lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Thu, 15 Jun 2017 19:25:00 +0000
From:   aconcernedfossdev@...mail.cc
To:     linux-kernel@...r.kernel.org
Subject: Re: [kernel-hardening] Why does no one care that Brad Spengler of
 GRSecurity is blatantly violating the intention of the rightsholders to the
 Linux Kernel?

The license under-which the linux kernel is distributed forbids, in it's 
text, the imposition of additional terms.

GRSecurity has, in-fact, successfully imposed a no-distribution term.
Even if it was a wink and a nod or an implicit threat the courts would 
not be blind to them. Additional terms can be made verbally or arise out 
of a course of business between a commercial entity and a client etc.

Additionally there is damage to the linux kernel rightsholders in that 
they have no access to the derivative work (unlike the RedHat situation 
where the kernel developers have the derived sourcecode so it's a moot 
point to them)

Courts deal in facts, not the fantasies of Proud, Resilient, Gritty, 
Battle Hardened, American White Male Programers (who know everything 
there is to know about everything, according to themselves (which is why 
they come up with these schemes and are /sure/ they will work))

It's a fairly clear cut blatant violation. Not really a grey-area at 
all.

On 2017-06-15 17:45, Rik van Riel wrote:
> On Thu, 2017-06-15 at 16:05 +0000, aconcernedfossdev@...mail.cc wrote:
>> > their customer restriction "you can redistribute
>> 
>> this code, but if you do we will on longer provide you
>> with updates" does not change that.
>> 
>> That is the imposition of an additional term, a court would not be 
>> amused by the programmers claim it's fine because he didn't ink it
>> into 
>> the copy of the license he distributed the code with. The court
>> would 
>> not be blind to the effect and the intention. The law has dealt with 
>> transparent schemes like this for hundreds of years, and within 
>> copyright for about a century (but much longer within contract law).
>> 
>> There should be a joint action.
> 
> I think the best action we can take is making
> grsecurity obsolete, by integrating all their
> functionality into the upstream kernel.
> 
> I don't think testing what a court thinks is
> a good idea here, because the GPL does not
> include any obligation to continue providing
> people with updates to the code.
> 
> The GPL may be much better off if that kind of
> thing continues to be a gray area that makes
> corporate lawyers nervous, rather than taking
> the chance that a court rules against the
> interests of GPL proponents...
> 
> Of course, I am not a lawyer, and if you want
> real lawyer advice you will need a real lawyer.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ