GrrrrrrrrrSecurity

Grrrrrrrrrrrrrrrr :l
More like the benefit is none...

Michael - Please stop posting information about GrSecurity. They do not deserve the free publicity.

They are GPL violators, and so are their customers. End of. I was hoping that Bruce Perens had bankrupted them, but it looks as though the scum are still around.

So, I'm not a lawyer but, aren't they GPL violators? If yes, how can they still be around!?

GPL Violator or not, I don't support or use services that don't have a clear pricing model. "You have to contact us for pricing" is one shady business practice.

As I recall, it was only a quarter million dollar settlement for legal fees. Not likely to bankrupt the company.

I did implement their patches on top of Gentoo selinux and it did make a good difference. If the patches are made available to the customers I guess it's GPL compatible ?

The needle GRSecurity is trying to thread is that they are not required to do business with anyone under the GPL, so it is a business decision, and not a GPL violation, by GRSecurity as to whom to sell their patches to (only those that agree to not redistribute the patches are deemed to be worthy of getting and maintaining a license by GRS). While there are many that believe that violates at least the spirit of the GPL, the question is whether that is a technical violation of the GPL as those companies never intended to redistribute their modified (by GRS patches) kernel, so would never be subject to the GPL source redistribution requirements. As I recall the details, Parens said it was his opinion it was a violation, which is where the lawsuit by GRS started because it threatened their business model. Some future court case would need to make the determination of an actual GPL violation, and until then, we have a lot of people with opinions.

Based on the GPL, GrS cannot legally forbid any of their clients from redistributing the patches. That would be a violation of GPL, and hence copyright law.

I am not a lawyer, that's just my understanding of how it works.

Let me add my non-lawyer take on this (in post number 222, ha!).

GRS sells patches that are based on GPL-licensed kernel software. GRS patches are licensed with proprietary license.

If GRS patches are in Unified Diff format (git diff, format-patch, ...) then they contain up to three line context around GRS modification. Example for some unrelated patch:
That context is GPL-licensed kernel source.
Therefore, selling any context-based patches of the kernel constitutes selling GPL-licensed code that is protected from redistribution without source publication -> GPL violation.