration and cooperation regardless of ideology is essential, you just seem incredibly ignorant of the fact that the free software movement would be completely defunct if it weren't for the ability of closed and open source developers to collaborate on the GNU/Linux platform.

Re: Good example of why to avoid the GPL.

No, you misunderstood the case here. GPL should be keeping it open source, but company is trying to restrict that, which is contrary to the license.

Re:Good example of why to avoid the GPL.

[epyT-R]

Then perhaps free software developers should write their own kernel with a license that disallows those "parasitic closed developers" from deploying software on it.

If, as you say, they need closed developers, why should they do that?

But they won't because they need closed source software in fact the GNU project would have been an utter failure if it weren't for the preamble in the Linux kernel license that exempts software making kernel syscalls from being infected with the GPL license terms.

I suspect the MODULE_LICENSE() macro acts as the barrier between what they consider GPL kernel internals and 'boilerplate' code. GPL (and GPL/MIT hybrid) licensed code gets full access while others do not. It's not hard to write closed drivers for linux if you want to, but you'll be limited to what you can touch. You need not worry about 'infection' from GPL code just as the kernel devs don't need to worry about 'infections' from closed blobs. Just remember that nonfree modules 'taint' the kernel, so if your users have crashes, the devs will not support them nor accept bug reports. Seems fair to me as you cannot expect them to support software they don't have the source for.

you just seem incredibly ignorant of the fact that the free software movement would be completely defunct if it weren't for the ability of closed and open source developers to collaborate on the GNU/Linux platform.

What are you babbling about? All three licenses allow such collaboration. Obviously, the industry chose to involve itself with linux or, like you said, it would not be where it is today.

Re: Good example of why to avoid the GPL.

Cuck, all I'm saying. Don't like it? Use OpenSolaris. Enjoy that CDDL and no market.

Re:Good example of why to avoid the GPL.

This is why some projects have a dual GPL / Commercial licence...

Anyone is free to use it under the GPL terms, but if you want to embed it in some proprietary software without giving anything back you will need to pay for the commercial licence..

Is it so hard to understand that some developers don't want their code to modified and locked down by some private company that will then make money off it, without them giving anything back...

Re: Good example of why to avoid the GPL.

[someone1234]

In other words, you expect stuff for free but you don't want to give the same to others.

Re:Good example of why to avoid the GPL.

Who cares what other people do with it? I dont doubt there are people that are worried that other people might make money of free software but thankfully, if you take a look at github, that attitude is waning as more projects favour permissive licenses over restrictive ones.

Not everything has to be open source/free software so there is huge benefit in releasing bits of projects as open source to be collaboratively improved and used in both free and non-free software, just as free software has done pretty much since its inception. In fact without non-free software the free software movement would have gotten nowhere, GNU/Linux would barely run on any hardware at all.

Re: Good example of why to avoid the GPL.

Awesome - and now you're at a big competitive disadvantage. =) I license all the free software I produce under GPL or AGPL, just to fuck over stooges like you.

Re: Good example of why to avoid the GPL.

GPL is communism, not libertarianism. That's why it actually benefits the world. Duhhhhhh.

Re:Good example of why to avoid the GPL.

Pfff, everybody knows this is from Justin Bieber. Who's this Frankling guy, anyway?

Re:Good example of why to avoid the GPL.

Tell him to stop bitching.

Re:Good example of why to avoid the GPL.

But his name if next to yours on the Wikipedia page....and even in your Blog from March 2010.

I respect you not wanting to call out names to protect a point you're trying to make, but a better excuse next time might be in order. ;-)

Re:Good example of why to avoid the GPL.

[sexconker]

If you want the code to be free, then release it freely. Code under the GPL is NOT free. It is encumbered.

Re:Good example of why to avoid the GPL.

Let me know when inanimate code takessomeone to court. And how could code have freedom like you imply, who are you to impose a license on it?

Re:Good example of why to avoid the GPL.

[TheRaven64]

The growth in use of permissive licenses (particularly if you look at github) over restrictive ones is a demonstration of pragmatism and the idea that not everything must be free and we can have non-free and free components working together and cooperating rather than focussing on a pure free software ideology.

I wouldn't necessarily even go that far. I am entirely in favour of a world in which all software comes with the FSF's four freedoms. The reason I release code under FreeBSD / MIT licenses is that this seems like a path that has an actual transition plan. If there's a BSDL project available that does 90% of what you need, then you can adopt it and add the remaining 10% without needing to change your business model. Most of the time, it's then cheaper to release the code. If it doesn't give you a competitive advantage, then upstreaming your changes means that your maintenance costs go down (and, often, other people will fix your bugs, in exchange for being able to use your new features).

If there's only a GPL'd project available, then I've worked with a lot of companies that aren't 100% sure that they will never want to do anything that the GPL prohibits and so will instead write a proprietary version (if you're lucky, you can persuade them to write a permissively licensed version). The GPL'd project doesn't ever enter the company (particularly with GPLv3, where anyone who owns patents gets very nervous) and so they never see the benefits of Free Software. It doesn't provide them with a transition path.

This transition path is particularly important because around 90% of all software developers are employed by companies that are not primarily computer companies. They are developing software for in-house use and so implicitly have all of the four freedoms (because they own the copyright), but don't contribute anything to the wider ecosystem (other than money to Microsoft, Oracle, SAP, and so on). Getting them to start using, contributing to, and then preferring open source solutions can unlock a lot of developer resources.

Re: Good example of why to avoid the GPL.

[orlanz]

You are a bloody idiot who can't parse sentences. Finish 3rd grade first please.

Additional terms between GRSecurity and Distrib

From GRSecurity's "Stable Patch Agreement":

"Notwithstanding these rights and obligations, the User acknowledges that redistribution of the provided stable patches or changelogs outside of the explicit obligations under the GPL to User's customers will result in termination of access to future updates of grsecurity stable patches and changelogs."

IE: If you choose to redistribute, other than in the case of a demand made by a user, retaliation will occur

But is there a merit to the claim of Bruce Perens?

I think that above the bullshit there is actual legal issue here.
If i took GPLed code, made some changes and produced a patch, which is a list of instructions on how to replay my modifications on the original source to get to the same result I did. The original code is GPL so is the resulting code after applying the patches.
But is the patch itself under GPL? Are instructions on changing a GPLed software not a separately copyright-able content?

So what grsecurity do is sell patches. They technically do not distribute a piece of or a whole GPLed software. They can claim full rights over those patches.
Are the patches a derivative work of the kernel? They may be considered "Based on the Program" but "Based on.." defined as a modified copy of the Program. And patches are nothing more then modification instructions.
Legally grsecurity can't prevent their customers from distributing the GPLed result of applications of their patches.
What they can is ask nicely for their customers not to do it and be angry if their customers will distribute the patched version.
What they can't do is sue anyone over copyright violation. Because the customer did not distribute grsecurity patch but the modified kernel itself.

Re:Good example of why to avoid the GPL.

[cas2000]

If there's only a GPL'd project available, then I've worked with a lot of companies that aren't 100% sure that they will never want to do anything that the GPL prohibits and so will instead write a proprietary version

Good. The GPL is working as designed.

You do realise that that's a feature, not a bug, don't you? It's an anti-leeching provision. They should not be benefiting from the work of GPL developers if they're unwilling to abide by the terms.

In that case. they should be writing their own or paying for a proprietary product. Exactly the same as if they don't want to pay the license fee and/or royalties for a commercial product, they have to write their own or get what they need from someone else (incl. of course, GPL software).

This transition path is particularly important because around 90% of all software developers are employed by companies that are not primarily computer companies. They are developing software for in-house use and so implicitly have all of the four freedoms (because they own the copyright)

these companies are exactly the ones who benefit most from copyleft software. They're not making money from the software, so there's no financial incentive to avoid copyleft. In fact, there's a huge incentive to use copyleft code because they can co-operate in improving the code and gain the benefit of sharing the dev workload with similar companies and enthusiastic individuals.

copyleft is better for their needs because they don't have to worry about free-loaders or anyone else taking their contributions and embedding them in proprietary/commercial software.

And many/most of them don't distribute even binaries of their code (and certainly not binaries of any proprietary business-logic or other code), it's all in-house use, so they don't even have to distribute their changes if they don't want to.

BSD-style licenses are only good for two kinds of developers:

1. Gigantic software & hardware corporations who want to profit from open code without incurring any obligation to contribute back (i.e. parasites who sometimes manage a decent emulation of a symbiote). This is where the huge push towards non-copyleft licensing is coming from.

It's even better than exploiting interns, and the unpaid programmers provide their own desks and computers.

2. Developers who really don't give a fuck about what is done with their code when they release it (a much smaller group than you appear to imagine).

Everyone else is better off with copyleft.

Re: Good example of why to avoid the GPL.

[cas2000]

1. who the fuck are you to decide what are the "wrong" reasons?

2. I don't particularly care if users give something back or not. I do, however, care a great deal about parasites trying to steal my code into their proprietary shitware. THAT is why whatever I write is GPL, and also why I almost never contribute to non-copyleft projects.

The GPL has one of the license features I care most about: ONCE FREE, ALWAYS FREE.

Re: Good example of why to avoid the GPL.

[cas2000]

[...]but in this case you cannot make the case that GPL is about freedom, because its not. It's about controlling those who use it[...]

I'm so sick of seeing this bullshit.

The ONLY (alleged) "freedom" that the GPL restricts is the "freedom" to fuck over downstream users and take away the rights granted to them by the upstream authors and all contributors.

Only psychopaths, wannabe-psychopaths, and psychopath-sympathisers think that that's a "freedom" worth supporting.

Re:Good example of why to avoid the GPL.

[Megol]

It however do allow people to keep the metaphorical slaves as long as they swear to uphold the holy GPL.

No one is forcing the GPL on anyone.
Absolutely no one is forced to take GPL code and do anything with it. Not a single person.

Slaves do not by definition have the choice to not be a slave.

If you don't want to "uphold the holy GPL" as you call it, you are perfectly free to get code in any one of many other ways.
You can find code licensed in some other way.
You can learn to code and write your own.
You can pay someone to write it for you and give you copyright ownership, after which you can license it in anyway you please, including not licencing it at all.

You are the one redefining "freedom", "slaves", and "forced" here.

I am? First of all I don't remember writing anything about someone forcing someone other, let's see... No, I didn't define nor use the word "forced". That's an indication that you maybe should re-read my post. I don't define slaves (just continued the _bad_ analogy used in the post I replied to) and I don't define free - as that definition is well known and can be looked up if needed. So no, I do not redefine anything.

The GPL people like to pretend their idea of freedom under certain conditions (that actually reduces freedoms) is the "true" definition of Freedom. That's bogus. Real freedom is to be able to do what one want. GPL hinders some of those wants of certain people/organizations/corporations. That's fine by me, as I think the GPL is a good license for _some_ things but limits freedoms too much for most things. But I'll not let people pretend removing freedoms makes something more free - they could argue that those limitations on freedom is better (which I generally don't agree with (but see above)) but outright lying is bullshit.

To answer your first paragraph last: I never claimed or hinted anyone is forced to use the GPL or even (if they choose to use the GPL) to follow the semi-religious ideas of the FSF. So why do you like to pretend I did? I didn't use the word forced/force at all nor anything that could be constructed as being forced to do something.

Perens...

Bruce has an annoying habit of reading legal documents to say what he wants them to say instead of what they actually say.

Call me when ESR or RMS chimes in.

Re:Perens...

Bruce Perens is correct.

Random programmers and lay people have an annoying habit of reading legal documents and ignoring completely the legal framework on which they hang, then getting red in the face arguing with legal technicians and lawyers that the law doesn't matter, only their own interpretation of the small one page legal document in-front of them matters and that they can write a codicil on a napkin and circumvent it anyway when they are not the original grantor to begin with and the license states NO ADDITIONAL TERMS between grantee and further distributee.

Yes IAAL.

Re:Perens...

Has "derivative work" ever been defined in a legal sense?

A list of changes to something isn't the same thing as a changed copy of that thing.

If they were distributing patched copies of the kernel source, he'd be unequivocally correct. That's not what they're doing.

Re:Perens...

[mfnickster]

> Has "derivative work" ever been defined in a legal sense?

https://www.law.cornell.edu/uscode/text/17/101

Re:Perens...

Thank you.

It looks like you're right.

But fuck Bruce Perens anyway.

Re: Good example of why to avoid the GPL.

WINE comes to mind.

Re: Good example of why to avoid the GPL.

[Gr8Apes]

I'm so sick of seeing this bullshit.

The ONLY (alleged) "freedom" that the GPL restricts is the "freedom" to fuck over downstream users and take away the rights granted to them by the upstream authors and all contributors.

Only psychopaths, wannabe-psychopaths, and psychopath-sympathisers think that that's a "freedom" worth supporting.

Chip on your shoulder much? I cannot extend GPL code in any meaningful way and resell it and keep my IP private. I can extend it and use it internally, so a services based function is perfectly fine. But as soon as I want to sell a license to the code or supply an appliance, I must also legally give a copy of my source. So, the answer is to not extend GPL code in my IP and keep my IP mine.

Should I hoist a bucket of water from the well, should I then give that water to everyone that wants some? After all, they all the ability to hoist (extend code) themselves, right?

Re: Good example of why to avoid the GPL.

[Gr8Apes]

I've contributed back to several projects so that's untrue. Just not the core IP of my work. I have no issue contributing fixes, I do have issues with my core work being legally opened up to the world because I use 1 API call in a library under that wondrous entity known as the GPL v3, especially that one clause that can be added that slips my mind at the moment.

Re: Good example of why to avoid the GPL.

> I cannot extend GPL code in any meaningful way and resell it and keep my IP private.

Just another way of saying "fuck over downstream users and take away the rights granted to them by the upstream authors and all contributors."

Re: Good example of why to avoid the GPL.

That's just good internet citizenry though - there's already far too much Windows in the world already.

Re: Good example of why to avoid the GPL.

[cas2000]

> But as soon as I want to sell a license to the code or supply an appliance, I must also legally give a copy of my source.

YES. THAT'S THE FUCKING POINT OF THE GPL.

> So, the answer is to not extend GPL code in my IP and keep my IP mine.

1. "IP" aka "Intellectual Property" is a meaningless bullshit propaganda term.

2. Again, that's the fucking point of the GPL. If you're not willing to abide by the terms, you don't get to fucking benefit from the code.

Write your own fucking code from scratch, or buy it, or do whatever the fuck you want that doesn't involve you parasitising other people's work, other people's contribution to the common good, for your own private fucking profit.

> Should I hoist a bucket of water from the well, should I then give that water to everyone that wants some? After all, they all the ability to hoist (extend code) themselves, right?

right, you're just another libertarian psychopath. why am i not surprised.

Perception of the GPL

[Bruce+Perens]

If you wanted to stoke the perception that GPLed code is "toxic" in yet another unhelpful and nebulous way, you couldn't have picked a better way...

Actually, all I see so far is that an intentional GPL violator's customers are not protected from that intentional violation. It's not at all clear that this is in any way different from the proprietary software licensing world, where a contributory infringement case brought on the customer rather than the vendor is a frequent strategy.

I check out the software licenses that are offered to my customers. Sometimes I red-light a proprietary software vendor because I don't believe they have the right to offer their own software. This is often obvious from their licensing. Similarly, a company should not accept a commercial issue of a GPL work if it's not sure the vendor has a right to offer the work.

I am sorry that due diligence is required, but of course the Free Software folks didn't invent this intellectual property mess.

Re: Good example of why to avoid the GPL.

[Gr8Apes]

> I cannot extend GPL code in any meaningful way and resell it and keep my IP private.

Just another way of saying "fuck over downstream users and take away the rights granted to them by the upstream authors and all contributors."

You'll note that avoid this, because I respect the legal aspects of the GPL:

So, the answer is to not extend GPL code in my IP and keep my IP mine.

Re: Good example of why to avoid the GPL.

[Gr8Apes]

> But as soon as I want to sell a license to the code or supply an appliance, I must also legally give a copy of my source.

YES. THAT'S THE FUCKING POINT OF THE GPL.

Translation: I don't have a leg to stand on but I'm really angry and you should just accept my assertion, because it's profane and CAPITALIZED!!!!

> So, the answer is to not extend GPL code in my IP and keep my IP mine.

1. "IP" aka "Intellectual Property" is a meaningless bullshit propaganda term.

How about I keep my work mine and sell it based on my terms. Would that work for you, since you seem to have trouble with the semantics of the GPL and IP as it translates to work?

2. Again, that's the fucking point of the GPL. If you're not willing to abide by the terms, you don't get to fucking benefit from the code.

Translation: Here I fail again to understand your post, but I'm still angry, and profanity always adds extra weight to my points.

Write your own fucking code from scratch, or buy it, or do whatever the fuck you want that doesn't involve you parasitising other people's work, other people's contribution to the common good, for your own private fucking profit.

Once your frothing stage has subsided and you've actually comprehended what was written in the GP, you'll note that's exactly what I said, and that your apparent psychotic OCD need to vomit verbal diarrhea against anything perceived as negatively impacting the GPL only reiterates exactly what I posted.

> Should I hoist a bucket of water from the well, should I then give that water to everyone that wants some? After all, they all the ability to hoist (extend code) themselves, right?

right, you're just another libertarian psychopath. why am i not surprised.

The only one showing psychopathic tendencies is you. This analogy was merely to clarify that if I did the work, I shouldn't be forced to give it away. Now, should I choose to haul a second bucket and pass it around, great, and I very well might (and in reality I have).

Re: Good example of why to avoid the GPL.

[Gr8Apes]

Is it a derivative work if you write 100K LOCs and 1 rarely used method in an odd library calls a GPL'd method?

Just another attempt...

[martinfb]

Just another attempt to steal income from unsuspecting open source users.

Capitalism at it's WORST!

Re: Good example of why to avoid the GPL.

> Is it a derivative work if you write 100K LOCs and 1 rarely used method in an odd library calls a GPL'd method?

Irrelevant how much you write or how you interface, according to FSF - what matters is whether the combined code makes a "single program."

Re: Good example of why to avoid the GPL.

1. I didn't decide it, the open source community decided it years before you were born, junior. If you don't like it, then don't release anything under an open source license. In addition I am infinitely more important than a petulant, entitled little kid like you.

2. I don't particularly give a shit what you care about. Don't like it, then don't participate in the open source community. It's ridiculous that you fail to comprehend something so simple.

The GPL isn't free, it's restrictive. The BSD license much better reflects the ethic, selflessness and purpose of open source.

Re: Good example of why to avoid the GPL.

Cry moar.

BSD doesn't restrict anything and software licensed under it remains available to all. The GPL is the whining bitch version of an open source license for people who don't get what open source is about.

Re: Good example of why to avoid the GPL.

It`s not "your" software, that's your first misunderstanding

Re: Sounds wrong: do they distribute anything that

[guruevi]

Yes I do, many companies try to do this though and I'm not sure Linus has ever actively tried to stop them. Samsung, Amlogic, HP, Netgear, Minix have all done it some time in the past or are still actively refusing to release Linux source code they have modified or require some form of NDA before they will give it to you, companies in China are even worse than companies in the US.

I've contacted the FSF about it prior and they seem unwilling to pursue the case unless portions of GNU software are included in the distribution which makes it a bit of a chicken and egg problem, they won't give me the source and the binaries don't contain comments/licenses so it's unclear as to whom they are actually infringing against and FSF won't pursue it unless you can prove the source code contains GNU licensed material.

Given Linus is also more of a technical rather than legal mind, I doubt the GPLv2 on the Kernel is even enforceable at this point unless individual coders want to pursue cases against their more recent contributions.

Re: Good example of why to avoid the GPL.

[Gr8Apes]

What *I* write is absolutely *my* software. I like to keep it that way for certain things I write, so I avoid anything GPL'd.

Re: Good example of why to avoid the GPL.

[Gr8Apes]

And people like me will never see nor use your software, and be at a competitive advantage by writing only what we need, and not the kitchen sink approach you likely used.

Re: Good example of why to avoid the GPL.

[Gr8Apes]

> Is it a derivative work if you write 100K LOCs and 1 rarely used method in an odd library calls a GPL'd method?

Irrelevant how much you write or how you interface, according to FSF - what matters is whether the combined code makes a "single program."

Exactly, why risk someone *stealing* your code because you mistakenly or erroneously somehow linked to a single API call? Which is why we avoid GPL code like the plague it is. And yes, someone taking something from you because you linked to a library that links to a library that links to a library that calls a piece of GPL code is why you should always fully audit your entire library dependency tree and strictly control it. It's also why the maven repo system sucks more than a little bit, because it doesn't really help you with this situation much at all. Gradle is no better in this regard, btw.

Re: Good example of why to avoid the GPL.

Just another way of saying "fuck over downstream users and take away the rights granted to them by the upstream authors and all contributors."

How does that fuck over anyone? If I take a copy of code and close it off, how does that erase all other copies of that code in the world? How does that magically make it so other users can't download the exact same code that I downloaded in the first place?

You are a fucking moron and GPL is for lazy cocksuckers who want to begin a stub project, but expect everyone else to finish and perfect it.

Re:Good example of why to avoid the GPL.

BSD is better. Give if you want. Take if you want. Do whatever you want.

Re:Good example of why to avoid the GPL.

[Scarletdown]

"Pull my finger!"

-- The idiot sitting in the control center next to the guy who pushed the button to do the Trinity test.

Re:Good example of why to avoid the GPL.

2. Developers who really don't give a fuck about what is done with their code when they release it (a much smaller group than you appear to imagine).

And that itself is a much bigger group than copyleft advocates. Even Linux, the darling of the open source world, is not driven by free software ideals. Sure it may be a modified GPLv2 (with a preamble to override the free software nonsense that would otherwise prohibit non-free software and code from using it) but it certainly isn't Affero GPL or GPLv3 and its leader sees Tivoization as a *good* thing and that moving to a more restrictive license (GPLv3 or AGPL) would be a *bad* thing.

The best thing about copyleft is how it is adapted to be used by the kernel, it largely prevents the rampant NIH syndrome in the FOSS community from creating a fragmented mess like we see with Linux distributions in general.

Re:Good example of why to avoid the GPL.

Then perhaps free software developers should write their own kernel with a license that disallows those "parasitic closed developers" from deploying software on it.

If, as you say, they need closed developers, why should they do that?

Well if they don't want "parasitic closed developers" then kick them out, but the fact is the Linux community are just as "parasitic" and are dependent on closed source developers to remain viable, that cooperation is important for both camps, you don't seem to understand this. Collaboration is a good thing and thankfully Linus chose to include overriding license preamble that allowed this rather than the GPLv2 which would have prevented this.

You need not worry about 'infection' from GPL code just as the kernel devs don't need to worry about 'infections' from closed blobs.

Right because the kernel is not GPLv2, if it were then programs/modules that make syscalls would constitute a derived work and would therefore be subject to the terms of the GPLv2, that is why the license preamble is necessary.

What are you babbling about? All three licenses allow such collaboration. Obviously, the industry chose to involve itself with linux or, like you said, it would not be where it is today.

Wrong, that is the whole point of the license preamble. You have actually read it right? You understand the difference between the kernel license and the GPLv2 don't you? Because it appears you do not.

Re: Good example of why to avoid the GPL.

Because GPL covers derivative works, dipshit.

The idea is to give everyone the benefit of not only the original work, but additional works built on that original work.

Just because you disagree with that philosophy doesn't mean it's stupid or wrong or communist.

Your problem is you think you have a right to use other people's code on your own terms. You don't.

Re: Good example of why to avoid the GPL.

> Exactly, why risk someone *stealing* your code

You can't steal what is freely given. GPL is about SHARING your code.

Look, it's real simple-- if you don't intend to share your code, don't use someone else's GPL'd code in your project. Nobody is forcing you.

Re: Good example of why to avoid the GPL.

Of course none of the people who make this comment ever acknowledge for one minute that there wouldn't be any of "your code" to be forced to release unless you started with someone else's code in the first place. Yes, it is certainly your choice not to use any GPL code, and write all your own under whatever license you want. But it is silly to say that if you modify someone else's code, the only consideration is "your code".

Re:Good example of why to avoid the GPL.

OK, how about "You are free to use my land for picnics as long as you pick up your trash, and don't camp overnight.".

Wah Wah Wah - They are forcing me to pick up trash on their land, and not allowing homeless people a place to live! Wah Wah.

Re: Good example of why to avoid the GPL.

Then you do not understand the licenses and impoverish your employers due to your ignorance.

Re: Good example of why to avoid the GPL.

[cas2000]

you're a fucking moron who doesn't understand the GPL and whines about the fact that it does exactly what it intends to do.

Re:Good example of why to avoid the GPL.

[dissy]

You are absolutely correct, you were not one of the people using the term "forced" nor redefining it.
I apologize for my mistake.

But you still keep referring to the GPL removing freedoms.
You are aware that it is copyright law that removes your freedom to, as you say, to be able to do what one wants.

The GPL, like most licenses, actually *counters* the removal of rights that copyright law forces on you.

As you say, it may not grant you all the rights you wish to have, but not giving you something is quite different from taking something you do have away.
Copyright law takes nearly everything away, and the license gives it back to you.

Re: Good example of why to avoid the GPL.

Maybe that library's author didn't want you to be able to make that call without paying him or opening your code.

Maybe if you have 100kloc you can write your own version of whatever else isn't already clearly part of the platform.

Re:Sounds wrong: do they distribute anything that'

[Wrath0fb0b]

How in the world can there be a right to repair/improve when anything that modifies the internals of a copyrighted work is a derivative work?

For instance, a modification to a car ECU would not "deal with it through its APIs" (there aren't any API, it's not meant to be accessed by developers!) and would "get its dirty fingers over the ECU internals" (since there is surely no nice external interface to modify the behavior). So there goes the right in that respect.

Similarly for any attempt to improve nearly any non-extensible closed system. In fact, now that I think about it, this means there is a very high incentive for a company that wishes to lock tinkerers out to design things to be as closed and rigid as possible. The lack of configurability will means that anyone wishing to tinker will need to 'modify the internals' and the closed nature of the system means there will no API to deal with. Both of those factors will increase the chance that any aftermarket modification is a derivative work and thus empower the company to bar its distribution without license.

It would be very unfortunate if our system incentivized this sort of engineering by conferring additional rights based on engineering details about API and configurability.

Re:Good example of why to avoid the GPL.

The freedom to sell the works of others for personal gain is not a freedom worth protecting, in my eyes. The profit motive corrupts everything it touches. The GPL actively prevents that, and grants freedoms to the USER, not the developer.

If you care more about developer freedoms (specifically to pull a bait-n-switch as grsec and others have), then you deserve the dumpster fire that results from such behavior.

Re:Good example of why to avoid the GPL.

The freedom to sell the works of others for personal gain is not a freedom worth protecting ...
The GPL actively prevents that

How so? The GPL deliberately and explicitly allows you to sell any GPL'd work for personal gain.

Re: Good example of why to avoid the GPL.

The gpl has nothing to do with the success of Linux. It was only successful because bsd had a questionable legal battle with at&t, otherwise nobody would have given a shit about Linux and the gpl would be dead

Re: Good example of why to avoid the GPL.

I have to disagree. AT&T settled with Berkeley Systems in January 1994, two months before Linux 1.0 was released. The vast majority of Linux adoption came after BSD was freed.

No, I think Linux succeeded because it was easier (read: more flexible) to install and the community was there to support each other. Plus a lot of drivers got written in that time period.

Re: Good example of why to avoid the GPL.

[david_thornley]

That's a valid attitude. Lambasting the GPL for being something you don't want is less so. The GPL protects freedom, just not in a way that's useful to you and the way you operate.

Re:Good example of why to avoid the GPL.

[david_thornley]

If I release code under the GPL, anyone can use it for whatever software they want to write.

Re:Good example of why to avoid the GPL.

[david_thornley]

The GPL provides you with very restricted patent protections. Someone else with a patent can come along and screw you over.

What the GPL does is give you an automatic license for the patents actually used that are actually held by upstream providers. There's no reason you can't negotiate your own patent licenses, just as there's no reason you can't write your own code.

Most of the non-copyleft licenses I've looked at have no mention of patents, so you're in trouble with that.

Again, if you don't want the benefits of the GPL, don't use GPLed code. You're whining that GPLed code has certain protections that shield you from some inconveniences you whine about.

Re:Good example of why to avoid the GPL.

[sexconker]

If I release code under the GPL, anyone can use it for whatever software they want to write.

Can they sell it? Can they bundle it? Can they do so without providing the source to modifications they've made? Can they ... ?

The GPL is restrictive. You may like the ways it's restrictive, but not everyone does. And just what are we talking about? v1? v2? v3? Some modification of any of the above?

Re: Good example of why to avoid the GPL.

[Gr8Apes]

That's a valid attitude. Lambasting the GPL for being something you don't want is less so. The GPL protects freedom, just not in a way that's useful to you and the way you operate.

It doesn't protect "freedom" at all under any standard definition. It does a great job of restricting freedom, however.

Re: Good example of why to avoid the GPL.

[Gr8Apes]

Riddle me this, oh wise AC - why does the Linux kernel not use GPL v3?

Re: Good example of why to avoid the GPL.

[Gr8Apes]

I understand the licenses much better than you, apparently. I also understand my and my employers needs. So far there has only been 1 case where GPL software was acceptable.

Re: Good example of why to avoid the GPL.

[Gr8Apes]

Maybe that library's author didn't want you to be able to make that call without paying him or opening your code.

Maybe he did, but maybe someone a couple of dependencies up didn't, and also didn't properly legally vette their code.

Re: Good example of why to avoid the GPL.

[Gr8Apes]

Ah, but the GPL can take from you if you're not careful. It's very wise to know exactly what the GPL costs you, because it can cost you.

The entire point was that the GPL forces you to relinquish control of your work. It's implied that only happens if you use GPL'd code, which is why I normally don't touch anything with GPL on it.

Re:Good example of why to avoid the GPL.

>> If I release code under the GPL, anyone can use it for whatever software they want to write.

> Can they sell it?

Yes.

> Can they bundle it?

Yes.

> Can they do so without providing the source to modifications they've made?

No.

> Can they ... ?

. . . read the terms of the license?

Re: Good example of why to avoid the GPL.

[mfnickster]

The entire point was that the GPL forces you to relinquish control of your work. It's implied that only happens if you use GPL'd code, which is why I normally don't touch anything with GPL on it.

No, it most certainly does not. You own your own work; you can use GPL or not, or dual- or triple-license it if you want.

If you use someone else's code, COPYRIGHT LAW forces you to abide by the author's license, not GPL.

Quick Rundown

Some Legal Analysis:
--

The GRSecurity patch snakes through almost the entire kernel; it really touches everywhere
(and Brad Spengler etc have publicly attested to this as a bullet point as it doesn't only
add features but fixes various in-place security errors); and not even as a monolithic block,
it puts a paw here, and there, and there (so on and so on for 8MBs), with the deft agility of a cat,
and the dexterity of a vine wrapped every which-way around the many branches of a bush:
it is a non-separable derivative work.

A counter example would be the Nvidia GFX driver: a portion of that driver works across platforms.
That portion which works on Linux, Windows, etc is a separable work and thus can be argued
to be standalone before a court. Furthermore, in the Nvidia case, that portion was likely
developed on another platform and the wrapper was then built to conform to it.

The wrapper itself that interfaces with linux is licensed under the same terms as linux.

Other drivers can be written in a similar way.

With GRSecurity, on the other-hand, that is absolutely impossible. GRSecurity exists
only to give the linux kernel "self protection" (their words IIRC). They do this
by going in with a scalpel to thousands of areas in the kernel and making small
but important* edits and additions, as-well as by writing some new routines to then
use throughout the kernel.

Unlike a plug-in; their derivative work does not and cannot stand alone.

The Anime-Subs cases reaffirmed somewhat recently that a derivative work
that cannot stand alone and is not authorized is an infringing work.

(Ex: You're a fan, you listen to the Anime Girl cartoon in Japanese,
you write down what they say, you distribute that: that text is a
derivative work and not a standalone one: it required the existence
of the cartoon to itself exist or have any meaning).

I think the situations are very different thusly and that a court
would find GRSecurity to be infringing. If the GRSecurity patch is not
a derivative work then nothing in the realm of source-code is.

To Brad Spengler I'm referred to as a "troll" (months, perhaps a year later
in a discussion I was not involved in), for engaging with RMS on the issue earlier
(something which remains in Mr Spengler's mind:

http://www.openwall.com/lists/kernel-hardening/2017/06/04/24
>... It has been nearly 4 months now and despite repeated follow-ups, I still
>haven't received anything back more than an automated reply. Likewise
>regarding some supposed claims by RMS which were published last year by
>internet troll mikeeusa -- I have been trying since June 3rd of last
>year to get any response from him, but have been unable to. So when you ...

(RMS' opinion can be seen here:
(*7) https://lists.debian.org/debian-user/2016/06/msg00020.html )

As for making modifications: To create the patch Brad Spengler modified the
linux-kernel over the course of 15 years, and to continue continually producing
new patches he continually modifies the linux-kernel even more. Without
permission of the license he has no right to modify the kernel. The mechanical
modification that is done by patching is a red-herring in this case since it's
not needed to argue infringement on Mr Spengler's part once he has been found
to have added an additional term to the agreement between him and further
distributees of the derivative work. Once he has done that, he has violated
the license grant, and he no-longer has a right to distribute the work, nor
to distribute derivative works, nor to modify the work in-order to create
future derivative works.

--
Correction to common
programmer's misunderstanding
--

They don't have to add a term to the GPL per-se as the GPL is not a party to the agreement, it is "merely" the (not-fully integrated) writing describing the license that the rights-holders have granted GRSecurity et al

Hans Reiser did nothing wrong.

Nina committed adultery against Hans Reiser, she also divorced him.

Such is forbidden by the God of the book of the Law (Deuteronomy). (The man is the ba'al (master))

Hans Reiser did the correct thing in killing Nina Reiser, as commanded by the Overlord of the Armies.

Hans Reiser didn't obey the white man's false idol Jesus; but Jesus clearly isn't Hans Reiser's God.

Those who entice one to follow another judge/ruler/God are commanded to be killed immediatly.
Which is why your Jesus was killed.

baka

>To me it seems the legal question is whether or not they are using their influence to, indirectly, add a non-disclosure clause to the GPL.

They are forbidden by the terms from adding additional restrictions between an agreement between THEM and furthur Distributees.

They are adding an additional term.

Open and shut. Blatant violation.

No, you programmers who scream "BUT THEY DIDNT ADD THE ADDITIONAL TERM __TO_THE_GPL__!!!!" They added it to the agreement between them and the furthur distributee, which the terms underwhich linux is distributed explicitly forbids.

The licenses is NOT BETWEEN "The GPL" and GRSecurity but between THE LINUX RIGHTS-HOLDERS (linus et al) and GRSecurity. "The GPL" is the memorization of the license grant. It disallows additional restrictions placed by GRSecurity on people to whom it distributes a derivative work.

It is NOT saying (in that section) "oh you just can't pen your restriction in here, go write it on a napkin or something wink wink nod". (*cough codicil*)

No, you Programmers do NOT know what you're talking about when it comes to the Law. Yes I _DO_ know what I'm talking about.

Re:Sounds wrong: do they distribute anything that'

Wrath0fb0b:
Copyright is alienable in the same way real and personal property is.

Complain to the legislature if you don't like it you fucking idiot.

I can place whatever restrictions I like on MY property. I can allow you to use it (license) and then rescind at will. That's what being alienable in the same way real and personal property is means. Go read the copyright statute you fucking self-sure retard.

Even if you possess my intellectual property, does not mean you OWN it (in the way you might own a physical object), unless I ASSIGN copyright TO YOU.

Fucking retards here.
And they think they know more than lawyers and law technicians.

Re: Good example of why to avoid the GPL.

[Gr8Apes]

The GPL is nothing without copyright law.

Re: Good example of why to avoid the GPL.

Not sure what that's supposed to mean, but GPL won't work without copyright law, no. But without copyright law, you wouldn't need a license to distribute other people's code, would you?

Re: Good example of why to avoid the GPL.

[Gr8Apes]

Without copyright law, I don't have to worry about being forced to distribute any additions I might do to such code either, because the code wouldn't be protected any more than MIT, BSD, or Apache, and actually less.

Re: Good example of why to avoid the GPL.

You also wouldn't have to worry about keeping people from stealing your code, because there'd be nothing to stop them.

Re: Good example of why to avoid the GPL.

Nah, the problem is that you're an entitled little shit who has no business around the open source scene.

Re: Good example of why to avoid the GPL.

So grsecurity aren't included as part of the "all" of humanity? What a very selective, judgemental and bigoted license the GPL is.

Yes..

The fire rises...

Re:Good example of why to avoid the GPL.

Write your own kernel if you don't like it.

You don't even use linux anymore..

Re: Good example of why to avoid the GPL.

If no one sues them they'll keep getting away with it...

Re: Good example of why to avoid the GPL.

Hi Sweden!

Re: Good example of why to avoid the GPL.

You lay people are idiots when it comes to copyright law.

It's called a "stand alone" work.

(Which GRSecurity is not, but your example that links to 1 easily replaceable library would be (though you would have to show this in court, and the retention fee for the lawyer is where the costs come in))

Consult a lawyer or read a book before arguing the law. May I suggest anything written by a nice bloke with the name of "Nimmer"???

I really don't understand why White American Men who are Programmers don't understand that they don't know everything in all fields. European Men who are Programmers are not afflicted with this.

Re: Good example of why to avoid the GPL.

Bingo. The GPL is the China of Software. It brings to the people of the world the software they would be paying thousands for otherwise. It is a collective agreement between software artists and engineers to create a better world that benefits all common people.

Re: Good example of why to avoid the GPL.

"Just because you disagree with that philosophy doesn't mean it's stupid or wrong or communist."

We have affordable material goods because of Chinese Communists. Before trade was opened wide with them nothing was affordable. Then it was like a switch was flipped.

Re: Good example of why to avoid the GPL.

"Should I hoist a bucket of water from the well, should I then give that water to everyone that wants some?"

You should collectively build a community water dispensation system known as a "Muni-ciple Wa-ter Wo-r-k-s" and make sure the little girls and their families from which you and your sons draw brides do not die of thirst.

Re:Good example of why to avoid the GPL.

"Code have no freedom, nor rights. Information have no desires." ....
"Only Purpose"

https://www.youtube.com/watch?...

Re:Good example of why to avoid the GPL.

Your code is all-rights-reserved since you didn't modify any of the standard default copyright terms.

Re:Dance little monkey dance!

Red Hat did not light this fire.

Re:Good example of why to avoid the GPL.

[david_thornley]

Can they sell it? Can they bundle it?

Sure. No problem.

Can they do so without providing the source to modifications they've made?

If they're bundling, sure. Otherwise, no.

The GPL is restrictive. You may like the ways it's restrictive, but not everyone does

Correct. However, it's a free license in that it allows anyone to distribute the software, with or without modification, under the terms of the license. You may not like the restrictions, but many people do. I don't think it's the best license for everything. For example, I'm just as happy that Microsoft was able to appropriate BSD-licensed networking code for Windows, which would not have happened if not for the less restrictive licensing.

And just what are we talking about? v1? v2? v3? Some modification of any of the above?

I've never seen GPLv1. Presumably I could find a copy if I liked, but I've never seen software with that as a license. There are, AFAIK, three versions of both v2 and v3: the standard license, the Library/Lesser license, and the Affero license (which applies to server-side software on the Web or similar environment). The answers, to the best of my knowledge, are the same with the Affero and standard licenses for both versions. For the LGPLs, if you use an LGPLed library, you are free to distribute as a DLL with source, with none of the software that calls it necessarily being GPLed in any form.

Re: Good example of why to avoid the GPL.

[david_thornley]

If you have some GPLed software, you may copy it as you please. You may make changes as you please. You can redistribute as you please. What you can't do is change the license, which makes it incompatible with certain business models.

Re: Good example of why to avoid the GPL.

[Gr8Apes]

Have you ever decompiled a sizable project and tried to do anything with it? I have.

Re:Good example of why to avoid the GPL.

[sexconker]

So you admit your response to my post was incorrect and completely pointless?

If you want the code to be free, then release it freely. Code under the GPL is NOT free. It is encumbered.

If I release code under the GPL, anyone can use it for whatever software they want to write.

Code under the GPL is not free. There are restrictions involved, and you have admitted this. If you release code under the GPL, people are NOT free to use it for whatever software they want to write. They are free to use it for software they want to write and release under certain restrictions. If someone wants to use GPL code directly in closed-source software, they cannot. There's a legal maze to navigate with any version of the GPL. It's a showstopper for many, despite your personal feelings on the matter.

If you want your code to be used freely, then let it be used freely. Not some sort of politically-motivated, feel-good, anti-corporation, abusive definition of "freely".

Re:Good example of why to avoid the GPL.

Do we have to have this stupid debate every time an article is posted related to the GPL?

Everyone knows what the license does and what its purpose is. At least they should, but certain idiots insist on misrepresenting the actual terms of the license for propaganda purposes.

For the record, GPL does not restrict distribution (the law does), is not "viral" and doesn't infect your code, and does not force you to do anything including publish your changes to GPL'd code.

Mostly this argument is about people whining that GPL isn't as liberal as BSD/MIT/Apache etc. in the permissions it grants. Tough luck.

Re:Good example of why to avoid the GPL.

[david_thornley]

Ah, so we're back in the insult level of debate.

You're wrong about "If you release code under the GPL, people are NOT free to use it for whatever software they want to write.", of course. Anybody can use GPLed code to write whatever they want. Your " If someone wants to use GPL code directly in closed-source software, they cannot." is correct, but I never said anything otherwise. Software itself is not Free or proprietary on its own, that's an attribute people assign to it with licensing. "There's a legal maze to navigate with any version of the GPL." is also false, since all versions of the GPL are reasonably clearly written and understandable. It's not a legal maze, unless you're looking for loopholes to abuse the license, which you shouldn't be doing anyway. " It's a showstopper for many, despite your personal feelings on the matter." is partly true. Some people want to do things incompatible with the GPL, and that's their business, but any whining about how someone else didn't let them use the code for their own specific purposes is unbecoming. Some people just have inept and lazy lawyers, who'd rather advise their clients to do nothing rather than do a little work to understand the legal situation.

Re: Good example of why to avoid the GPL.

Apparently you also can't stop working for someone, either.

Re: Good example of why to avoid the GPL.

Have you ever decompiled a sizable project and tried to do anything with it? I have.

Not a sizeable one, no.

Was that binary your own work? Or are you blowing smoke about copyright and have no problem stealing others' work to benefit yourself?