Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Kernel Hardeners Grsecurity Sue Open Source's Bruce Perens (theregister.co.uk)

Posted by BeauHD on from the legal-trouble dept.

An anonymous reader shares a report from The Register: In late June, noted open-source programmer Bruce Perens [a longtime Slashdot reader] warned that using Grsecurity's Linux kernel security could invite legal trouble. "As a customer, it's my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog. The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may have helped him draft that post, for defamation and business interference. Grsecurity offers Linux kernel security patches on a paid-for subscription basis. The software hardens kernel defenses through checks for common errors like memory overflows. Perens, meanwhile, is known for using the Debian Free Software Guidelines to draft the Open Source Definition, with the help of others.

Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code -- a right under the GPLv2 license -- will no longer be customers and will lose the right to distribute subsequent versions of the software. According to Perens, "GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition." A legal complaint (PDF) filed on behalf of Grsecurity in San Francisco, California, insists the company's software complies with the GPLv2. Grsecurity's agreement, the lawsuit states, only applies to future patches, which have yet to be developed. Perens isn't arguing that the GPLv2 applies to unreleased software. Rather, he asserts the GPLv2, under section 6, specifically forbids the addition of contractual terms.

13 of 307 comments (clear)

  1. Prove it's true by Anonymous Coward · · Score: 4, Insightful

    That would put a full stop to Gr's suit.
    But besides that, it's pretty clear this is an intimidation move because it would be relatively trivial to just show you're not doing it.

    1. Re:Prove it's true by thesupraman · · Score: 5, Informative

      I would suggest that if that is their intention, they do not know Mr Perens very well, and have not done their homework.
      I suspect they are currently experiencing bit of a surprise in the reaction to their attempted strong-arming..
      I also suspect they are rather wet-behind-the-ears (at least their decision makers) in the area of kernel security, to try such a play.

      They are trying to play a legal-loophole game, when never goes down very well with the kernel maintainers, to say the least.
      And they have quite possibly forgotten the fact that the maintainers could make their lives a LOT harder basically at well, by making their patches unworkable in subsequent releases..

      Or they could just say sorry, and hope that they get some forgiveness - I am betting they wont..

    2. Re: Prove it's true by guruevi · · Score: 4, Insightful

      Even so, regardless of the facts on the matter, Bruce is entitled to his opinion, even if he ends up being wrong. GRSecurity just shot themselves again in the other foot with this.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    3. Re:Prove it's true by gnasher719 · · Score: 4, Insightful

      Proving it's true would not put a full stop to the suit; it would be a thing that you prove in the suit itself. This is expensive because it means you're paying lawyers lots of money.

      Bruce Perens' councel is Heather Meeker of Oâ(TM)Melveny and Meyers, author of a book about use of Open Source software in the enterprise. I wouldn't be surprised if she gives him a good deal for representation in court if needed. (I thought Bruce Perens is a lawyer as well, but probably respects the old saying "a man who represents himself in court has a fool for a lawyer and a fool for a client").

      What he said is "It is my strong opinion..." which I think stops what he says from being libel. GrSecurity could have replied "It is our strong opinion that Bruce Perens is incompetent and has no idea what he is talking about", which would probably not be libel for the same reason, being an opinion and not declared to be fact. Suing him has no chance of winning, and the huge risk that a court might agree that Bruce Perens' opinion is actually correct. That's most likely something that he would argue, in addition to the 100% winner argument "I said it was just my opinion".

    4. Re:Prove it's true by jenningsthecat · · Score: 4, Insightful

      Bruce Perens' councel is Heather Meeker of Oâ(TM)Melveny and Meyers...

      I suspect Perens and Ms Meeker will also have some assistance from the EFF. The potential chilling effects of this suit, and its blatant misuse of judicial process, are too important for the EFF to remain on the sidelines for long.

      --
      'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
    5. Re:Prove it's true by Anonymous Coward · · Score: 5, Interesting

      Their legal counsel is a one-man firm, and if you read his online reviews, they are all about his patent filings. It sounds like he is in over his head.

      Perens is using a big firm that has lawyers for every sort of legal issue, and his lead attorney wrote a book on Open Source licensing. If she has built expertise in Open Source, she and Perens would have worked together before.

    6. Re: Prove it's true by arth1 · · Score: 4, Funny

      GRSecurity just shot themselves again in the other foot with this.

      Only four more feet to go, then.

  2. pissing contest.. by lkcl · · Score: 4, Interesting

    this is going to be interesting to watch. one of the world's best-informed advocates of software libre, who has studied the GPL for many years, versus some idiots who will have been ill-advised by some moron whose only saving grace is the indemnification insurance provided as a sop to corporate madness. for those people not familiar with what indemnification insurance is: it's where lawyers can basically get away with making fundamental errors, and the corporation to whom they give the advice can sue their company quite safely, *as long as they follow that advice*.

    i really look forward to seeing how this turns out.

  3. Stupid lawsuit, but useful by bradley13 · · Score: 5, Insightful

    This is a stupid lawsuit. According to the attorneys for the plaintiff company:

    "Mr Perens has made false statements, claiming them to be facts, and based on those statements employed fear-mongering tactics to intentionally hurt Open Source Security Inc's business."

    Perens actually wrote: "it's my opinion that..."

    Opinion, not assertion of fact. This lawsuit will be thrown out almost immediately. However, it is useful in helping the community identify a company that we should never do business with. So thanks for that, at least...

    --
    Enjoy life! This is not a dress rehearsal.
    1. Re: Stupid lawsuit, but useful by guruevi · · Score: 4, Insightful

      It's infringement from the GPLv2 point to even add those terms. They are adding terms to the GPLv2 license by modifying the code, and distributing the code with those new terms, that's breach of contract from GRSecurity's contract with the Linux community.

      The GPLv2 explicitly tells you you cannot change the terms:
      Everyone is permitted to copy and distribute verbatim copies
      of this license document, but changing it is not allowed.

      To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
  4. Grsecurity pure garbage. by molnarcs · · Score: 4, Informative

    Linus Torvalds called grsecurity patches garbage earlier this year. https://www.theregister.co.uk/...

    1. Re:Grsecurity pure garbage. by phantomfive · · Score: 4, Informative

      At DEFCON last week, a hacker pwned a box running GRSecurity. So there's that.

      --
      "First they came for the slanderers and i said nothing."
  5. Re:I'm happy the GRSecurity folks are doing this by drinkypoo · · Score: 4, Interesting

    GPL doesn't require supplying future updates, it just says that you must provide an offer of source with binaries, and can't restrict redistribution of source/binaries. It looks like they've found another way to follow the letter of the GPL without following the spirit of it.

    They're actually trying to do an end run around the contract to which they've already agreed, which guarantees the right of redistribution. The question becomes whether grsecurity contains any GPL code to which they do not hold the copyright. If so, then they're risking losing the right to distribute that code.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"