| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 30 Jul 2017 10:09:04 +0000 From: nisus@...chan.it To: "Paul G. Allen" <pgallen@...il.com>, nisus@...chan.it Cc: linux-kernel <linux-kernel@...r.kernel.org> Subject: Re: Yes you have standing to sue GRSecurity - Yes there is a blatant violation On 2017-07-29 20:07, Theodore Ts'o wrote: > It's not even clear that there is infringement. The GPL merely... Yes it is. Here's a posting from before that explains it: ---------------- GPL v2 Section 6 states simply "You may not impose any further restrictions on the recipients' exercise of the rights granted herein." From GRSecurity's "Stable Patch Agreement": "Notwithstanding these rights and obligations, the User acknowledges that redistribution of the provided stable patches or changelogs outside of the explicit obligations under the GPL to User's customers will result in termination of access to future updates of grsecurity stable patches and changelogs." Clear as day. What some lay people do not understand is that the terms in section 6 are governing what agreements and actions the distributee can take regarding furthur distributees, in reality, in the flesh. Here the ACTIONS of GRSecurity are to RESTRICT the exercise of the redistribution rights of the further distributee. This is an action prohibited by the terms offered by the linux-rights holders, and they have written as another term that the permission they give to use their property is revoked upon violation of their terms. Very simple. (Someone previously said on another thread:) > And none are imposed. However, you are given the option to agree to > them. Clear as day. The proffering of the additional restrictive terms is in and of itself a violation of section 2. You are holding the clients to an additional restriction and enforcing this restriction via a threat to suspend business relationships. (YES YOU HAVE IMPOSED AN ADDITIONAL RESTRICTION) ---------------- Here's it put another way: ---------------- ------------------------ Correction to common programmer's misunderstanding ------------------------ They don't have to add a term to the GPL per-se as the GPL is not a party to the agreement, it is "merely" the (not-fully integrated) writing describing the license that the rights-holders have granted GRSecurity et al. That is: the GPL in-part describes the license grant that the linux rights-holders have extended. (There may be other parts described elsewhere, even verbally or through a course of business dealings or relationship) (Copyright law, being quite bare on it's own, often borrows much from contract law) Licensees must extend the same grant to Distributees, they cannot add an additional term to that relationship. GRSecurity has added such a term. They did not pen it into the text of the GPL. But, according to existing testimony they did make it clear that redistribution will not be tolerated. It is unknown if an electronic or hard copy of this additional term controlling the relationship exists, or whether it was a verbal agreement, or even some implicit understanding. Any which way: it is a forbidden additional term.
Powered by blists - more mailing lists