| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <dbc74a9f5b60b0628866023efefaccdc@airmail.cc> Date: Thu, 15 Jun 2017 19:25:00 +0000 From: aconcernedfossdev@...mail.cc To: linux-kernel@...r.kernel.org Subject: Re: [kernel-hardening] Why does no one care that Brad Spengler of GRSecurity is blatantly violating the intention of the rightsholders to the Linux Kernel? The license under-which the linux kernel is distributed forbids, in it's text, the imposition of additional terms. GRSecurity has, in-fact, successfully imposed a no-distribution term. Even if it was a wink and a nod or an implicit threat the courts would not be blind to them. Additional terms can be made verbally or arise out of a course of business between a commercial entity and a client etc. Additionally there is damage to the linux kernel rightsholders in that they have no access to the derivative work (unlike the RedHat situation where the kernel developers have the derived sourcecode so it's a moot point to them) Courts deal in facts, not the fantasies of Proud, Resilient, Gritty, Battle Hardened, American White Male Programers (who know everything there is to know about everything, according to themselves (which is why they come up with these schemes and are /sure/ they will work)) It's a fairly clear cut blatant violation. Not really a grey-area at all. On 2017-06-15 17:45, Rik van Riel wrote: > On Thu, 2017-06-15 at 16:05 +0000, aconcernedfossdev@...mail.cc wrote: >> > their customer restriction "you can redistribute >> >> this code, but if you do we will on longer provide you >> with updates" does not change that. >> >> That is the imposition of an additional term, a court would not be >> amused by the programmers claim it's fine because he didn't ink it >> into >> the copy of the license he distributed the code with. The court >> would >> not be blind to the effect and the intention. The law has dealt with >> transparent schemes like this for hundreds of years, and within >> copyright for about a century (but much longer within contract law). >> >> There should be a joint action. > > I think the best action we can take is making > grsecurity obsolete, by integrating all their > functionality into the upstream kernel. > > I don't think testing what a court thinks is > a good idea here, because the GPL does not > include any obligation to continue providing > people with updates to the code. > > The GPL may be much better off if that kind of > thing continues to be a gray area that makes > corporate lawyers nervous, rather than taking > the chance that a court rules against the > interests of GPL proponents... > > Of course, I am not a lawyer, and if you want > real lawyer advice you will need a real lawyer.
Powered by blists - more mailing lists