Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752390AbdG2XVf (ORCPT <rfc822;w@1wt.eu>);
        Sat, 29 Jul 2017 19:21:35 -0400
Received: from mail-yw0-f181.google.com ([209.85.161.181]:36811 "EHLO
        mail-yw0-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751759AbdG2XVe (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 29 Jul 2017 19:21:34 -0400
MIME-Version: 1.0
In-Reply-To: <20170729200726.6qxlnh7mmfpfxkq3@thunk.org>
References: <6261acc7cc854161158181d1ecfc7682@redchan.it> <CAN4-gUESAsBGkwtztoEEyEaPm_=snh2jQLFRsUxAY2ykEQRtuQ@mail.gmail.com>
 <20170729200726.6qxlnh7mmfpfxkq3@thunk.org>
From: "Paul G. Allen" <pgallen@gmail.com>
Date: Sat, 29 Jul 2017 17:20:52 -0600
Message-ID: <CAN4-gUGQJCdYysoxE6=6uU8NS0b-Nkr-vr9AQ7bSmwddmf95GQ@mail.gmail.com>
Subject: Re: Yes you have standing to sue GRSecurity
To: linux-kernel <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 4097
Lines: 79

> It's not even clear that there is infringement.  The GPL merely
> requires that people who have been distributed copies of GPL'ed code
> must not be restricted from further redistribution of the code.  It
> does not require that that someone who is distributing it must
> available on a public FTP/HTTP server.
>
> Brad Spengler has asserted that he has not forbidden any of his
> customers from further redistribution of the code.  Other than his
> claim of being in compliance with the GPL, I do not personally have
> any information either suggesting that he is or is not violating the
> terms of the GNU Public License.
>
> Personally, I think I don't think it makes any difference one way or
> another.  GRSecurity has made themselves irrelevant from the
> perspective of upstream development.  If someone wants to find some
> embedded device which is using GRSecurity, and wishes to purchase said
> device, and then demand access to source code under the terms of the
> GPL, and then post those sources on some web site, that is all within
> their right to do.  For the most part, though, it's rarely useful to
> get dead code posted on a web site.  This is the same reason that
> people who do drive-by open sourcing of code largely don't make much
> difference.  You can make a code drop of (for example) Digital's old
> Tru64 advfs and make it available under an open source license.  But
> even though it was a very good file system for its time, unless it
> comes with a community of developers, the code drop will very likely
> just sit there.
>
> So personally, I don't think it's a particularly good use of *my* time
> to investigate whether or not folks who are responsible for grsecurity
> are violating the terms of the GPL, and to get involved in a lawsuit.
> It may be that there is no "there" there, in which case it will be a
> waste of my time.  And even if we can find proof that GRsecurity has
> forbidden its customers from redistribution code derived from the
> Linux kernel, in violation of the GPL, it will be messy, it will
> enrich a bunch of attorneys --- and at the end of the day we will get
> a dump of code that probably won't make any real difference to the
> upstream development of the Linux kernel, since it will probably be
> based on some ancient 3.18 kernel or some such.
>

If there is something to this (that GRSecurity is somehow in violation
of the GPL), then it would probably be a very good idea for someone
(the community, Red Hat, etc.) to protect the kernel. From my
understanding, at least in America, protections under any license or
contract (especially dealing with copyright and trademark
infringement) are only enforceable as long as the party with the
rights enforce the license/contract/agreement.

There is also something in law called "setting a precedent" and if the
violating of the Linux license agreement is left unchecked, then quite
possibly a precedent could be set to allow an entire upstream kernel
to be co-opted. I've know a LOT of engineers over the past 30+ years
that ignore the legal ramifications of what they do (because most
engineers want to engineer, not deal with legal garbage), and end up
losing in the end (or causing lawsuits for their company).

In other words, if things like this are left unchecked, then
eventually Linux possibly becomes co-opted by a company that violates
the license and everyone else is left having to pay them.

I have had code stolen in the past (an entire game in fact). That was
at a time when I was not financially able to do anything about it, and
even if I was, I was too young tot know any better and would not have
pursued any action. I now know better and have seen - since then -
people lose and be diminished because some entity took the fruits of
their long, hard work.

In summary, I think dismissing such a thing out-of-hand is a mistake.
Looking into it and making sure of the issue helps everyone, and
continues to keep the kernel free (who here remembers SCO?).

Thanks,

PGA
-- 
Paul G. Allen, BSIT/SE
Owner, Sr. Engineer
Random Logic Consulting
www.randomlogic.com