Originally posted by skeevy420
View Post
Announcement
Collapse
No announcement yet.
GrSecurity Linux Kernel To Focus More On Performance This Year
Collapse
X
-
Originally posted by sandy8925 View PostBased on the GPL, GrS cannot legally forbid any of their clients from redistributing the patches.
Comment
-
Originally posted by reavertm View PostGRS sells patches that are based on GPL-licensed kernel software. GRS patches are licensed with proprietary license.
Comment
-
Originally posted by starshipeleven View PostT
can strongly dissuade them by terminating the contract and never selling to them in the future, and also by making them sign an agreement where if they were to redistribute the patch they would pay a lot of money to GrSecurity.
Comment
-
Originally posted by sandy8925 View PostThat second part would violate GPL and therefore be illegal.
For their client the value of the patches alone is low, they are paying for a service (support, updates and improvements as security landscape changes), and this service has an agreement and its own conditions just like any other service.
It would not be hard to just say that distributing the code without paying a load of cash (or at all) would violate the terms of this agreement, and terminate the contract.
Then they would have GPL code so they can do what they want with it, but they paid for a service that is more than just bare kernel patches with no warranty or support.
This isn't uncommon in businness, see https://www.legalmatch.com/law-libra...tributors.htmlLast edited by starshipeleven; 20 March 2020, 07:15 AM.
Comment
-
Originally posted by starshipeleven View PostNo it would not as it is a sales or services agreement that is signed between the two entities, it's completely unrelated to the license.
"You may convey a work based on the Program, or the modifications to produce it from the Program...- c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy."
Note that sales and services are explicitly separate when RedHat does it. They do provide all source code (except for the RedHat trademarked logos which are explicitly exempt) and is why we have CentOS. CentOS can't use GrSecurity patches, because they "forbid redistribution".
- Likes 2
Comment
-
Originally posted by OneTimeShot View PostThe patches shipped by GRSecurity are derivative works of the Linux kernel.
The patches are GPL, and they are legally circumventing the GPL by using a service/sales agreement with their clients that prevents the client from distributing the patch if they still want to use the service.
This is legal. The GPL does not say "you MUST redistribute", but "you CAN redistribute". The client CAN redistribute the patches, so the freedom granted by the GPL is not infringed.
The GrSecurity service though (providing the clients updates to the patches as time goes on, support, or anything else) is NOT bound by GPL but by a commercial contract that can very well state that any redistribution of the patches would result in its termination.
Since the value here is the service (the updates and the support) and not just the patches on their own, any client does not really have much incentive to use their GPL-granted rights to redistribute the patches.
Note that sales and services are explicitly separate when RedHat does it.
Clients actually buying RHEL are likely to need much more support than clients that pay for GrSecurity hardening. So RedHat can assume that most serious clients will pay for a subscription even if they can get more or less the same stuff (not really, there is some proprietary stuff in RHEL too, mostly in the userspace, server management) with CentOS.
Comment
-
Originally posted by starshipeleven View PostUnless you can show me where they are changing the license of the patches it's 99% likely to be as I said above.
This is legal. The GPL does not say "you MUST redistribute", but "you CAN redistribute". The client CAN redistribute the patches, so the freedom granted by the GPL is not infringed..
I'll keep it simple: if you are distributing or modifying GPL software you *MUST* license it under the terms of the GPL - which means the receiver must get the same rights as you had. You can't add your own restrictions, unless you get that agreed with the original Copyright owners - Linus/IBM and so on. What you are describing is MIT or BSD licenses where anyone can make changes and not distribute the source..
Comment
-
Originally posted by OneTimeShot View PostYou can't add your own restrictions
They can freely decide to give updates to you or not without violating the GPL.
They are selling a subscription service where they give the patches, and then keep them updated over time and give other support.
The GPL gives the client the freedom to redistribute the code. The subscription service agreement does not.
But these are two different things, both exist at the same time.
-Code license of the code.
-Service agreement for the updates and support to the patches.
Due to the code license, the client can take the code, or redistribute it freely. Because it is GPL.
But if they do so they break the service agreement, and they will not get any more updates and support.
Now, for a client what is more useful of the two things?
1. Having some source code with no support, that will become useless in a few months as security evolves
2. Having full updates and support for the product, must pay money to GrSecurity
Most likely the latter. So they chose to just pay and not redistribute the patches.
This is a similar situation with RedHat or SUSE, and also Google (Android) for that matter as neither are selling the code directly ala Microsoft.
The whole software product (without some smaller parts) is available for free, but it is a behemoth that requires significant resources to maintain and skills to master.
For the client, just getting the source (or a free distro like CentOS or OpenSUSE Leap ) is quite frankly completely useless.
They lack the skills to maintain it themselves, or need skilled support to deal with their issues in a short time, or need training for their admins.
So they pay for a businness license, and pay for the service.
GrSecurity is doing it in the reverse. They use the service to force the clients to not leak the code, fully knowing that the clients need the service and can't do much with the code alone.Last edited by starshipeleven; 20 March 2020, 08:47 PM.
Comment
-
If I create a derived work based on GPL:ed code, and let my customers use, then that derived work must follow the GPL license.
I don't need to hand out my patches to anyone who asks. But if any of my customers asks, I must hand out my code changes to them. That's all part of the GPL license. And my customers are then free to further distribute the patches to whoever wants them.
I can't write a contract with my customers where they have to agree to not republish my changes - that would violate the original GPL license.
When GrS adds a clause that their services are terminated if a customer redistributes the changes, then they are added an additional clause on top of the GPL license. And the GPL doesn't allow any additional limitation to be added.
If a client released the code and get their service terminated, I think it could result in a very interesting case in court. A case that just could completely shatter their business model.
Comment
Comment