Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751791AbdG2UHa (ORCPT ); Sat, 29 Jul 2017 16:07:30 -0400 Received: from imap.thunk.org ([74.207.234.97]:45336 "EHLO imap.thunk.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751497AbdG2UH3 (ORCPT ); Sat, 29 Jul 2017 16:07:29 -0400 Date: Sat, 29 Jul 2017 16:07:26 -0400 From: "Theodore Ts'o" To: "Paul G. Allen" , nisus@redchan.it Cc: linux-kernel Subject: Re: Yes you have standing to sue GRSecurity Message-ID: <20170729200726.6qxlnh7mmfpfxkq3@thunk.org> Mail-Followup-To: Theodore Ts'o , "Paul G. Allen" , nisus@redchan.it, linux-kernel References: <6261acc7cc854161158181d1ecfc7682@redchan.it> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170609 (1.8.3) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: tytso@thunk.org X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2659 Lines: 51 On Sat, Jul 29, 2017 at 09:32:36AM -0600, Paul G. Allen wrote: > I have not contributed to the kernel for some time (I have been > working on some stuff, but nothing that's been contributed), so I > don't know if any of my code would be infringed (or if it's even in > the latest kernels). > > My work was on AGP and VIA drivers, so I am wondering if GRSecurity's > patches affect that code? It's not even clear that there is infringement. The GPL merely requires that people who have been distributed copies of GPL'ed code must not be restricted from further redistribution of the code. It does not require that that someone who is distributing it must available on a public FTP/HTTP server. Brad Spengler has asserted that he has not forbidden any of his customers from further redistribution of the code. Other than his claim of being in compliance with the GPL, I do not personally have any information either suggesting that he is or is not violating the terms of the GNU Public License. Personally, I think I don't think it makes any difference one way or another. GRSecurity has made themselves irrelevant from the perspective of upstream development. If someone wants to find some embedded device which is using GRSecurity, and wishes to purchase said device, and then demand access to source code under the terms of the GPL, and then post those sources on some web site, that is all within their right to do. For the most part, though, it's rarely useful to get dead code posted on a web site. This is the same reason that people who do drive-by open sourcing of code largely don't make much difference. You can make a code drop of (for example) Digital's old Tru64 advfs and make it available under an open source license. But even though it was a very good file system for its time, unless it comes with a community of developers, the code drop will very likely just sit there. So personally, I don't think it's a particularly good use of *my* time to investigate whether or not folks who are responsible for grsecurity are violating the terms of the GPL, and to get involved in a lawsuit. It may be that there is no "there" there, in which case it will be a waste of my time. And even if we can find proof that GRsecurity has forbidden its customers from redistribution code derived from the Linux kernel, in violation of the GPL, it will be messy, it will enrich a bunch of attorneys --- and at the end of the day we will get a dump of code that probably won't make any real difference to the upstream development of the Linux kernel, since it will probably be based on some ancient 3.18 kernel or some such. Cheers, - Ted