Grsecurity stops issuing public patches, citing trademark abuse

by
Anonymous Coward
in linux on (#KT69)
story imageThe gurus behind the popular and respected Linux kernel hardening effort Grsecurity will stop providing their stable patches to the public. In future, only paying sponsors will get access to stable patches to shore up their kernels' defenses. The test series, unfit for production use, will however continue to be available, to avoid impacting the Gentoo Hardened and Arch Linux communities. The project's full source code will still be released to the public at large, but non-sponsors will have to pick through every update to find out what's applicable to them.

The whole situation stems from WindRiver, a subsidiary of Intel, which "has been using the grsecurity name all over its marketing material and blog posts to describe their backported, unsupported, unmaintained version in a version of Linux with other code modifications that haven't been evaluated by us for security impact." After spending several thousand on legal fees, faced with "a huge legal team, the capability to drag out the case for years" and a threat to request "all available sanctions and attorneys' fees" were the lawsuit to proceed against them, Grsecurity decided pursuing the case through the courts was not practical.

Re: Where did the comments go? (Score: 2, Informative)

by evilviper@pipedot.org on 2015-09-09 08:15 (#KW4Z)

Spengler announced he is closing grsecurity
No he isn't doing that at all. The summary states this fact quite clearly.
it's ok to distribute copies of his work for a fee, as long as the source code is published isn't it? He is not publishing the source code. He is keeping it closed, except to people who pay
The GPLv2 has NEVER required source code be "published". It only requires that any recipient of "object code" also be able to receive the source code, and you "may not impose any further restrictions on the recipients" meaning they could redistribute it further.

This is in the FAQ for anyone who spent a few seconds to look for it:
* http://www.gnu.org/licenses/gpl-faq.html

"the GPL requires you to make the modified source code available to the program's users, under the GPL."

"The GPL gives him permission to make and redistribute copies of the program if and when he chooses to do so. He also has the right not to redistribute the program, when that is what he chooses."

"You can charge people a fee to get a copy from you. You can't require people to pay you when they get a copy from someone else."

etc. etc.
licenses can be revoked at any time by the rights holder
The GPL is not revocable:
* http://www.groklaw.net/article.php?story=2006062204552163
* http://www.gnu.org/licenses/gpl-faq.html#CanDeveloperThirdParty
There's no 'no-revocation' clause. This is why the GPLv3 had to be drafted.
US law doesn't allow revocation, unless explicitly specified in license, which the GPLv2 does NOT. See sources above.

The FSF explained why they needed GPLv3 (patent deals, Tivoization, DRM, etc.), and NOWHERE did they list revocation as being an issue:
* https://www.gnu.org/licenses/rms-why-gplv3.html
You ever wonder why the FSF requires all copyrights to be assigned to them in their projects.
No, because they've explained why... "successful enforcement depends on having the cooperation of all authors."
* https://www.gnu.org/licenses/why-assign.html
the rights holders never intended that someone may close a derivative work
Your repeated assertions of bad faith are both incredibly lazy and utterly insane, as the GPLv2 explicitly allows modifications & derivatives, explicitly allows you to "charge a fee", and nowhere claims you must make your modified version PUBLICLY AVAILABLE. Stop pretending to be a lawyer who has any clue what he is talking about, when you're clearly unwilling to do the slightest work to investigate the validity of your own unsupported claims. I won't be bothering, again.

At least you managed to avoid blaming Debian or women for any of this...
Post Comment
Subject
Comment
Captcha
What is Susan's name?