It does not matter how common this way of doing buisness is.
It is still a blatant violation of the Copyright holders terms.
The Copyright holder has allowed GrSecurity to do something they, by
default, have no right to do (create and distribute [non-seperable]
derivative works), ONLY if they follow the Copyright holder's
directives.
The Copyright holder has stipulated that each distributee has the
permission to FREELY create derivative works based on the work and
FREELY distribute said original work and said derivative works, but that
they ONLY have this permission IF they also extend those rights to
down-the-line-distributees AND they DO NOT add ANY additional
_RESTRICTIONS_ on that right.
If GrSecurity was _NOT_ adding an additional restriction it would NOT
need an "access agreement" (no-redistribution agreement).
They are BLATANTLY violating section 6.
Please read:
perens.com/2017/06/28/warning-grsecurity-potential-contributory-infringement-risk-for-customers/
Please.
The reason why this business model works is because:
1)Not-any-old-lawyer can walk into Federal Court.
You have to be accepted into the Federal Bar for that
district/circuit/etc (IIRC). Which means one of the
allready-on-federal-bar lawyers has to allow you in and vouch for you.
That makes for fewer high priced lawyers
2) The costs will be high: half a million plus in legal fees in the end.
3) You win court-costs ONLY if you have registered your copyright BEFORE
the violation you are suing defendant over, and also BEFORE any
same/similar violation. Otherwise you only get regular damages (revenue,
or profits, or what the defendant would have paid you for a license (0
dollars), whichever the court wishes). (Note: you have to register your
copyright at the time of the suit atleast, but if it is after the
violations you don't get statutory damages nor do you get attorney's
fees)
Also read this EFF brief, page 10 etc. It has some discussion on the
violation:
perens.com/static/OSS_Spenger_v_Perens/0_2018cv15189/docs1/pdf/18.pdf
On 2019-11-04 21:14, Florian Weimer wrote:
> * nipponmail:
>
>> You are incorrect. GPL version 2 section 6 states that one shall not
>> add
>> additional restrictions between the agreement between the licensee and
>> further licensees. It governs that relationship vis-a-vis the
>> protected
>> Work.
>>
>> GrSecurity has, indeed, stipulated an additional restrictive term.
>> From: You may distribute derivative works freely.
>> GrSecurity has forced customers to agree to: We shall not distribute
>> the
>> (non-separable) derivative work EXCEPT to our own customers (when
>> required).
>>
>> That is clearly an additional restrictive term.
>
> I assume they did this as part of their subscription agreement. Their
> customers are free to terminate that agreement and exercise their
> rights under the GPL. They just can't have it both ways.
>
> I believe this a fairly common approach to subscription and service
> agreements for GPL software.