lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Tue, 05 Nov 2019 00:37:25 +0000
From:   nipponmail@...email.cc
To:     linux-kernel@...r.kernel.org
Cc:     ruben@...rklyn.com, mrbrklyn@...ix.com
Subject: Re: Will no-one sue GrSecurity for their blatant GPL violation (of
 GCC and the linux kernel)?

It does not matter how common this way of doing buisness is.
It is still a blatant violation of the Copyright holders terms.

The Copyright holder has allowed GrSecurity to do something they, by 
default, have no right to do (create and distribute [non-seperable] 
derivative works), ONLY if they follow the Copyright holder's 
directives.

The Copyright holder has stipulated that each distributee has the 
permission to FREELY create derivative works based on the work and 
FREELY distribute said original work and said derivative works, but that 
they ONLY have this permission IF they also extend those rights to 
down-the-line-distributees AND they DO NOT add ANY additional 
_RESTRICTIONS_ on that right.

If GrSecurity was _NOT_ adding an additional restriction it would NOT 
need an "access agreement" (no-redistribution agreement).

They are BLATANTLY violating section 6.

Please read:
perens.com/2017/06/28/warning-grsecurity-potential-contributory-infringement-risk-for-customers/

Please.

The reason why this business model works is because:

1)Not-any-old-lawyer can walk into Federal Court.
You have to be accepted into the Federal Bar for that 
district/circuit/etc (IIRC). Which means one of the 
allready-on-federal-bar lawyers has to allow you in and vouch for you. 
That makes for fewer high priced lawyers

2) The costs will be high: half a million plus in legal fees in the end.

3) You win court-costs ONLY if you have registered your copyright BEFORE 
the violation you are suing defendant over, and also BEFORE any 
same/similar violation. Otherwise you only get regular damages (revenue, 
or profits, or what the defendant would have paid you for a license (0 
dollars), whichever the court wishes). (Note: you have to register your 
copyright at the time of the suit atleast, but if it is after the 
violations you don't get statutory damages nor do you get attorney's 
fees)

Also read this EFF brief, page 10 etc. It has some discussion on the 
violation: 
perens.com/static/OSS_Spenger_v_Perens/0_2018cv15189/docs1/pdf/18.pdf

On 2019-11-04 21:14, Florian Weimer wrote:
> * nipponmail:
> 
>> You are incorrect. GPL version 2 section 6 states that one shall not 
>> add
>> additional restrictions between the agreement between the licensee and
>> further licensees. It governs that relationship vis-a-vis the 
>> protected
>> Work.
>> 
>> GrSecurity has, indeed, stipulated an additional restrictive term.
>>  From: You may distribute derivative works freely.
>> GrSecurity has forced customers to agree to: We shall not distribute 
>> the
>> (non-separable) derivative work EXCEPT to our own customers (when
>> required).
>> 
>> That is clearly an additional restrictive term.
> 
> I assume they did this as part of their subscription agreement.  Their
> customers are free to terminate that agreement and exercise their
> rights under the GPL.  They just can't have it both ways.
> 
> I believe this a fairly common approach to subscription and service
> agreements for GPL software.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ