Slashdot Mirror
Linux Kernel Hardeners Grsecurity Sue Open Source's Bruce Perens (theregister.co.uk)
An anonymous reader shares a report from The Register: In late June, noted open-source programmer Bruce Perens [a longtime Slashdot reader] warned that using Grsecurity's Linux kernel security could invite legal trouble. "As a customer, it's my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog. The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may have helped him draft that post, for defamation and business interference. Grsecurity offers Linux kernel security patches on a paid-for subscription basis. The software hardens kernel defenses through checks for common errors like memory overflows. Perens, meanwhile, is known for using the Debian Free Software Guidelines to draft the Open Source Definition, with the help of others.
Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code -- a right under the GPLv2 license -- will no longer be customers and will lose the right to distribute subsequent versions of the software. According to Perens, "GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition." A legal complaint (PDF) filed on behalf of Grsecurity in San Francisco, California, insists the company's software complies with the GPLv2. Grsecurity's agreement, the lawsuit states, only applies to future patches, which have yet to be developed. Perens isn't arguing that the GPLv2 applies to unreleased software. Rather, he asserts the GPLv2, under section 6, specifically forbids the addition of contractual terms.
Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code -- a right under the GPLv2 license -- will no longer be customers and will lose the right to distribute subsequent versions of the software. According to Perens, "GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition." A legal complaint (PDF) filed on behalf of Grsecurity in San Francisco, California, insists the company's software complies with the GPLv2. Grsecurity's agreement, the lawsuit states, only applies to future patches, which have yet to be developed. Perens isn't arguing that the GPLv2 applies to unreleased software. Rather, he asserts the GPLv2, under section 6, specifically forbids the addition of contractual terms.
I would suggest that if that is their intention, they do not know Mr Perens very well, and have not done their homework.
I suspect they are currently experiencing bit of a surprise in the reaction to their attempted strong-arming..
I also suspect they are rather wet-behind-the-ears (at least their decision makers) in the area of kernel security, to try such a play.
They are trying to play a legal-loophole game, when never goes down very well with the kernel maintainers, to say the least.
And they have quite possibly forgotten the fact that the maintainers could make their lives a LOT harder basically at well, by making their patches unworkable in subsequent releases..
Or they could just say sorry, and hope that they get some forgiveness - I am betting they wont..
Comment removed based on user account deletion
Linus Torvalds called grsecurity patches garbage earlier this year. https://www.theregister.co.uk/...
And they have quite possibly forgotten the fact that the maintainers could make their lives a LOT harder basically at well, by making their patches unworkable in subsequent releases..
That isn't really a viable solution.
Writing kernel code specifically to make it incompatible rather than to get the best solution will cause all sorts of problems.
They could release new code under a non-GPL license that is mostly identical with GPL but prohibits usage together with grsecurities software, but I'm not sure such a license will hold up in court and it is a bit against the free software mindset.
(OK, BSD is a bit more along the lines of "You can do whatever you want, even if you use the code for things I don't like" than GPL, but the idea is still to be in that direction.)
No, the only viable path I see is to defend yourself in court and then counter-sue for your costs.
In California, SLAPP stops all discovery and requires the plaintiff to pay the defendant's expenses if they lose.