Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bruce Perens Warns Grsecurity Breaches the Linux Kernel's GPL License (perens.com)

Posted by EditorDavid on from the kernel-copyrights dept.

Bruce Perens co-founded the Open Source Initiative with Eric Raymond. Now he's sharing a "strong opinion" that companies should avoid the Grsecurity security patch for the Linux kernel "because it presents a contributory infringement and breach of contract risk." Slashdot reader NewGnu shared Bruce's comments: [I]t would fail a fair-use test... Because of its strongly derivative nature of the kernel, it must be under the GPL version 2 license, or a license compatible with the GPL and with terms no more restrictive than the GPL. Earlier versions were distributed under GPL version 2... My understanding from several reliable sources is that customers are verbally or otherwise warned that if they redistribute the Grsecurity patch, as would be their right under the GPL, that they will be assessed a penalty: they will no longer be allowed to be customers, and will not be granted access to any further versions of Grsecurity. GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition...

This is tantamount to the addition of a term to the GPL prohibiting distribution or creating a penalty for distribution. GPL section 6 specifically prohibits any addition of terms. Thus, the GPL license, which allows Grsecurity to create its derivative work of the Linux kernel, terminates, and the copyright of the Linux Kernel is infringed. The contract from the Linux kernel developers to both Grsecurity and the customer which is inherent in the GPL is breached.
Perens advises companies to discuss his position with their attorneys, adding "In the public interest, I am willing to discuss this issue with companies and their legal counsel, under NDA, without charge."

6 of 474 comments (clear)

  1. Does Anyone Use That? by segedunum · · Score: 5, Funny

    Grsecurity is snakeoil dogshit.

    1. Re: Does Anyone Use That? by Anonymous Coward · · Score: 5, Interesting

      Submit good patches and we'll merge them. Hell, report some bugs. But no, that's not how you guys operate. You work in an ivory tower for months and send us a massive patch that lacks any organization or any reasonable way to break it down for review. At this point, we think you should take your pile of "security" patches and go write your own kernel to go with it.

    2. Re: Does Anyone Use That? by geoskd · · Score: 5, Informative

      Fuck the good ideas and flaws that get fixed, submit pretty patches or fuck off

      Patches can introduce bugs and security flaws as easily as they can fix them.

      Every where I have worked has a had a strict policy of one issue per pull request for that very reason. Reviewing code is hard enough when its a single issue at a time.

      --
      I wish I had a good sig, but all the good ones are copyrighted
  2. sounds about right by spongman · · Score: 5, Insightful

    i usually fall into the "GPL is less free than BSD" camp, but in this case I agree fully with Perens. the Linux kernel is GPL, everyone who works on it agrees accepts that. if you don't like the GPL or the conditions it places on you, or how you (and others) can distribute your code - then go the fuck somewhere else.

  3. Please Read The Entire Statement by Bruce+Perens · · Score: 5, Informative

    You should read the entire statement, because there are things missing from the quote above that are important. The most important part is the legal theory:

    By operating under their policy of terminating customer relations upon distribution of their GPL-licensed software, Open Source Security Inc., the owner of Grsecurity, creates an expectation that the customer's business will be damaged by losing access to support and later versions of the product, if that customer exercises their re-distribution right under the GPL license. This is tantamount to the addition of a term to the GPL prohibiting distribution or creating a penalty for distribution. GPL section 6 specifically prohibits any addition of terms. Thus, the GPL license, which allows Grsecurity to create its derivative work of the Linux kernel, terminates, and the copyright of the Linux Kernel is infringed. The contract from the Linux kernel developers to both Grsecurity and the customer which is inherent in the GPL is breached.

    Also, this is important to keep me in compliance with the law:

    I am an intellectual property and technology specialist who advises attorneys, not an attorney. This is my opinion and is offered as advice to your attorney. Please show this to him or her. Under the law of most states, your attorney who is contracted to you is the only party who can provide you with legal advice.

    It's important to consider the goals of the GPL. You get great Free Software, but it's not a gift. It is sharing with rules that must be followed. You are required to keep it Free. And one of the implied purposes of the GPL is to cause more great Free Software to be made. This means that derivative works that are not shared really go against the purpose as well as the wording of the GPL.

    --
    Bruce Perens.
  4. Re:Good example of why to avoid the GPL. by 93+Escort+Wagon · · Score: 5, Funny

    "Most quotes on the internet are made up."

            - Albert Einstein

    Yeah, right there you've demonstrated the "internet problem" in a nut shell... taking an Abraham Lincoln quote and then mis-attributing it to Albert Einstein.

    --
    #DeleteChrome