[go: up one dir, main page]
|
|
Log in / Subscribe / Register

Grsecurity goes private

Grsecurity goes private

Posted May 5, 2017 20:07 UTC (Fri) by xtifr (guest, #143)
In reply to: Grsecurity goes private by linuxrocks123
Parent article: Grsecurity goes private

Like I say, the law takes intent into account. It seems pretty clear to me that the *intent* is to prevent people from redistributing the GPL'd code. Of course, they'll argue otherwise. The only thing that matters, though, is what a *judge* would think. And I tend to doubt a judge would be fooled by such an obvious trick.

What might make it harder is if they *never admit* their reasons for not doing business with certain customers. That would switch the burden of proof. But even that would be a risky strategy, since it would be fairly obvious what they were actually doing.

Stallman's pretty experienced with people trying to weasel their way around the GPL. If he says it's a violation, I'd consult my lawyer before suggesting otherwise.

to post comments

Grsecurity goes private

Posted May 5, 2017 21:57 UTC (Fri) by nybble41 (subscriber, #55106) [Link]

> It seems pretty clear to me that the *intent* is to prevent people from redistributing the GPL'd code.

If so it's a lousy way to go about it, since it doesn't actually *prevent* anyone from distributing anything. There will be a cost, of course, if you wanted their ongoing cooperation in the future in the form of new patches, but the choice is still yours whether to distribute or not. If you choose to distribute you are not violating any contract and do not lose anything to which you previously had any legal right. After all, there is no guarantee that there would *be* future patches for you to purchase, and even if they are created the authors are under no obligation to sell them to you whether you distributed the prior patches or not.

I could go around offering people a million dollars cash on the condition that they don't distribute any GPL'd code, without ever distributing GPL'd code myself. The *intent* of that offer would clearly be to reduce the distribution of GPL'd code (though not actually *preventing* it), but that doesn't mean that I've violated the GPL by making the offer.

Grsecurity goes private

Posted May 6, 2017 20:10 UTC (Sat) by paulj (subscriber, #341) [Link] (7 responses)

There are many other companies using this business model.

Grsecurity goes private

Posted May 8, 2017 22:30 UTC (Mon) by mattrose (guest, #19610) [Link] (6 responses)

Charging money for GPL-derived source code? Not the RH "charge money for binaries and distribute sources", or any one of a number of "Charge for additional binaries that happen to add on or plug in to the GPL-ed source code, but actual "You have to pay money for source code that you have every right to view and modify, under the GPL"

Name one.

Grsecurity goes private

Posted May 9, 2017 20:35 UTC (Tue) by paulj (subscriber, #341) [Link] (5 responses)

Email me or /msg me on freenode and I'll give you a link to one.

BTW, the GPL is perfectly OK with charging money for source code, and/or for binaries.

The only thing is that if you distribute binaries without source at the same time, then you must make the source available on reasonable terms. You can charge as much as you want for source and/or binaries, with that restriction...

Grsecurity goes private

Posted May 10, 2017 12:40 UTC (Wed) by mattrose (guest, #19610) [Link] (2 responses)

You are absolutely right about charging for source code, however, what the GPL is explicitly NOT ok with is putting "further restrictions" on the source code distributed or modified under the GPL.

Section 6 says: "You may not impose any further restrictions on the recipients' exercise of the rights granted herein."

RedHat complies by giving the source code away, and just charging for the convenience of pre-compiled binaries, and limiting access to those binaries, which the GPL says nothing about.

Look at it this way. I could have access to RedHat sources even if RedHat itself wanted nothing to do with me. For access to the source code for the grsecurity version of the linux kernel, I need to pay money to grsecurity. What grsecurity is doing is very much not only against the text of the GPL, but against the spirit of Linus's original license decision.

Linus put the kernel under the GPL because he wanted all of the modifications to it to become publicly available. All other contributors have contributed to Linux with the same condition. If Linus had wanted people to be able to fork off their own version and not contribute back, he would have licensed it differently.

And the fact that you are not willing to name one publicly kinda proves my point.

Grsecurity goes private

Posted May 10, 2017 13:33 UTC (Wed) by paulj (subscriber, #341) [Link]

Section 6 also applies to Section 3, where recipients are given the right to redistribute binaries (modulo reasonable access to source - which one is required to follow if one has distributed binaries, but that doesn't come into play if one only distributes in source form).

open source code gone dark

Posted May 19, 2017 4:29 UTC (Fri) by Garak (guest, #99377) [Link]

Linus put the kernel under the GPL because he wanted all of the modifications to it to become publicly available. All other contributors have contributed to Linux with the same condition. If Linus had wanted people to be able to fork off their own version and not contribute back, he would have licensed it differently.
I'm guessing that there are plenty of instances of people and businesses that modify GPLd code, and use it, often commercially, without making those modifications publicly available. It's just that those instances don't involve the distribution of those modifications publicly. I.e. one can readily imagine the NSA and CIA and Google hardening (some of) the kernels that they and their cohorts use without those modifications ever seeing any public light of day. Sorry to get pedantic about the nuance, but this does seem to be the place for it. Probably the CIA/NSA use some god-mode of legaleze to get around whatever they want, but there is clearly nothing illegal about making a business out of the fact that your secret unreleased/undistributed security enhancements give your IT infrastructure an edge over competitors. I.e. imagine a dozen hypothetical GMail competitors running modified linux kernels on their servers. The ones that get hacked the least make the most $$ in the long run. Obviously the hypothetical breaks down in the real world for lots of reasons, but I do imagine there are plenty of high profile businesses running servers with various secret sauce hardenings. Which is pretty much what this is all about AFAICT.

Grsecurity goes private

Posted May 18, 2017 20:15 UTC (Thu) by Wol (subscriber, #4433) [Link] (1 responses)

> You can charge as much as you want for source and/or binaries, with that restriction...

Except, that once you have distributed the binaries, you can NOT charge as much as you want for the source ...

I believe the GPL itself explicitly says you can charge a *reasonable* fee, and $1M for an hour's work for an engineer to copy the source to a CD is clearly not reasonable...

Cheers,
Wol

Grsecurity goes private

Posted May 19, 2017 7:34 UTC (Fri) by paulj (subscriber, #341) [Link]

For primary distribution, you can charge _whatever_ you want. Be that in source or binary form.

If you have distributed in binary-only form, you must honour the §3 commitments to provide source on reasonable terms, for _finite_ amount of time.

That does not, per se, prevent one from primary distribution in source form, at whatever price. (Though, anyone who is aware the distributor is also obligated to provide source under §3 terms, or is aware to ask, obviously may prefer the §3 terms).

Grsecurity goes private

Posted May 10, 2017 1:00 UTC (Wed) by linuxrocks123 (subscriber, #34648) [Link]

Intent only matters when the intent is somehow illegal by statute. Your claim that "the intent is to stop them from doing something they're legally allowed to do, therefore they can't do that" doesn't hold up to even a rudimentary analysis. In the US, a private company can, for instance, fire someone who goes on the news and says bad stuff about the company. The employee is perfectly free to speak up about how horrible his employer is, and the company is perfectly free not to be his employer anymore afterwards. No one's legal rights are being violated.

In the US, again, anti-retaliation laws are the exception, not the rule. You can't be fired for blowing the whistle on your company to the government, like by reporting it to the EPA or whatever, because there's a specific law against companies' doing that. You can't be fired or not hired for being black because, again, there's a specific law against companies' doing that. In some but not all US jurisdictions, you can't be fired or not hired for being gay, because there's a specific law against companies' doing that; in other places, there's no such law, so a company can only hire straight people and refuse to serve gay customers if it wants to, and can fire an employee for coming out, even though it's definitely not illegal to come out.

In the law, and not just the US but pretty much everywhere, anything not prohibited is permitted. If your assertion is that the law in whatever jurisdiction you're in prohibits a company from retaliating against customers for doing a thing, you'll need to find the specific law stopping the company from retaliating against the customer for doing that thing, not just confirm that the thing the customer did isn't itself illegal to do. Just because I have the right to go on the news and talk about how horrible McDonald's is doesn't mean McDonald's still has to employ me or serve me as a customer after I do that.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds