Re: Yes you have standing to sue GRSecurity

From: Pavel Machek
Date: Sun Jul 30 2017 - 05:47:43 EST


Hi!

On Sat 2017-07-29 17:20:52, Paul G. Allen wrote:
> > It's not even clear that there is infringement. The GPL merely
> > requires that people who have been distributed copies of GPL'ed code
> > must not be restricted from further redistribution of the code. It
> > does not require that that someone who is distributing it must
> > available on a public FTP/HTTP server.
> >
> > Brad Spengler has asserted that he has not forbidden any of his
> > customers from further redistribution of the code. Other than his
> > claim of being in compliance with the GPL, I do not personally have
> > any information either suggesting that he is or is not violating the
> > terms of the GNU Public License.
> >
> > Personally, I think I don't think it makes any difference one way or
> > another. GRSecurity has made themselves irrelevant from the
> > perspective of upstream development. If someone wants to find some
> > embedded device which is using GRSecurity, and wishes to purchase said
> > device, and then demand access to source code under the terms of the
> > GPL, and then post those sources on some web site, that is all within
> > their right to do. For the most part, though, it's rarely useful to
> > get dead code posted on a web site. This is the same reason that
> > people who do drive-by open sourcing of code largely don't make much
> > difference. You can make a code drop of (for example) Digital's old
> > Tru64 advfs and make it available under an open source license. But
> > even though it was a very good file system for its time, unless it
> > comes with a community of developers, the code drop will very likely
> > just sit there.
> >
> > So personally, I don't think it's a particularly good use of *my* time
> > to investigate whether or not folks who are responsible for grsecurity
> > are violating the terms of the GPL, and to get involved in a lawsuit.
> > It may be that there is no "there" there, in which case it will be a
> > waste of my time. And even if we can find proof that GRsecurity has
> > forbidden its customers from redistribution code derived from the
> > Linux kernel, in violation of the GPL, it will be messy, it will
> > enrich a bunch of attorneys --- and at the end of the day we will get
> > a dump of code that probably won't make any real difference to the
> > upstream development of the Linux kernel, since it will probably be
> > based on some ancient 3.18 kernel or some such.
> >
>
> If there is something to this (that GRSecurity is somehow in violation
> of the GPL), then it would probably be a very good idea for someone
> (the community, Red Hat, etc.) to protect the kernel. From my
> understanding, at least in America, protections under any license or

You probably still have code in the kernel. So you probably can sue
them. I'll have my fingers crossed for you :-), but otherwise don't
expect much help.

Pavel

--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Attachment: signature.asc
Description: Digital signature