lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <e79be5151ed31daaeaa5c36c25592865@mail.teknik.io>
Date:	Tue, 31 May 2016 03:18:22 +0000
From:	concernedfossdev@...nik.io
To:	linux-kernel@...r.kernel.org
Subject: GRsecurity is preventing others from employing their rights under
 version 2 the GPL to redistribute source code

GRsecurity (Brad Spengler) is preventing others from employing their rights under version 2 the GPL to redistribute
(by threatening them with a non-renewal of a contract to recive this patch to the linux kernel.)
(GRsecurity is a derivative work of the linux kernel (it is a patch))

People who have dealt with them have attested to this fact:
https://www.reddit.com/r/KotakuInAction/comments/4grdtb/censorship_linux_developer_steals_page_from_
andi
"You will also lose the access to the patches in the form of grsec not renewing the contract. 
Also they've asked us (a Russian hosting company) for $17000+ a year for access their stable
patches. $17k is quite a lot for us. A question about negotiating a lower price was completely
ignored. Twice." -- fbt2lurker

And it is suggested to be the case here aswell:
https://www.reddit.com/r/linux/comments/4gxdlh/after_15_years_of_research_grsecuritys_rap_is_here
"Do you work for some company that pays for Grsecurity? If so then would you kindly excersise the
rights given to you by GPL and send me a tarball of all the latest patches and releases?" --
lolidaisuki
"sadly (for this case) no, i work in a human rights organization where we get the patches by a
friendly and richer 3rd party of the same field. we made the compromise to that 3rd party to not
distribute the patches outside and as we deal with some critical situations i cannot afford to
compromise that even for the sake of gpl :/
the "dumber" version for unstable patches will make a big problem for several projects, i would
keep an eye on them. this situation cannot be hold for a long time" -- disturbio

Is this not tortious interference, on grsecurity's (Brad Spengler) part, with the quazi-contractual
relationship the sublicensee has with the original licensor?

(Also Note: the stable branch now contains features that will never make it to the "testing"
branch, and are not allowed to 
be redistributed, per the scheme mentioned above (which has been successful: not one version of the
stable branch 
has been released by anyone, even those asked to do so, since the scheme has been put in place
(they say they cannot
as they cannot lose access to the patch as that may cost the lives and freedom of activists in
latin america)))

https://twitter.com/marcan42/status/726101158561882112
@xoreipeip @grsecurity they call it a "demo" version "20:14 < spender> what's in the public version
is < 1/5th the size of the full version"
oreipeip @grsecurity "20:21 < spender> also it wouldn't be as fast as the commercial version [...]
there are missing optimization passes"

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ