GRSecurity Linux Kernel patch to end public accessability of stable patches.

by
Anonymous Coward
in linux on (#K33M)
Here it is:

Important Notice Regarding Public Availability of Stable Patches
Due to continued violations by several companies in the embedded industry of grsecurity®'s trademark and registered copyrights, effective September 9th 2015 stable patches of grsecurity will be permanently unavailable to the general public. For more information, read the full announcement.

http://grsecurity.net/
More: http://grsecurity.net/announce.php

And I thought GRSecurity was based on the GPL'd work called "Linux". Guess I was wrong.
score 0
  • Closed (Poorly written)
Reply 27 comments

patches (Score: 1)

by pete@pipedot.org on 2015-09-02 00:56 (#K56Q)

they produce patches, not redistrib. linux. its their code, and patch, and thus should be able to do what they want, no?

that aside, im upvoting because the full version of the story sounds quite interesting. they themselves are tired of seeing GPL violations, among other complaints, leading to their decision

Re: patches (Score: 1)

by evilviper@pipedot.org on 2015-09-02 02:00 (#K5A1)

Patches are necessarily derivative code, so covered by the license.

However the GPL never said you have to make your code freely available to the public. It's just that once you give it out, you can't stop anyone else from redistributing it, if they want to.

Re: patches (Score: 0)

by Anonymous Coward on 2015-09-02 13:53 (#K719)

That might not be the full conclusion to the issue. The GPL likely falls under the contract theory of copyright licenses: it is not a bare license.

http://www.law.washington.edu/lta/swp/law/contractvlicense.html

Contracts, unless fully integrated, are not evaluated solely on the words within the four corners of the contract document. The GPL makes no mention of being fully integrated. Brad Spengler may very well be violating an unwritten portion of the agreement with this closing of the derivative work and it's rescission from public use. It is a theory that will have to be tested in court, and one of the thousands of contributors to the kernel will be needed as a plaintiff for standing to sue, but once that is achieved a suit can move forward against Spengler of GRSecurity.

Re: patches (Score: 0)

by Anonymous Coward on 2015-09-02 14:14 (#K731)

>It's not in violation of any spirit either, as there's nothing that says they have to give you their things, as copyright holders.

Their work is a derivative work.

The contributors to linux very likely intended that any derivative works also be distributed. If any contributor to linux intended this, there may very well be an unwritten clause in the contract which exists between the parties, part of which exists in the form of the document you know as a "copyright license" (WTF did you think it was? A royal patent?). Rarely does a court decide a dispute of this sort solely on the four corners of a document. Only when the document is wholly integrated does that occur.

I don't see those words there in the GPLv2. (Even if those words exist, action taken by the parties can be used as evidence against this, if the court allows the evidence of such to be presented).

Re: patches (Score: 1)

by pete@pipedot.org on 2015-09-03 00:30 (#K8VX)

just to clarify, would a patch not be a derivative work until actually applied to licensed code? on its own its just code, (EDIT: retracted, this statement made sense: "When the second
work makes sense only in light of the original, it's derivative.") and owned by the author. they don't have to release publicly.

And even if said-patch does infact fall under GPL, the GNU-GPL FAQ makes it clear that you can sell modified versions of GPL code to a client and not release publicly, and its up to the client whether they want to keep the modified version internal, or release it. The only thing that forces public source release, is to likewise distribute any part in any form, to the public.

If that client were to release the modified version, they would need to supply the source, but if kept internally, then no. By requiring a subscription or contract, i'd imagine thats the loop hole that allows private sale/distribution without violating the gpl (if i'm understanding that correctly.) It sounds like this company is ensuring paid-clients are supporting their efforts, while preventing every other company from doing a drive-by-only download instead. It sounds more than reasonable. In the end, the code is still going to make it to the public, eventually.

Re: patches (Score: 1)

by pete@pipedot.org on 2015-09-03 00:15 (#K8W0)

this would make for a good public discussion, if anyone else would like to up-vote? my feelings still are that the bigger story is the one presented by the company, and not the claim that said-company could be violating the gpl; although commentary for both would be interesting.

Re: patches (Score: 0)

by Anonymous Coward on 2015-09-03 13:29 (#KAN2)

Intel isn't violating anything. If anyone is, it is now (or soon to be) Brad Spengler of Gr-security.
Accusing Intel of a copyright violation here is a libel of Spengler. It makes no difference if he retracts that now and claims a trademark violation (of which, again, there is none: no one created a brand new "thing" within the technology trade and called it "GRSecurity")

Spengler was trying to extort intel and others for money.
He failed. Now he's attempting to close a derivative work of the linux kernel.

Re: patches (Score: 0)

by Anonymous Coward on 2015-09-04 00:33 (#KCJY)

you probably should read the gpl a bit more closely...it still provides an avenue for a business to sell a client derivative works, non public, and final distribution method and compliance being the choice of the client. any future work they do can follow this avenue that the GPL even spells out in their FAQ.

Re: patches (Score: 0)

by Anonymous Coward on 2015-09-04 14:04 (#KEBM)

As said before, your grant of permission to use but especially modify a copyrighted work rests either on property law (license) or contract law (unilateral or bilateral contact).

A license can be revoked at any time (unless estoppel prevents this). You don't want the GPL to be a bare license for this reason.

A contract, unless fully integrated, does not rest solely on the four corners of the accompanying document. The intention of the parties to the agreement comes into play, extrinsic evidence comes into play, usage in trade comes into play. You want the GPL to be a contract as some contracts are irrevocable. As said before, and this is important, but you completely gloss over it or ignore it because you DO NOT UNDERSTAND THE WORDS BEING USED: the agreement between Spengler and the Linux Kernel devs, of which the GPL is a document, is unlikely to be deemed fully integrated. There is no integration clause in GPLv2 thus the four corners doctrine is not likely to be used in this case

(You do know the four corners doctrine, correct? No, ok then, keep quiet with your useless lay opinion)

Thus, as stated again and again, extrinsic evidence of the parties agreement can be brought in: the plaintiffs
can testify as to their intention, to the usage in trade of the words, to the distribution of the kernel itself traditionally, etc. We can talk about if Brad Spengler, is, in bad-faith, attempting to subvert the intentions of the rights holders (of which intel is one). There is alot to be discovered here.

But you just don't know the law at all so don't see it at all.

(Some more explained: http://www.law.washington.edu/lta/swp/law/contractvlicense.html )

Not that some would understand these words. Some see the word "License" in the heading of the document and are convinced that that is exactly what it is, legally; and they even think if it were it would be to their advantage!

As for the GPL FAQ: The FSF might (or might not) intend that when they put out their works, but the FSF is not a party to this agreement. The 10's of thousands of programmers/rights-holders who have worked on linux (including Intel) on one side and Brad Spengler and Pax Team on the other side are the parties to this agreement. The GPL FAQ is only extrinsic evidence in disputes arising out of FSF copyrighted works, not wo

This is why you need lawyers, because lay people, such as yourself, only see the surface of the thing (the paper put under your nose), not the vast edifice on which it is hung.

Re: patches (Score: 0)

by Anonymous Coward on 2015-09-04 14:17 (#KECV)

If you're Spengler, once we have some plaintiffs, I suppose we'll find out the nature of your agreement with them in court.

Re: patches (Score: 0)

by Anonymous Coward on 2015-09-04 14:16 (#KEC2)

Nope, they down-voted it to 0 because they either don't like a poster or don't want to show themselves ignorant in a legal debate (they hold themselves out as benevolent geniuses making the world a better place through justice of social means)

Re: patches (Score: 0)

by Anonymous Coward on 2015-09-03 13:24 (#KAN1)

>By requiring a subscription or contract, i'd imagine thats the loop hole that allows private sale/distribution without violating the gpl

That's known generally as "bad faith", courts look poorly upon such actions.

As stated before, what is written in the GPL is not the end-all-be-all of the agreement which grants Spengler permission to use and modify the linux kernel, and produce derivative works thereof. (Also, as stated before, the GPL likely rests on contract law, it's not a bare license). We're not even debating the GPL per-se, but the agreement between the 10s of thousands of linux copyright holders and spengler who has created a derivative work, of which the GPL is a document describing in-part, but not fully representative of (in contracts, extrinsic evidence of the agreement can be brought in, even that which contradicts the written document(s). To explain the agreement, usage in trade, and the actual practice of the parties is relevant. (unless the contract is fully integrated (which is made no mention of here with linux, and how could it be, the GPL is about a page long and insufficient to describe fully the relationship)).

If I were intel, holding copyright on parts of linux, I would bring Spengler to court once the case is ripe. I would also sue him for libel aswell. If he wants to ruin linux security and bring a derivative work closed, in the hope of financial gain, we would find out the true nature of the agreement onwhich he relies. There are tens of thousands of potential plaintiffs against spengler.

Remeber: Grsecurity only exists because linux existed 14 years ago and spengler was poking around in it.

GNU/FSF is not a party to this agreement so what exists in their minds is somewhat irrelevant. What matters, when it comes to what anyone thinks, is the understanding that the involved parties had at the time of the agreement.

Re: patches (Score: 0)

by Anonymous Coward on 2015-09-03 23:08 (#KCDE)

>they practically pioneered the exploit mitigations now used by windows, openbsd, you name it

And now they're taking it away from us lower classes. We aren't allowed security, and Spengler doesn't give a damn that his work is derived from a freely distributed opensource project: The Linux Kernel, and he'll use every effort he can to subvert the intentions of the authors of the Linux Kernel (this is called bad faith)

Oh and if you want to argue that the GPL is a bare license rather than a unilateral contract (You'd likely be incorrect but...)

Licenses can be revoked at any time, in-which case we need only one linux kernel contributor to issue notice to Brad Spengler that said license to use his portion of the code is hereby revoked. Thence-forth Spengler will be liable for statutory damages ;-)

It's like you don't understand that, though the basis for the property interest itself flows from, in the US, congressional statute (and the constitution itself), and in the UK, AU, etc from parliamentary law, the rules governing alienation of that interest stem from property and contract law.

So Does he wish to be gotten coming or going? Contract, where extrinsic evidence can come into play, or bare license where if we have a plaintiff he can revolk permission (remeber: (C) isn't signed over in linux dev (and you wonder why FSF requires it... It's for more than the one reason they state))

(It ofcourse gets better than that in Central Europe and Commonwealth countries where, IIRC, you don't even have check weather the nature of the license would bar revocation) (Any contributors to the Linux kernel from germany?)

Re: patches (Score: 0)

by Anonymous Coward on 2015-09-03 23:09 (#KCDF)

*It's like some don't understand that, though the basis for the property interest itself flows from

Used to be +1 (Score: 0)

by Anonymous Coward on 2015-09-04 14:14 (#KEBY)

I notice this lost it's +1 vote.

You people do not like one of the posters here do you?

You don't like his opinions on other things and you cannot
engage in legal debate because, though you hold yourself
out as a genius and a knowledgeable person, you know
not one thing about the law.

Oh but that poster is just a "Troll" right, can't
code himself out of a paper bag right (that's what you
were claiming before), and hasn't more than an
elementary education. Right?

Hasn't programmed 10's of 1000s (or 100,000+ rather)
of lines of code right?

Didn't graduate law school, right?

Just a misogynist troll. But packaging other people's programs, oh that's divine contribution!

RIGHT?
HAVING THE RIGHT OPINION IS ALL THAT MATTERS, RIGHT??!?!??!

Re: Used to be +1 (Score: 0)

by Anonymous Coward on 2015-09-04 19:54 (#KFE2)

i'm not sure anyone brought up the attacks you just did....but you are starting to sound like mikeeUSA

Re: Used to be +1 (Score: 0)

by Anonymous Coward on 2015-09-04 19:57 (#KFE3)

and it became immediately clear the submitter is looking for an argument, not a discussion. this submission will rapidly (as it has already) run out of control into a he-said-she-said pointless mound of words.

Re: Used to be +1 (Score: 0)

by Anonymous Coward on 2015-09-05 00:27 (#KFYZ)

So because there is a lively debate you refuse to upvote this (as others requested) and are trying to delete this important story.

Other websites would upvote it for that reason alone. I think there is more to this story.

Re: Used to be +1 (Score: 0)

by Anonymous Coward on 2015-09-05 12:20 (#KH3N)

Provide links to said websites or outlets that run this story, and you may find that it would likely get published here.So far, all that has been supplied is anonymous commentary on a company's press-release. You've done basically no leg work, or the simple fact that there isn't actually a story to do such leg work.

There are no verifiable sources, no public dissenting commentary, no links to posts from the mailing lists, nothing. just angry you. Every article I searched for tohelp bolster your submission, only took a pro-grsecurity stance. show us an angry email from a linux developer, or something.

This isn't the first submission that has been closed for being a not-story this year, and wont be the last: you're not special. It was not rejected due to lack of want for a lively debate; because i want to debate something real, not just some anonymous opinion.

Re: Used to be +1 (Score: 0)

by Anonymous Coward on 2015-09-06 01:18 (#KJFM)

You are a stupid piece of shit that can't understand the legal issues, it's all greek to you, we get it.

That's why you're dismissive "just some opinions, brah"
You have no clue what anyone is talking about.

Fucking piece of shit idiot.

Re: Used to be +1 (Score: 0)

by Anonymous Coward on 2015-09-05 00:25 (#KFYY)

Who is mikeeusa and how could I sound like mikeeusa?
Does mikeeusa hold a law degree?

An opinion from a GRsecurity supporter (Score: 0)

by Anonymous Coward on 2015-09-04 14:44 (#KEEW)

Here is what a GRSecurity supporter threatens if anyone were to make a claim against Spengler for closing the derivative work:

irc.oftc.net
#grsecurity
10:39 < zakalwe_> as soon as these plaintiffs names are made public i will hunt them down, cut their limbs of
bit by bit and dehydrate them. i will then grind them up into powder and make large dong
out of them with epoxy resin. this i will stick to their forehead.
10:40 < zakalwe_> i will keep them alive for years, hung up on my wall, and play darts on their torso.
10:40 < zakalwe_> u fucking cunt

Let there be a record of this.

Upvote this story if you aren't a cuck. (Score: 0)

by Anonymous Coward on 2015-09-05 00:29 (#KFZ0)

This is an important story. Some people, who are value-less, shy away from a debate and wish for a story with 0 comments (ie: the opposite of slashdot). Eject them, spit on them, and vote this story up.

Re: Upvote this story if you aren't a cuck. (Score: 0)

by Anonymous Coward on 2015-09-05 00:29 (#KFZ1)

Na man, someone closing a derivative work of the linux kernel is all fine.
Systemd is awsome too.

Re: Upvote this story if you aren't a cuck. (Score: 0)

by Anonymous Coward on 2015-09-05 12:06 (#KH2V)

the idea here is to draw comments and discussions, not trolls

maybe find a real news source that is covering the issue you have - because every news post i've found fails to mention GPL violations, including tech-sites.

This is basically what you submitted:

+press-release
-"rah rah rah, i think they are wrong"
+lack of further evidence, or credibility
-"rah rah rah i'm the only one who thinks this is a thing"
+still lacks source material
-"im right and you're all stupid for not thinking so"
+C&P random, irrelevant, anonymous chat logs
-"see? rah rah rah"

if you still have no idea why the submission was closed, then you're missing the whole point of this site -> just goto reddit -the toilet of the interwebs- for troll battles. maybe you can stink up enough interest and attention that a real news source will weigh your claim.

Re: Upvote this story if you aren't a cuck. (Score: 0)

by Anonymous Coward on 2015-09-06 01:09 (#KJF6)

Go and fuck yourself you lay cuck.

Re: Upvote this story if you aren't a cuck. (Score: 0)

by Anonymous Coward on 2015-09-06 01:15 (#KJF8)

Can't understand the legal issues == commentator is troll.

Bet you wear square glasses.