Grsecurity stops issuing public patches, citing trademark abuse

by
Anonymous Coward
in linux on (#KT69)
story imageThe gurus behind the popular and respected Linux kernel hardening effort Grsecurity will stop providing their stable patches to the public. In future, only paying sponsors will get access to stable patches to shore up their kernels' defenses. The test series, unfit for production use, will however continue to be available, to avoid impacting the Gentoo Hardened and Arch Linux communities. The project's full source code will still be released to the public at large, but non-sponsors will have to pick through every update to find out what's applicable to them.

The whole situation stems from WindRiver, a subsidiary of Intel, which "has been using the grsecurity name all over its marketing material and blog posts to describe their backported, unsupported, unmaintained version in a version of Linux with other code modifications that haven't been evaluated by us for security impact." After spending several thousand on legal fees, faced with "a huge legal team, the capability to drag out the case for years" and a threat to request "all available sanctions and attorneys' fees" were the lawsuit to proceed against them, Grsecurity decided pursuing the case through the courts was not practical.

Where did the comments go? (Score: 0)

by Anonymous Coward on 2015-09-09 04:08 (#KVWG)

>BTW: show me the part in the GPL that states that you must make the source code available to anyone?

Please keep up. Read the above posts.

Short story: If the GPLv2 is a license then we simply revoke spenglers permission to modify the linux source code. There's no 'no-revocation' clause. This is why the GPLv3 had to be drafted. Licenses arise from property law, read up on them. They are not a product of copyright law as all lay techies suppose.

If you argue the GPLv2 is a contract, then, as you may note, the GPLv2 is not a fully integrated document (notice there's no integration clause?), then extrinsic evidence comes in to show that the rightsholders never intended source code of derivative works to be closed in this manner. Usage in trade and course of dealings of the party come in.

If it matters, this case is distinguishable from RedHat etc as RedHat is simply failing to distribute binaries to anyone not contracting with them, whereas it does publish source code (and for a reason). Here Spengler wills to close the source code to a derivative work.
And: if it matters: RedHat's approach has not been tested in court.

You probably don't get to argue contract, as has been stated earlier, so a plaintiff just revokes the license and you're done with grsecurity: you want to close it, it will be closed, completely.

You ever wonder why the FSF requires all copyrights to be assigned to them in their projects. Any one of the 10's of 1000s of linux contributors can be a plaintiff, they all have standing.
Post Comment
Subject
Comment
Captcha
The name of Charles is?