Which means that the original developers cannot properly sue the customers for infringement or breach of contract concerning use of the Linux kernel. Check. You've now admitted that there's no basis for liability absent a customer's own violation of the GPL.
I admitted no such thing. And telling me what I admitted, when I haven't, is a rhetorical trick, not argument.
Grsecurity is an unlicensed derivative work and it's owned in part by the kernel developers because it necessarily includes portions of the original work. The GPL does not apply to it at all. The fact that the user has the GPL for some other copy of a Linux kernel does not license the infringing derivative work to the user. Nor does it grant Open Source Security Inc. the ability to convey the GPL for that work.
But the original developers do not own Grsecurity's modifications.
Actually, they do! Not the whole thing, but the derivative work necessarily incorporates a significant portion of the original work, and this is definitely true for the patch format used. The GPL doesn't apply to that copy as its terms were not honored, and OSS never had a right to convey the GPL originally on that copy. A GPL conveyed by someone else for another copy of Linux does not apply to the infringing derivative work. Grsecurity has no right to distribute it at all. The Linux kernel developers own the only remedy that will make its legal use possible.
Termination of the kernel license to Grsecurity does not affect the rights of their customers, or any other users, per GPLv2 secs. 4 and 6.
It does indeed if Grsecurity never had the right to convey the GPL on that work to the users in the first place. You can't convey it on a derivative work without a license from the owners of the work it was derived from. Grsecurity did not have that license because they did not comply with it.
Denied. You have not explained how Grsecurity cannot license its own modifications under the GPL, nor how anyone other than Grsecurity could sue users for using those modifications. You have admitted that customers and users are licensed to use the Linux kernel even if Grsecurity is not. You will have to admit that users can modify the Linux kernel if they so choose, even using non-GPLv2 modifications, so long as they do not publish or distribute the result (GPLv2 secs. 2 and 3).
OK, this one is too much. Look, I know that lawyers will try to fool the other side to win an argument. I've had it happen before. It's not going to make me accept your argument. I explained clearly where Grsecurity could not license its infringing derivative work. You're being silly to contend that anyone can license an infringing derivative work to someone else without a lot more permission than the GPL contains.
To reiterate, the customer has been licensed by the original developers for the original kernel and by Grsecurity for the modifications.
The infringing derivative work was never licensed to the customers, because Grsecurity never had a right to license it to anyone. The copies of the kernel that are under the GPL came to the customer another way, if they have any, and the fact that the user has the GPL from someone else on another copy does not automatically license the infringing derivative work to the customer.
A contributory infringer is "[o]ne who knowingly induces, causes or materially contributes to copyright infringement, by another but who has not committed or participated in the infringing acts him or herself, may be held liable as a contributory infringer if he or she had knowledge, or reason to know, of the infringement."
They have now been informed that there's a good chance of risk of contributory infringement and to check with their counsel. It's public knowledge now. They're paying for copies. That's how they become
It's positron emission tomography, PET, not MRI. You need to be able to visualize nerve activity. MRI mostly shows you where water is, because it echolocates hydrogen magnetic dipoles.
OK, if you're a real lawyer, I have no problem arguing law with you. I've won against folks who were admitted to the supreme court before.
The license granted to the customer certainly has not terminated.
The customer has that license for the kernel. They do not have that license for Grsecurity, because Grsecurity's license to the kernel terminated, and Grsecurity did not have the right to grant the GPL to the customer for an infringing derivative work. If Grsecurity was an independent work rather than derivative, it would have been different.
This belongs to a class of arguments I see very frequently, in which the defendant has not complied with the GPL but repeatedly offers the language of the GPL in their defense as if they get to cherry-pick the terms they like.
Sure, refer it to Eben. He's already been copied and has so far not chosen to differ. Richard chose not to be involved because he felt Grsecurity would not listen to him, and he has bigger fish to fry.
Sometimes it seems that people are accusing me of inventing intellectual property. It is the proprietary industry that created this mess. I just try to promote a sane corner where we can get away from them.
I think there is lots of room for people to make security patches to the kernel, and for them to do them one at a time and get the kernel team to accept them. They belong in the mainline, not a patch.
If they need some special subsystem to support them, they should put that in the form of as small a patch as possible, get the kernel team to accept that, and then to make individual patches that make use of that facility.
In contrast, Grsecurity is a big patch built up over years, and I hear not always a careful one.
It is difficult to get the kernel team to accept things. That is not a misfeature. They set really high standards, not just that the code works but that it's easy to read and review, is modular and does not put dirty fingers all over the kernel, and is well-architected according to the esthetic style of the kernel developers. Not everything meets those standards, and because there's an esthetic style it's sometimes down to personal style of the programmer and not everyone fits. But that's still not a misfeature.
A lot of people are having a problem with the time sequence of events.
Let's say you warn someone in advance that you will harm their business by withdrawing their support and removing them from your customer list, should they exercise their right which is granted to them under the GPL. That's adding a term.
Let's say that you never warn them about anything, they distribute stuff, and you decide to downsize your business and fire them as a customer. That is not adding a term.
It took me a while to get this straight myself, for a while I knew something was wrong but did not realize the importance of the time sequence. But I think I could help to win a case with this, if one came up.
Defendant contends that Plaintiff's reliance on the unsigned GNU GPL fails to plausibly demonstrate mutual assent, that is, the existence of a contract. Not so. The GNU GPL, which is attached to the complaint, provides that the Ghostscript user agrees to its terms if the user does not obtain a commercial license. Plaintiff alleges that Defendant used Ghostscript, did not obtain a commercial license, and represented publicly that its use of Ghostscript was licensed under the GNL GPU. These allegations sufficiently plead the existence of a contract. See, e.g., MedioStream, Inc. v. Microsoft Corp., 749 F. Supp. 2d 507, 519 (E.D. Tex. 2010) (concluding that the software owner had adequately pled a claim for breach of a shrink-wrap license).
You are misinterpreting the GPL when you say this:
If the customer doesn't redistribute code to a third party, axiomatically they cannot be in breach of anything.
The GPL is Open Source Security Inc.'s only permission to create and distribute a derivative work of the Linux kernel. I don't believe that anyone is denying that Grsecurity was created and distributed, and is derivative. The customer is obtaining and making use of an infringing derivative work. The status of the kernel is "All Rights Reserved" because the GPL has terminated, and that very clearly makes the customer a contributory infringer.
You are taking a very simplistic view of the GPL that doesn't fit what you appear to be representing with your user name. Did you actually sit for the Bar? I know there are a lot of people with a J.D. who don't ever practice, it's a personal choice, but I would have expected a bit more depth in interpretation.
A lot of people are not understanding the the importance of the time sequence. Because of the actions of Open Source Security Inc. to date, the customer already knows that there is a threat to cause them business damage if they exercise their right to distribution, before they perform the act of distribution. That's an additional term.
You are treating this as if the consequences of distribution are the only relevant element, and as if they only happen after distribution. This is not the case.
He's also a pain in the arse, but that's besides the point.
You would think. But look at the previous problem children: Larry McVoy did not comport himself very well around the Bitkeeper issue, and the then board of OSI tell me he wasn't too nice around them either. Things might have gone better for him had he behaved differently.
Hans Reiser. Had a reputation for abusing the kernel community before he killed poor Nina. I only talked with her on the phone and had lunch once with him, but I am astonished I don't get bad dreams...
This is a very large discussion and I'm not going to put in the hour necessary to explain it fully. One of the relevant cases is Galoob Games v. Nintendo. In that case, the Game Genie made by Galoob, which let you have infinite lifetime and ammo and thus cheat in Nintendo games, was thought to be a derivative work by Nintendo. Galoob won, because the Game Genie connected to a plug and only modified a few memory locations.
Unlike the modularity of the Game Genie and that of some of the other things you mention, Grsecurity does not limit itself to dealing with Linux through its APIs (like the plugs in the Nintendo console and game cartrige). Instead, Grsecurity gets dirty fingers all over the kernel internals. So,
it's derivative.
I am very much a supporter of right to repair and to interoperate, and we should discuss that another time.
Start building moon bases and colonies and have wars up in space instead.
Earth is the DMZ. No guns allowed.
Who DOESN'T want awesome space battles?
Now I can finally be a space pirate then retire to the comfy life as a space trucker.
OK, sarcasm evident, but anyone who thinks the DMZ is peaceful hasn't been there. There are guns there, and once in a while, firefights.
We do have the UN Space Treaties. So far, the only military presence in space has been countries looking at other countries, which arguably doesn't violate the treaty. But hell, who wants weapons in space? It's difficult enough having demented heads of state given them.
The problem isn't with the text there. It's with what else they have told their customers. It doesn't even have to be in writing.
I have witnesses. If there was ever a case, obviously the prosecution would have to depose people to make this point. I am not actually planning on a case, though. I think this warning will have the desired effect.
You understand the difference between "me libertarianism" and "us libertarianism". Some of these folks are offended that they aren't allowed to keep slaves.
It's the time sequence that is important in proving a legal theory of this sort. The customer has been warned before the act of distribution that their business would be damaged as a consequence of distribution. If they just coincidentally fired a customer without warning them first, it would be much harder to make a case.
Redhat sequesters their support information from non-customers. It's really difficult to make a case that the support data is derivative of the Open Source involved. I don't believe Red Hat has attempted to stop any of their customers from redistributing an actual patch. Just other information.
I don't know about Virtuozzo, sorry.
I did not contact Open Source Security Inc. as they had by that time already had extensive and somewhat acrimonious discussions with others in the community.
I think my legal theory holds water. I am bothered by the sort of action that Open Source Security Inc. is doing, and felt that informing the customers (albeit indirectly, in places like Slashdot) was the best way to effect a change. This was a case where publicity was the most effective means of effecting change (even if the only change is that someone else doesn't try to do what's being done with Grsecurity) and was less expensive for all sides than a lawsuit.
They don't have to distribute the kernel to violate the GPL in this case. Copyright also restricts the creation of derivative works. Grsecurity definitely is derivative of the kernel. The GPL would be their only permission to create and distribute a derivative work of the kernel. And one of the terms of the GPL is that you can't add any rules to your derivative that aren't in the GPL itself.
With respect, your understanding of copyright and licensing isn't quite complete. This is not a personal criticism, it's true for most people. But legal theories based on what you know so far might not be correct.
Slashdot Mirror
I admitted no such thing. And telling me what I admitted, when I haven't, is a rhetorical trick, not argument.
Grsecurity is an unlicensed derivative work and it's owned in part by the kernel developers because it necessarily includes portions of the original work. The GPL does not apply to it at all. The fact that the user has the GPL for some other copy of a Linux kernel does not license the infringing derivative work to the user. Nor does it grant Open Source Security Inc. the ability to convey the GPL for that work.
Actually, they do! Not the whole thing, but the derivative work necessarily incorporates a significant portion of the original work, and this is definitely true for the patch format used. The GPL doesn't apply to that copy as its terms were not honored, and OSS never had a right to convey the GPL originally on that copy. A GPL conveyed by someone else for another copy of Linux does not apply to the infringing derivative work. Grsecurity has no right to distribute it at all. The Linux kernel developers own the only remedy that will make its legal use possible.
It does indeed if Grsecurity never had the right to convey the GPL on that work to the users in the first place. You can't convey it on a derivative work without a license from the owners of the work it was derived from. Grsecurity did not have that license because they did not comply with it.
OK, this one is too much. Look, I know that lawyers will try to fool the other side to win an argument. I've had it happen before. It's not going to make me accept your argument. I explained clearly where Grsecurity could not license its infringing derivative work. You're being silly to contend that anyone can license an infringing derivative work to someone else without a lot more permission than the GPL contains.
The infringing derivative work was never licensed to the customers, because Grsecurity never had a right to license it to anyone. The copies of the kernel that are under the GPL came to the customer another way, if they have any, and the fact that the user has the GPL from someone else on another copy does not automatically license the infringing derivative work to the customer.
They have now been informed that there's a good chance of risk of contributory infringement and to check with their counsel. It's public knowledge now. They're paying for copies. That's how they become
She's really smart. I've seen her speak a few times at a conference we're not supposed to talk about. But she might be over-reaching this time.
Could you email that to bruce at perens dot com, please?
Walter Tichy is our savior! :-)
The truth is that most people don't use 95% of the feature set of a version control system, and everything they wanted was there in RCS back in 1982.
Tridge used telnet to get to the Bitkeeper server port, and typed "HELP". That was the great crime!
Most people who understand this believe that Larry over-reacted.
My personal conclusion was that Larry made things much worse for himself with his own behavior. I hope he learned something and is doing better now.
This is hysterically funny if you actually understand what Tridge did.
No, nobody is making it up. What has your interaction been with them since April?
It's positron emission tomography, PET, not MRI. You need to be able to visualize nerve activity. MRI mostly shows you where water is, because it echolocates hydrogen magnetic dipoles.
OK, if you're a real lawyer, I have no problem arguing law with you. I've won against folks who were admitted to the supreme court before.
The customer has that license for the kernel. They do not have that license for Grsecurity, because Grsecurity's license to the kernel terminated, and Grsecurity did not have the right to grant the GPL to the customer for an infringing derivative work. If Grsecurity was an independent work rather than derivative, it would have been different.
This belongs to a class of arguments I see very frequently, in which the defendant has not complied with the GPL but repeatedly offers the language of the GPL in their defense as if they get to cherry-pick the terms they like.
Sure, refer it to Eben. He's already been copied and has so far not chosen to differ. Richard chose not to be involved because he felt Grsecurity would not listen to him, and he has bigger fish to fry.
Sometimes it seems that people are accusing me of inventing intellectual property. It is the proprietary industry that created this mess. I just try to promote a sane corner where we can get away from them.
I think there is lots of room for people to make security patches to the kernel, and for them to do them one at a time and get the kernel team to accept them. They belong in the mainline, not a patch.
If they need some special subsystem to support them, they should put that in the form of as small a patch as possible, get the kernel team to accept that, and then to make individual patches that make use of that facility.
In contrast, Grsecurity is a big patch built up over years, and I hear not always a careful one.
It is difficult to get the kernel team to accept things. That is not a misfeature. They set really high standards, not just that the code works but that it's easy to read and review, is modular and does not put dirty fingers all over the kernel, and is well-architected according to the esthetic style of the kernel developers. Not everything meets those standards, and because there's an esthetic style it's sometimes down to personal style of the programmer and not everyone fits. But that's still not a misfeature.
A lot of people are having a problem with the time sequence of events.
Let's say you warn someone in advance that you will harm their business by withdrawing their support and removing them from your customer list, should they exercise their right which is granted to them under the GPL. That's adding a term.
Let's say that you never warn them about anything, they distribute stuff, and you decide to downsize your business and fire them as a customer. That is not adding a term.
It took me a while to get this straight myself, for a while I knew something was wrong but did not realize the importance of the time sequence. But I think I could help to win a case with this, if one came up.
My contention is that the current state with Grsecurity is like releasing it under NDA. I just wanted to make sure you understood that part.
Let's look at what the magistrate said:
You are misinterpreting the GPL when you say this:
The GPL is Open Source Security Inc.'s only permission to create and distribute a derivative work of the Linux kernel. I don't believe that anyone is denying that Grsecurity was created and distributed, and is derivative. The customer is obtaining and making use of an infringing derivative work. The status of the kernel is "All Rights Reserved" because the GPL has terminated, and that very clearly makes the customer a contributory infringer.
You are taking a very simplistic view of the GPL that doesn't fit what you appear to be representing with your user name. Did you actually sit for the Bar? I know there are a lot of people with a J.D. who don't ever practice, it's a personal choice, but I would have expected a bit more depth in interpretation.
A lot of people are not understanding the the importance of the time sequence. Because of the actions of Open Source Security Inc. to date, the customer already knows that there is a threat to cause them business damage if they exercise their right to distribution, before they perform the act of distribution. That's an additional term.
You are treating this as if the consequences of distribution are the only relevant element, and as if they only happen after distribution. This is not the case.
You would think. But look at the previous problem children: Larry McVoy did not comport himself very well around the Bitkeeper issue, and the then board of OSI tell me he wasn't too nice around them either. Things might have gone better for him had he behaved differently.
Hans Reiser. Had a reputation for abusing the kernel community before he killed poor Nina. I only talked with her on the phone and had lunch once with him, but I am astonished I don't get bad dreams...
I am sure there are other examples...
This is a very large discussion and I'm not going to put in the hour necessary to explain it fully. One of the relevant cases is Galoob Games v. Nintendo. In that case, the Game Genie made by Galoob, which let you have infinite lifetime and ammo and thus cheat in Nintendo games, was thought to be a derivative work by Nintendo. Galoob won, because the Game Genie connected to a plug and only modified a few memory locations.
Unlike the modularity of the Game Genie and that of some of the other things you mention, Grsecurity does not limit itself to dealing with Linux through its APIs (like the plugs in the Nintendo console and game cartrige). Instead, Grsecurity gets dirty fingers all over the kernel internals. So, it's derivative.
I am very much a supporter of right to repair and to interoperate, and we should discuss that another time.
OK, sarcasm evident, but anyone who thinks the DMZ is peaceful hasn't been there. There are guns there, and once in a while, firefights.
Here's my DMZ selfie.
We do have the UN Space Treaties. So far, the only military presence in space has been countries looking at other countries, which arguably doesn't violate the treaty. But hell, who wants weapons in space? It's difficult enough having demented heads of state given them.
The problem isn't with the text there. It's with what else they have told their customers. It doesn't even have to be in writing.
I have witnesses. If there was ever a case, obviously the prosecution would have to depose people to make this point. I am not actually planning on a case, though. I think this warning will have the desired effect.
You understand the difference between "me libertarianism" and "us libertarianism". Some of these folks are offended that they aren't allowed to keep slaves.
Creator of the Open Source AMBE codec. He doesn't want his name known because he doesn't want to be sued by DVSI.
It's the time sequence that is important in proving a legal theory of this sort. The customer has been warned before the act of distribution that their business would be damaged as a consequence of distribution. If they just coincidentally fired a customer without warning them first, it would be much harder to make a case.
Redhat sequesters their support information from non-customers. It's really difficult to make a case that the support data is derivative of the Open Source involved. I don't believe Red Hat has attempted to stop any of their customers from redistributing an actual patch. Just other information.
I don't know about Virtuozzo, sorry.
I did not contact Open Source Security Inc. as they had by that time already had extensive and somewhat acrimonious discussions with others in the community.
I think my legal theory holds water. I am bothered by the sort of action that Open Source Security Inc. is doing, and felt that informing the customers (albeit indirectly, in places like Slashdot) was the best way to effect a change. This was a case where publicity was the most effective means of effecting change (even if the only change is that someone else doesn't try to do what's being done with Grsecurity) and was less expensive for all sides than a lawsuit.
They don't have to distribute the kernel to violate the GPL in this case. Copyright also restricts the creation of derivative works. Grsecurity definitely is derivative of the kernel. The GPL would be their only permission to create and distribute a derivative work of the kernel. And one of the terms of the GPL is that you can't add any rules to your derivative that aren't in the GPL itself.
With respect, your understanding of copyright and licensing isn't quite complete. This is not a personal criticism, it's true for most people. But legal theories based on what you know so far might not be correct.