Only for the code they are actually using, not for future updates.

The contract does not forbid them from publishing the patches, the contract terminates the subscription so the client does not receive any support or future updates.

Please explain in detail what part of the GPL license governs the terms of service for a service that provides updates and support for the GPL code.
Because I must have missed it.

No it would not, as the code is still GPL so they can't sue over it, and violating a term of service does not really give them any leverage to sue anyone.
I already explained what is 99% likely going on in more detail in the post above yours.

One important thing in the GPL is regarding 7. Additional Terms. where there is a provision:
In my view, the addition of a "we stop supplying updates of you make use of the GPL rights" is an additional term that is violating the GPL license.

And another important point in the GPL is under 8. Termination.
Which means that if a court decides that GrS is violating paragraph 7, then GrS might end up losing all rights to supply updates to any and all of their customers.

And this under 10. Automatic Licensing of Downstream Recipients.
In my view, the GrS does violate this paragraph.

Then you have 12. No Surrender of Others' Freedom.
We wouldn't have this debate unless quite a lot of people considers GrS to violate this. And potentially even the customers too.

No, no no, stop right there. You can't just re-define things that, the license states already what these "further restrictions" are. Let's highlight the part you missed.

All other non-permissive additional terms are considered “further restrictions” within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term.

This means: the definition of "further restriction" isn't left to the reader but is defined at section 10, that you also quoted but did not seem to fully understand.

You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it.

Goddammit, that's clear as day for me, this is garden variety legalese. The important part was highlighted.

This means that "further restrictions" means restrictions that limit the rights granted by the GPL.

Does the GPL have any provision that talks about updates? No it does not. It talks only about the software as is when you received it.

Therefore it is NOT granting ANY right about updates.

Therefore any restriction on updates are NOT restricting the rights granted by GPL and are not breaking the license.

As simple as that.

It is 100% against the GPL intentions and I won't deny that, but it is not against the GPLv2 license. It's a perfectly valid legal loophole.

same as above, it never granted that right to begin with, any restriction imposed on that does not "contradict the conditions of this License".

We have this debate because a lot of people don't understand how GPL actually works and what are its actual limits, people think it is much stronger than it actually is. There are loopholes.

GPLv2 can be fucked with by "tivoizing" (although not in this case), i.e. you can get the source code but the device has a locked bootloader that won't boot your custom code anyway, so what's the point of it. That's why GPLv3 was created.

Another way to deny your freedoms while still using GPL code is to only use it in a server-client mode. In this case is not possible of course but for many web-based services it's a thing.

The provider is using GPL code in the server, but you (the client) are running a different software (client software) that is just connecting to the software running on the server, and sending/receiving data.

So even if you are de-facto using a GPL software (running on the server), you can't request the source for it. Because GPL as-is didn't regulate this usecase.

And this was the reason why a new GPL derivative called "Affero GPL" was created. If your webservice is using Affero license you can request its full source code.

In GPLv2 you can't add further restrictions. In GPLv3 you have a list of 7 further restrictions that are allowed.

My view is that when shipping the updates together with a limitation that you will stop getting updates if you redistribute the patches represents a further restriction that isn't allowed.

It's good that it was so clear to you. But you don't argue as you actually understood, because my whole point was that you may not impose any further restrictions. "Will kill your contrac if you redistribute" is a further restriction.

Stop kicking in open doors. I haven't claimed that the GPL license talk about rights to further updates.

Changing an agreement into two separate documents doesn't suddenly make the two independent. If the contract for buying updates has a clause that the contract is voided if you distribute updates means it is not an independent contract but is indirectly a part of the licensing of the code. So it ends up amending the GPL license. Hence a "further restriction" that would be interesting to get the courts view on.

It's your personal view that it's a valid legal loophole.

I'm not so convinced, which is why my original post noted that it could be a very interesting case in court.

Why the side track with signed code, cliend/server solutions etc?

GPLv2 hasn't had much testing in court. I don't think the part with further limitations has been taken fully through the system. Are you of a different view on that?

It isn't a change to the license, or an additional clause. But you address that below.

So I'm not sure you are correct in this - the license is not changed, and you can't claim that support contracts are suddenly part of the license - loads of support contracts have all kinds of clause, some might conflict with the GPL (eg you can't use the software to work with Iran or North Korea) and there's a bunch of ways the contracts can terminate. The GPL can't force a software/service supplier to provide services to you if they don't want to - and they can put any limit they want on their service.

I mean, GRSecurity does not forbid you to redistribute the code, it just stipulates that if you do, you're no longer a customer of them. They have a right to chose who they do business with, I don't think the GPL can force them to give you anything. The code you got is GPL, it said nothing about services, support or future updates.

I would agree it'd be interesting to watch in court, as I agree that it is obviously a way to hack the GPL into something it wasn't intended to allow, but I am skeptical of the claim of Bruce that a judge would conclude that GRSecurity has to continue to provide services to customers when that customer broke a rule in the support contract. I don't think the judge will throw the two together. But it is hard to predict and, yes, interesting. BTW didn't Red Hat have a similar clause, disallowing customers to distribute RHEL to others, even though it's all GPL?

They are violating the Copyright license. They are a non-separable derivative work.

Grsecurity's work is a non-seperable derivative work of the linux kernel, which is licensed under version 2 of the GPL.


Grsecurity is NOT permitted to create derivative works of a copyrighted work by default: it is a violation of the Copyright owners rights.


Grsecurity is ONLY permitted to create derivative works of a copyrighted work IF they get permission (license) to do so from the Copyright owner.


This permission, regarding making non-seperable derivative works of the linux kernel, is called version 2 of the GPL.


Version 2 of the GPL forbids a licensee, or creator of a derivative work, from, when distributing the derivative work, adding any additional terms in the agreement between him and whoever he is distributing the derivative work. See sections 6 and section 4.


Grsecurity has chosen to add additional terms when distributing it's non-seperable derivative work of the linux kernel (and GCC aswell, they wanted to be through). Here are those additional terms: https://new.perens.com/wp-content/up...tionalterms.pd f
(including the "no redistribution or else" term proffered)


Section 4 of the GPL version 2 revokes the licensee's (Grsecurity) permission to create and distribute derivative works.

Yes it is. The Text of the GPL is NOT what is being protected by the "no additional terms" clause. It is the conduct enumerated by the ORIGINAL COPYRIGHT HOLDER (linus etc) which is being protected.

The license (permission) states that, between the licensee and sublicensees there can exist NO additional terms. It does NOT matter if you put your additional terms in a separate document. And yes: I am a lawyer.