Grsecurity stops issuing public patches, citing trademark abuse

by
Anonymous Coward
in linux on (#KT69)
story imageThe gurus behind the popular and respected Linux kernel hardening effort Grsecurity will stop providing their stable patches to the public. In future, only paying sponsors will get access to stable patches to shore up their kernels' defenses. The test series, unfit for production use, will however continue to be available, to avoid impacting the Gentoo Hardened and Arch Linux communities. The project's full source code will still be released to the public at large, but non-sponsors will have to pick through every update to find out what's applicable to them.

The whole situation stems from WindRiver, a subsidiary of Intel, which "has been using the grsecurity name all over its marketing material and blog posts to describe their backported, unsupported, unmaintained version in a version of Linux with other code modifications that haven't been evaluated by us for security impact." After spending several thousand on legal fees, faced with "a huge legal team, the capability to drag out the case for years" and a threat to request "all available sanctions and attorneys' fees" were the lawsuit to proceed against them, Grsecurity decided pursuing the case through the courts was not practical.

Analysis (Score: -1, Spam)

by Anonymous Coward on 2015-09-08 16:53 (#KT9D)

Spengler announced he is closing grsecurity, he will only distribute to those who pay him 200 dollars per month

grsecurity is a derivative work of the linux kernel, which has 10000s of rights holders

Spengler only has permission to modify the linux kernel at the grace of those rights holders
either: through bare license (property law), or contract (contract law)

licenses can be revoked at any time by the rights holder, provided he is not estopped from doing so
thus a plaintiff, if linux is merely licensed (if the GPL and agreement is not a contract), can simply bar him and then seek statutory damages if he continues to create derivative works (100k+ per violation)

if the GPL and the agreement which allows Spengler to modify the copyrighted work is a contract, then we proceede under contract law

here first we look to if the document is fully integrated or not, the linux documentation, and the GPL makes no mention of this

but since the linux kernel is under GPL, it's ok to distribute copies of his work for a fee, as long as the source code is published isn't it?

He is not publishing the source code.

He is keeping it closed, except to people who pay 200 a month

since there is no integration clause we can likely bring in extrisic evidence to show that the rights holders never intended that someone may close a derivative work as such

when a contract is not fully integrated, evidence to the intentions of the parties, their state of mind, usage in trade of terms, etc can be brought in, even if they contradict the written terms of the agreement.

Now, if the GPL is neither a license, and if it also does not satisfy the elements of a contract (perhaps there is no meeting of the minds, or more likely one party has not given anything up), then Spengler is simply violating copyright
Post Comment
Subject
Comment
Captcha
What is the 1st number in the list thirty seven, thirty nine and thirty three?