GrSecurity brags about it's GCC plugins (which violate the GPL for the same reason it's kernel patch does) -- Is this not a threat to the gnu gpl system?
From: nipponmail
Date: Mon Nov 11 2019 - 14:07:59 EST
Is this not a threat to the whole GNU-GPL system?
grsecurity.org
grsecurity.net
Unlike the manual, ad-hoc approach to finding and fixing Spectre v1
vulnerabilities employed elsewhere, our much higher coverage RespectreÂ
compiler plugin discovers and automatically instruments the code with
high-performance fixes.
Can you do something about this please? Does this not bother you?
I for one, was convinced to join the free software movement and program
for it because of the promise of the GPL. But here, with their "access
agreement" they blatantly violate it (version 2, section 6 for the
kernel patch, I'm sure you know which section for GCC). They
infact-and-indeed do add an additional restrictive term.
This is allowed to stand.
It is less likely that I myself would have contributed code if it were
not for the promise of the GPL that others could not close derivative
works to me. That promise is being shown to be a lie. I doubt I'm the
only one who was attracted by the GPL, but now that it is shown to be a
false promise: the spell likely is broken.
Can you please do something about this.
Why all the silence? Why is no one angry about this?
This is as blatant of a violation as they come: it cuts at the very root
of the whole point of Free Software:
RMS you wanted the code to come back to you: you made it clear in your
EMACS license/notice. GrSecurity (OpenSourceSecurity) have completely
obliterated what you intended. And it is allowed to stand.
Why? Please will nothing be done? Will nothing be discussed?
GCC is your compiler: They're doing EXACTLY what you DID NOT WANT to
happen regarding plugins: they have effectively created PROPRIETARY
plugins. The lawyers told you it could not happen, so that you would
agree to allow plugins. Now apparently it has happened.
Now you can only get GrSec, the patch, the compiler plugins, if you have
10k+, and you are not permitted to redistribute it (or else).
Yes this is a violation of section 6 of version 2 of the GPL (I know
some programmers argue otherwise because programmers think they know
everything about every field)
"UHHHHHMMMMM we put it in a SEPARATE writing, thus we can impose
additional restrictive terms!"
UHHH, Punishing a recipient for breaking our additional negative
covenant is not violating the license :^), they didn't HAVE to violate
our restrictions! It was their choice!
Ahem
Although previous to our additional restriction, under the GPL the
recipient is free to distribute the source to anyone without
repercussion or harm.
Once we chose to add our access agreement, the recipient after paying
us 10k, agrees to never freely distribute the work except to his own
customers on demand: under penalty of forfeiting the remainder of his
balance and no further updates (which he already paid for)
This is clearly not an additional restriction not-present in the
licensing terms
:^)
We also don't tell the linux kernel team about the fixes we silently
fix in our GPL-Respecting additional-restrictive terms derivative work.
We'll tell you though, unless you distribute the Work: then you're cut
off. Better not redistribute
:^)
The federal copyright lawsuit would cost 600k to finance.
OpenSourceSecurity makes 120k a year, off of government contract(s/ors).
GCC plugins have been part of GrSecurity for a very long time, I
remember them writing about them in the early/mid 2000s