Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752390AbdG2XVf (ORCPT ); Sat, 29 Jul 2017 19:21:35 -0400 Received: from mail-yw0-f181.google.com ([209.85.161.181]:36811 "EHLO mail-yw0-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751759AbdG2XVe (ORCPT ); Sat, 29 Jul 2017 19:21:34 -0400 MIME-Version: 1.0 In-Reply-To: <20170729200726.6qxlnh7mmfpfxkq3@thunk.org> References: <6261acc7cc854161158181d1ecfc7682@redchan.it> <20170729200726.6qxlnh7mmfpfxkq3@thunk.org> From: "Paul G. Allen" Date: Sat, 29 Jul 2017 17:20:52 -0600 Message-ID: Subject: Re: Yes you have standing to sue GRSecurity To: linux-kernel Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 4097 Lines: 79 > It's not even clear that there is infringement. The GPL merely > requires that people who have been distributed copies of GPL'ed code > must not be restricted from further redistribution of the code. It > does not require that that someone who is distributing it must > available on a public FTP/HTTP server. > > Brad Spengler has asserted that he has not forbidden any of his > customers from further redistribution of the code. Other than his > claim of being in compliance with the GPL, I do not personally have > any information either suggesting that he is or is not violating the > terms of the GNU Public License. > > Personally, I think I don't think it makes any difference one way or > another. GRSecurity has made themselves irrelevant from the > perspective of upstream development. If someone wants to find some > embedded device which is using GRSecurity, and wishes to purchase said > device, and then demand access to source code under the terms of the > GPL, and then post those sources on some web site, that is all within > their right to do. For the most part, though, it's rarely useful to > get dead code posted on a web site. This is the same reason that > people who do drive-by open sourcing of code largely don't make much > difference. You can make a code drop of (for example) Digital's old > Tru64 advfs and make it available under an open source license. But > even though it was a very good file system for its time, unless it > comes with a community of developers, the code drop will very likely > just sit there. > > So personally, I don't think it's a particularly good use of *my* time > to investigate whether or not folks who are responsible for grsecurity > are violating the terms of the GPL, and to get involved in a lawsuit. > It may be that there is no "there" there, in which case it will be a > waste of my time. And even if we can find proof that GRsecurity has > forbidden its customers from redistribution code derived from the > Linux kernel, in violation of the GPL, it will be messy, it will > enrich a bunch of attorneys --- and at the end of the day we will get > a dump of code that probably won't make any real difference to the > upstream development of the Linux kernel, since it will probably be > based on some ancient 3.18 kernel or some such. > If there is something to this (that GRSecurity is somehow in violation of the GPL), then it would probably be a very good idea for someone (the community, Red Hat, etc.) to protect the kernel. From my understanding, at least in America, protections under any license or contract (especially dealing with copyright and trademark infringement) are only enforceable as long as the party with the rights enforce the license/contract/agreement. There is also something in law called "setting a precedent" and if the violating of the Linux license agreement is left unchecked, then quite possibly a precedent could be set to allow an entire upstream kernel to be co-opted. I've know a LOT of engineers over the past 30+ years that ignore the legal ramifications of what they do (because most engineers want to engineer, not deal with legal garbage), and end up losing in the end (or causing lawsuits for their company). In other words, if things like this are left unchecked, then eventually Linux possibly becomes co-opted by a company that violates the license and everyone else is left having to pay them. I have had code stolen in the past (an entire game in fact). That was at a time when I was not financially able to do anything about it, and even if I was, I was too young tot know any better and would not have pursued any action. I now know better and have seen - since then - people lose and be diminished because some entity took the fruits of their long, hard work. In summary, I think dismissing such a thing out-of-hand is a mistake. Looking into it and making sure of the issue helps everyone, and continues to keep the kernel free (who here remembers SCO?). Thanks, PGA -- Paul G. Allen, BSIT/SE Owner, Sr. Engineer Random Logic Consulting www.randomlogic.com