Story 2015-09-08 KT69 Grsecurity stops issuing public patches, citing trademark abuse

Grsecurity stops issuing public patches, citing trademark abuse

by
Anonymous Coward
in linux on (#KT69)
story imageThe gurus behind the popular and respected Linux kernel hardening effort Grsecurity will stop providing their stable patches to the public. In future, only paying sponsors will get access to stable patches to shore up their kernels' defenses. The test series, unfit for production use, will however continue to be available, to avoid impacting the Gentoo Hardened and Arch Linux communities. The project’s full source code will still be released to the public at large, but non-sponsors will have to pick through every update to find out what’s applicable to them.

The whole situation stems from WindRiver, a subsidiary of Intel, which "has been using the grsecurity name all over its marketing material and blog posts to describe their backported, unsupported, unmaintained version in a version of Linux with other code modifications that haven't been evaluated by us for security impact." After spending several thousand on legal fees, faced with "a huge legal team, the capability to drag out the case for years" and a threat to request "all available sanctions and attorneys' fees" were the lawsuit to proceed against them, Grsecurity decided pursuing the case through the courts was not practical.
Reply 26 comments

Derivative works (Score: 0)

by Anonymous Coward on 2015-09-09 03:42 (#KVTN)

US 1976 Copyright Act
SS 304(c)(6)(A)
"A derivative work prepard under authority of the grant before its termination may continue to be utilizd under the trms of the grant after its termination, but this privledge does not extnd to th preparation after the termination of other derivative works based upon the copyrightd work covered by the terminated grant."

IE: Once the permission to modify linux is revoked, no furthur work on grsecurity may commence: it's over.

Re: Derivative works (Score: -1, Redundant)

by Anonymous Coward on 2015-09-09 04:08 (#KVWF)

Not off topic.
Grsecurity is a derivative work.

Where did the comments go? (Score: 0)

by Anonymous Coward on 2015-09-09 04:08 (#KVWG)

>BTW: show me the part in the GPL that states that you must make the source code available to anyone?

Please keep up. Read the above posts.

Short story: If the GPLv2 is a license then we simply revoke spenglers permission to modify the linux source code. There's no 'no-revocation' clause. This is why the GPLv3 had to be drafted. Licenses arise from property law, read up on them. They are not a product of copyright law as all lay techies suppose.

If you argue the GPLv2 is a contract, then, as you may note, the GPLv2 is not a fully integrated document (notice there's no integration clause?), then extrinsic evidence comes in to show that the rightsholders never intended source code of derivative works to be closed in this manner. Usage in trade and course of dealings of the party come in.

If it matters, this case is distinguishable from RedHat etc as RedHat is simply failing to distribute binaries to anyone not contracting with them, whereas it does publish source code (and for a reason). Here Spengler wills to close the source code to a derivative work.
And: if it matters: RedHat's approach has not been tested in court.

You probably don't get to argue contract, as has been stated earlier, so a plaintiff just revokes the license and you're done with grsecurity: you want to close it, it will be closed, completely.

You ever wonder why the FSF requires all copyrights to be assigned to them in their projects. Any one of the 10's of 1000s of linux contributors can be a plaintiff, they all have standing.

Re: Where did the comments go? (Score: 2, Informative)

by evilviper@pipedot.org on 2015-09-09 08:15 (#KW4Z)

Spengler announced he is closing grsecurity
No he isn't doing that at all. The summary states this fact quite clearly.
it's ok to distribute copies of his work for a fee, as long as the source code is published isn't it? He is not publishing the source code. He is keeping it closed, except to people who pay
The GPLv2 has NEVER required source code be "published". It only requires that any recipient of "object code" also be able to receive the source code, and you "may not impose any further restrictions on the recipients" meaning they could redistribute it further.

This is in the FAQ for anyone who spent a few seconds to look for it:
* http://www.gnu.org/licenses/gpl-faq.html

"the GPL requires you to make the modified source code available to the program's users, under the GPL."

"The GPL gives him permission to make and redistribute copies of the program if and when he chooses to do so. He also has the right not to redistribute the program, when that is what he chooses."

"You can charge people a fee to get a copy from you. You can't require people to pay you when they get a copy from someone else."

etc. etc.
licenses can be revoked at any time by the rights holder
The GPL is not revocable:
* http://www.groklaw.net/article.php?story=2006062204552163
* http://www.gnu.org/licenses/gpl-faq.html#CanDeveloperThirdParty
There's no 'no-revocation' clause. This is why the GPLv3 had to be drafted.
US law doesn't allow revocation, unless explicitly specified in license, which the GPLv2 does NOT. See sources above.

The FSF explained why they needed GPLv3 (patent deals, Tivoization, DRM, etc.), and NOWHERE did they list revocation as being an issue:
* https://www.gnu.org/licenses/rms-why-gplv3.html
You ever wonder why the FSF requires all copyrights to be assigned to them in their projects.
No, because they've explained why... "successful enforcement depends on having the cooperation of all authors."
* https://www.gnu.org/licenses/why-assign.html
the rights holders never intended that someone may close a derivative work
Your repeated assertions of bad faith are both incredibly lazy and utterly insane, as the GPLv2 explicitly allows modifications & derivatives, explicitly allows you to "charge a fee", and nowhere claims you must make your modified version PUBLICLY AVAILABLE. Stop pretending to be a lawyer who has any clue what he is talking about, when you're clearly unwilling to do the slightest work to investigate the validity of your own unsupported claims. I won't be bothering, again.

At least you managed to avoid blaming Debian or women for any of this...

Wrong (Score: -1, Flamebait)

by Anonymous Coward on 2015-09-09 13:53 (#KXDE)

>US law doesn't allow revocation, unless explicitly specified in license, which the GPLv2 does NOT. See sources above.

Yes it does. Licenses are revokable at will. Property law 101, idiot.
The only thing that prevents license revocation is estoppel.
(Usually arising in a contract to license a work, potentially arising from an utterance by the grantor: such as a no-revocation clause in a license document (explicit disclaimer of the right to revoke gives rise to estoppel which you can argue in-front of a court to give the revocation no effect.))

Copyright is alienable by "any operation of law": property, contract, etc. There aren't "special forms" of alienation written into the statute (there didn't need to be).

Here's someone who disagrees with you, first hit on google for the lazy, if you need someone else to listen to (and obviously don't have a casebook nor a treatise handy, because you haven't bought any since you haven't attended a school where you would need them you piece of filth):
"""
>Default Rule When Silent on Revocability
>Most courts hold that simple, non-exclusive licenses with unspecified durations that are silent on revocability are revocable at will. This means that the licensor may terminate the license at any time, with or without cause. Conversely, courts typically hold that simple non-exclusive licenses that are silent on revocability but specify a set duration are non-terminable during the set duration. Results, however, may vary based on applicable state contract law and federal law preemption principles. We find that many people are unaware of these default rules. Because of the lack of absolute clarity on the default rules themselves and the impact other provisions in a license agreement may have on their application, we believe it is important not to remain silent on revocability in a license.
""" --Sidly Austin LLP

And here's some input from the 1976 US Copyright statute, copied from one of my casebooks in my library:
US 1976 Copyright Act. SS 304(c)(6)(A)
"A derivative work prepared under authority of the grant before its termination may continue to be utilizd under the trms of the grant after its termination, but this privledge does not extnd to th preparation after the termination of other derivative works based upon the copyrightd work covered by the terminated grant."

IE: Once the permission to modify linux is revoked, no further work on grsecurity may commence: it's over.
(The license of Linux (GPLv2) lacks a no-revocation clause, GPLv3 had to be drafted for a reason (adding one in) (so you could attempt to argue estoppel)) (Licenses are revokable at will barring estoppel)

Sorry SJW piece of shit. You didn't go through law school, you don't even know the edges of the law, and you are wrong. You can believe the FSF all you want; they have an interest in hiding the truth. I'd be happy for your whole edifice to crumble as that would hurt you pro-women's rights, anti-marry-young-girls pieces of filth.

Re: Wrong (Score: 1)

by Anonymous Coward on 2015-09-10 09:17 (#M0D3)

despite your repeated assertions,the GPL's own website says contrary(I bold'ed it, in hopes the heavy letter weight sinks through your thick skull.) Lets see, should i believe a Law Grad (again, no real experience), or the FAQ+more written by the same group that published the licensebefore you were even born....The license you are defending says you are incorrect!

So just to clarify for you again:
GPL website = valid, trustworthy source (ie, the horses mouth,the only one that matters)
You = who?

Re: Wrong (Score: -1, Troll)

by Anonymous Coward on 2015-09-10 15:47 (#M1MX)

Some points: The GPL's own website talks about the current version, v3, which rectify many issues with v2. Linux is licensed under v2. Can't be re-licensed because there are so many copyright holders. It's stuck with v2.

The GPL's own website has a vested interest in promoting the GPL.
The GPL's own website is not trained in the law.

>So just to clarify for you again:
Indeed, you wouldn't know who to trust, being of the laity, never having studied law.
It's all greek to you as you are truely ignorant and thus must simply rely on authorities to trust and distill the information for you.

If I were near you I would laugh in you face, and we'd see what happened next.
I think you've been rude to me so maybe there would be a fight.
I'd try to gouge out your eyes with my thumbs in that case.

Re: Wrong (Score: 2, Informative)

by evilviper@pipedot.org on 2015-09-10 20:38 (#M2M2)

The GPL's own website talks about the current version, v3
Nope. Here's the archived page from back in 2001, before anybody started working on GPLv3:

https://web.archive.org/web/20011214143230/http://www.gnu.org/licenses/gpl-faq.html#CanDeveloperThirdParty
The GPL's own website has a vested interest in promoting the GPL.
They have a vested interest in spreading accurate information about the GPL.
The GPL's own website is not trained in the law.
Are you seriously claiming the FSF and GNU organization don't have ANY LAWYERS working for them? Several of their high-ranking board members are working lawyers.

Re: Wrong (Score: -1, Troll)

by Anonymous Coward on 2015-09-11 02:19 (#M3BM)

I'm saying they are wrong.

It is not in their interest, at all, to weaken their case.

If the FSF was to point out flaws or errors, such utterances could be used against them in court in a case
involving the copyrighted works that have been deeded to them. Such utterances, when it comes to cases involving works they own, can be very damaging. So they keep their mouth shut, rectify the situation
as best they can by issuing new versions of licenses.

Why do you think the GPL has gone through 3 revisions so far?

I really don't understand how you think you can argue with me from a position of ignorance though.
All you're doing is arguing "FSF is the authority, they must be right".
Not when they drafted v2. That was before stallman got the 1mill grant even, IIRC.

Re: Wrong (Score: 3, Insightful)

by evilviper@pipedot.org on 2015-09-11 13:20 (#M4QM)

I'm saying they are wrong.
No, that's NOT what you said... You said they were talking about GPLv3, remember? Now that I've throughly discredited that claim, you choose to switch your claim around to something else entirely.

I provided multiple sources for the non-revocability of the GPL. You've provided NO SOURCES for your claim, just your own paranoid delusions based upon very little reading of the law, and an overabundance of willful ignorance.
If the FSF was to point out flaws or errors, such utterances could be used against them in court in a case
Then they would simply keep quiet on the issue. There's no benefit to them lying. Instead, they're saying it because case law backs them up.
So they keep their mouth shut
Except they didn't keep their mouth shut. They weighed-in and specifically said the GPL (v2) is not revocable.
Why do you think the GPL has gone through 3 revisions so far?
I already listed the reasons for GPLv3. Revocablity isn't one of them.
I really don't understand how you think you can argue with me from a position of ignorance
I don't understand how you think you can argue with the legal sources I've cited, from your position of extreme ignorance. No matter how many times I prove you completely and totally wrong on one issue or another, you just ignore it and twist your claims around next time around so you don't have to acknowledge your error, and just pretend you weren't making incorrect, crazy and unsupportable claims a few minutes earlier...

And look, here's yet another source that's right on-the-nose:

http://gplv3.fsf.org/comments/rt/readsay.html?filename=gplv3-draft-1&id=163

Re: Wrong (Score: 1, Interesting)

by Anonymous Coward on 2015-09-11 04:58 (#M3KV)

Having had someone try to gauge out one of my eye's I can assure you that this is not warranted. Why are you getting so upset over this?

Re: Where did the comments go? (Score: 1)

by Anonymous Coward on 2015-09-09 22:45 (#KZ3M)

What above posts?

Re: Where did the comments go? (Score: 2, Informative)

by evilviper@pipedot.org on 2015-09-10 02:06 (#KZGE)

What above posts?
He's just copy/pasting his comments from other threads, and elsewhere all over the internet, including what look like IRC logs, and generally just arguing with imaginary people about things nobody said. If the missing other posts are the only thing he's said that confuses you, you're doing better than I.

Re: Where did the comments go? (Score: 2, Interesting)

by billshooterofbul@pipedot.org on 2015-09-10 13:29 (#M157)

When I first saw this story pop up, there was 1 comment attached, but I couldn't view it regardless of the settings I had. I checked back in a couple hours and there were two comments I couldn't see. So I have no idea what those were or why I couldn't see them. Maybe they were auto detected as spam or something?

Re: Where did the comments go? (Score: -1, Troll)

by Anonymous Coward on 2015-09-10 15:42 (#M1M7)

They were legal arguments about this case that the editor here doesn't want you to read.

They show that spengler can be sued for his action and successfully.
They also show that his license to modify the linux kernel can be rescinded.

Ofcourse the editor here hasn't been through law school so it's all gibberish to him.
The editor here also supports spengeler in his actions to close the stable patch of grsecurity.

How do you feel about the editor keeping this knowlege from you, no matter what settings you change?

Re: Where did the comments go? (Score: 1)

by billshooterofbul@pipedot.org on 2015-09-10 16:50 (#M1X9)

Well, quite honestly, I think you are showing signs of paranoia and persecution complex. I actually appreciate some level of gibberish clean up on sites like this. I used to think that no censorship anytime any where on any site was the way to go, but slashdot quickly disabused me of that idea. Quality discussions don't happen by accident, even though some level of trust of the editorial staff is required that they are not removing valid comments to skew the discussion.

Re: Where did the comments go? (Score: 2, Interesting)

by evilviper@pipedot.org on 2015-09-10 20:46 (#M2AP)

There's a bit of a difference between espousing legal theories, and flooding the comments with page after page of irrelevant and/or redundant ranting and raving. That, the occasional bouts of tourettes, and the threats of personal violence, weren't too good either.

Anyone so inclined can change their preferences to show ALL hidden spam comments, but it's a mess.

The incorrect comment count due to entries threads being hidden when the top comments is flagged as spam, has already been reported as a bug number 62.

Re: Where did the comments go? (Score: 0)

by Anonymous Coward on 2015-09-28 06:46 (#NRWX)

Perhaps we should have a toggle button on the page to 'show all' comments regardless of rating.