Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
Date:   Tue, 05 Nov 2019 00:37:25 +0000
From:   nipponmail@firemail.cc
To:     linux-kernel@vger.kernel.org
Cc:     ruben@mrbrklyn.com, mrbrklyn@panix.com
Subject: Re: Will no-one sue GrSecurity for their blatant GPL violation (of
 GCC and the linux kernel)?
In-Reply-To: <87ftj3gx9h.fsf@mid.deneb.enyo.de>
References: <b0668893d6fbfeca10a724e1c5846e92@firemail.cc>
 <E1iRgHg-0007e0-Gd@fencepost.gnu.org>
 <2fbd35b601c740b3cf88b73df7a2c123@firemail.cc>
 <87ftj3gx9h.fsf@mid.deneb.enyo.de>
Message-ID: <4175aec5f562fed9b7b9395016abe6de@firemail.cc>
User-Agent: Roundcube Webmail/1.3.6
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk

It does not matter how common this way of doing buisness is.
It is still a blatant violation of the Copyright holders terms.

The Copyright holder has allowed GrSecurity to do something they, by 
default, have no right to do (create and distribute [non-seperable] 
derivative works), ONLY if they follow the Copyright holder's 
directives.

The Copyright holder has stipulated that each distributee has the 
permission to FREELY create derivative works based on the work and 
FREELY distribute said original work and said derivative works, but that 
they ONLY have this permission IF they also extend those rights to 
down-the-line-distributees AND they DO NOT add ANY additional 
_RESTRICTIONS_ on that right.

If GrSecurity was _NOT_ adding an additional restriction it would NOT 
need an "access agreement" (no-redistribution agreement).

They are BLATANTLY violating section 6.

Please read:
perens.com/2017/06/28/warning-grsecurity-potential-contributory-infringement-risk-for-customers/

Please.

The reason why this business model works is because:

1)Not-any-old-lawyer can walk into Federal Court.
You have to be accepted into the Federal Bar for that 
district/circuit/etc (IIRC). Which means one of the 
allready-on-federal-bar lawyers has to allow you in and vouch for you. 
That makes for fewer high priced lawyers

2) The costs will be high: half a million plus in legal fees in the end.

3) You win court-costs ONLY if you have registered your copyright BEFORE 
the violation you are suing defendant over, and also BEFORE any 
same/similar violation. Otherwise you only get regular damages (revenue, 
or profits, or what the defendant would have paid you for a license (0 
dollars), whichever the court wishes). (Note: you have to register your 
copyright at the time of the suit atleast, but if it is after the 
violations you don't get statutory damages nor do you get attorney's 
fees)

Also read this EFF brief, page 10 etc. It has some discussion on the 
violation: 
perens.com/static/OSS_Spenger_v_Perens/0_2018cv15189/docs1/pdf/18.pdf

On 2019-11-04 21:14, Florian Weimer wrote:
> * nipponmail:
> 
>> You are incorrect. GPL version 2 section 6 states that one shall not 
>> add
>> additional restrictions between the agreement between the licensee and
>> further licensees. It governs that relationship vis-a-vis the 
>> protected
>> Work.
>> 
>> GrSecurity has, indeed, stipulated an additional restrictive term.
>>  From: You may distribute derivative works freely.
>> GrSecurity has forced customers to agree to: We shall not distribute 
>> the
>> (non-separable) derivative work EXCEPT to our own customers (when
>> required).
>> 
>> That is clearly an additional restrictive term.
> 
> I assume they did this as part of their subscription agreement.  Their
> customers are free to terminate that agreement and exercise their
> rights under the GPL.  They just can't have it both ways.
> 
> I believe this a fairly common approach to subscription and service
> agreements for GPL software.