Announcement

Collapse
No announcement yet.

GrSecurity Kernel Patches Will No Longer Be Free To The Public

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • oiaohm
    replied
    Originally posted by chithanh View Post
    This is where we disagree. As long as no redistribution happens, freedom 1 gives the user explicit permission to do as they like. No "fair use" needed, even if it exists in your jurisdiction.
    Contract law is the problem. Contract law does not require distribution to activate. Contract law you need the contract to allow any modification. NDA contracts for access to source code works have repeat shown lot stricter conditions. Unless modification is stated as allowed in a contract you are not allowed to-do and then you have to obey the terms of the contract.

    GPL as contract does not contain a unlimited freedom 1. As modifications to the GPL work as contract must be under GPL not matter how they are shipped as part of the work or as independent patch.

    The only thing around this GPL contract limitation is copyright fair use but since GPL has been declared a contract that does not apply in the USA any-more and countries with agreements with the USA.

    Really go and read gpl 2.0 and attempt to find the line that gives you unlimited freedom 1 and learn it does not exist in the writing of GPL v2 or v3. Unlimited freedom 1 is totally dependant on fair usage in copyright law that does not directly apply to the GPL contract.

    Leave a comment:


  • chithanh
    replied
    Originally posted by oiaohm View Post
    The combining GPL and GPL-incompatible sources depend on fair usage conditions in copyright law.
    This is where we disagree. As long as no redistribution happens, freedom 1 gives the user explicit permission to do as they like. No "fair use" needed, even if it exists in your jurisdiction.

    Leave a comment:


  • oiaohm
    replied
    Originally posted by chithanh View Post
    What recent case agains The Pirate Bay? There was a case in the EU where it was ruled that TPB provides access to copyrighted works and therefore is responsible. But the Oracle vs. Google case wasn't in the EU.
    Some of ruling is both cases were on international conventions what those conventions in fact meant.

    Originally posted by chithanh View Post
    That is wrong. The user does not beach any contract by combining GPL and GPL-incompatible sources. This is an often held misconception; GPL does provide full and unrestricted freedom 0 and 1. This makes the rest of your post moot.
    The combining GPL and GPL-incompatible sources depend on fair usage conditions in copyright law. The recent case running GPL under contract law means copyright limitations do not apply if someone takes you under breach of contract instead of breach of copyright. So it now has to be read like a NDA contract on a source code. GPL has always been a contract but most enforcement has been done under copyright legal hearings.

    So it was not exactly a misconception it a question is what law is GPL enforceable under. Its GPL enforceable under copyright where you have fair usage conditions or is GPL enforceable under pure contract law were you don't have fair usage allowances.

    https://qz.com/981029/a-federal-cour...able-contract/
    Basically this case throws everything up in the air since the ruled enforceable as a contract since enforcement now can avoid limitations of copyright law.

    The user does not beach any contract by combining GPL and GPL-incompatible sources.
    This is only true if non-derived status can be proven or if the case is being held under Copyright law with it limitations. It copyright law that says you can include information from headers and the like as fair usage. Contract like NDA using header files from the source is direct taint.

    There is a lot of confusing because enforcing GPL using contract is rare.

    https://www.gnu.org/licenses/200104_seminar.en.html
    Most people reference GNU and FSF there is a problem that have got what GPL is wrong and written what is allowed based on a mistake.
    GPL is not a contract, so acceptance of the license works differently than it does for contracts. We discuss how this acceptance works under the copyright rules that govern the GPL.
    This belief of the FSF does not agree with recent court ruling that GPL is a contract. Most of what people are believing is allowed is based on this error of declaring GPL not a contract when it fact it is. Being a contract changes what is a allowed big time. So like using snippets or bits out of header files nothing in GPL document it self grants this so you are depending on copyright fair usage to-do that. Contract no fair usage allowance so what is allowed align exactly to terms in the GPL conditions.

    Leave a comment:


  • chithanh
    replied
    Originally posted by oiaohm View Post
    The recent case against pirate bay says the only thing protecting pirate bay would be safe harbour provisions and .torrent have the same restrictions as the whole work and that is due to oracle vs google ruling.
    What recent case agains The Pirate Bay? There was a case in the EU where it was ruled that TPB provides access to copyrighted works and therefore is responsible. But the Oracle vs. Google case wasn't in the EU.


    Originally posted by oiaohm View Post
    Distribution is the problem. That GPL is contract means the question of distribution does not apply just at the point the two parts are combined. Telling user to use the kernel provide signature that is GPL and then your source this is Distribution of a know derived so breach of contract. Instruct a person to breach a contract is an offence.
    That is wrong. The user does not beach any contract by combining GPL and GPL-incompatible sources. This is an often held misconception; GPL does provide full and unrestricted freedom 0 and 1. This makes the rest of your post moot.

    Leave a comment:


  • oiaohm
    replied
    Originally posted by chithanh View Post

    I followed the Oracle vs. Google case closely. In the end, the remaining question was about the copyrightability of APIs copied verbatim from Java into Android. Everything else had been decided earlier in favor of Google.
    You are getting words wrong. You are missing copied verbatim from the JAR binary not copied verbatim from the java source. The fact copied verbatim from the binary kept the same license as the binary does does change things. It was presume going this path would avoid the license google case came clear this does not avoid the license.

    The recent case against pirate bay says the only thing protecting pirate bay would be safe harbour provisions and .torrent have the same restrictions as the whole work and that is due to oracle vs google ruling.

    Originally posted by chithanh View Post
    As I wrote, whether the hash is covered by GPL or not (which is highly doubtful, but let's assume for the sake of the argument) does not matter at all. In fact, grsecurity does not even need to create or provide the hash themselves, they can tell their customers to download something from third party like https://cdn.kernel.org/pub/linux/ker...-4.11.tar.sign.

    Yes it does. Because GPL is only restricting distribution, not usage and modification. So the user can legally combine even GPL-incompatible stuff with GPL code.
    GPL effects >>derived from the Program<< So yes it does cover some modifications. If your modifications are classed as derived they still have to be under GPL or you cannot give they to any other party.

    Distribution is the problem. That GPL is contract means the question of distribution does not apply just at the point the two parts are combined. Telling user to use the kernel provide signature that is GPL and then your source this is Distribution of a know derived so breach of contract. Instruct a person to breach a contract is an offence.

    Aiding and Abetting Breach of Fiduciary Duty is what instructing a person to breach contract fall under. This has worse punishments than breaching copyright. So yes tell end user to get checksum from X and add your modification if it passed you have now broken another bit of law because GPL is contract and you have just giving instructions to attempt to bypass the terms. You cannot direct a person with a contract to break it particularly if you know about the restrictions of the contract.

    Nvidia closed source graphics drivers should be shipped built because that would breach GPL distribution. But it legal for end user to build Nvidia closed source drivers because non derived status can be proven.

    Failure to prove non derived status and attempt to bypass GPL will just get you more charges and more fines.

    If GPL was only copyright your idea would stand a chance. The fact GPL is copyright and contract alters things a lot. Copyright only effects when you distribute. Contract effects you all the time when you are interacting with the stuff.

    None of what you are suggesting is even an option any more. GPL being declared a valid contract changed a lot. Add in the recent pirate bay ruling attempt to sneak around GPL is really playing with fire.

    Leave a comment:


  • chithanh
    replied
    Originally posted by oiaohm View Post
    You need to read the Google case again. They were not verbatim copies.
    I followed the Oracle vs. Google case closely. In the end, the remaining question was about the copyrightability of APIs copied verbatim from Java into Android. Everything else had been decided earlier in favor of Google.

    As I wrote, whether the hash is covered by GPL or not (which is highly doubtful, but let's assume for the sake of the argument) does not matter at all. In fact, grsecurity does not even need to create or provide the hash themselves, they can tell their customers to download something from third party like https://cdn.kernel.org/pub/linux/ker...-4.11.tar.sign.

    Originally posted by oiaohm View Post
    Patch done by user does not protect vendor from contract GPL.
    Yes it does. Because GPL is only restricting distribution, not usage and modification. So the user can legally combine even GPL-incompatible stuff with GPL code.

    Leave a comment:


  • oiaohm
    replied
    Originally posted by chithanh View Post
    The Oracle vs. Google case does not apply here. That case was (in the end) about APIs which Google copied verbatim into their code.
    You need to read the Google case again. They were not verbatim copies. Google go a equally stupid idea that they could run automated bit software over the jar and spit out the structures and this would avoid the copyright. Only to find out they had made a derived work from the binary that was LGPL. So the generated source code by automated tool had to have the same license as the binary the automated tool was working on.

    Originally posted by chithanh View Post
    GPL does not restrict mere aggregation with non-GPL software. And even if it did, the hash could be shipped as a separate download, possibly from a separate entity.

    The patch is done by the user, not by the software vendor. So not a problem even in the extremely unlikely case that distributing hash values of GPL source gets you in trouble with the license, and shipping that hash along with your software causes it to become a derived work rather than an aggregation.
    GPL is also a Contract. This is the big catch. Those hash are derived works. The fact your code patches will not work without the hash to apply then they are derived works of the hashes. So all you have done is added more derived layers of abstractions and changed nothing legally. Instead it would be better working on proving true independent work status.

    GPL is also a Contract. This means vendor makes patch vendor has to follow terms of contract. Patch done by user does not protect vendor from contract GPL. Nvidia and a few closed source drivers for Linux is safe because they can prove independent work status.

    Yes the idea of get the user to do it was only an option until GPL got declared a contract. Read closer you will notice that you don't have the right to modify the GPL work or provide modifications to a GPL work unless you agree to the terms of the GPL Contract. Attempting to loop hole a contract has worst punishments than copyright infringement.

    So far all your ideas is a fools path.

    Attempt to use the hash or the source means you stuffed. Does not matter if the hash comes in a separate source. Terms of the GPL license does not give you protection by have the parts from different parties.


    You need to understand that derived can cascade and GPL says all derived is GPL license.

    You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.

    This is from GPLv2 . Note "any part thereof". This is the line you are attempting to bypass. Making a hash is directly derived so is covered by GPL. A line modification falls under derived unless you can prove other wise.

    GPLv3 make it more plain english by using modifications instead of derived. In fact GPLv3 is lot harder to legal avoid than GPLv2.

    Leave a comment:


  • chithanh
    replied
    The Oracle vs. Google case does not apply here. That case was (in the end) about APIs which Google copied verbatim into their code.

    GPL does not restrict mere aggregation with non-GPL software. And even if it did, the hash could be shipped as a separate download, possibly from a separate entity.

    The patch is done by the user, not by the software vendor. So not a problem even in the extremely unlikely case that distributing hash values of GPL source gets you in trouble with the license, and shipping that hash along with your software causes it to become a derived work rather than an aggregation.

    Leave a comment:


  • oiaohm
    replied
    Originally posted by chithanh View Post
    Oracle was directly poaching customers from Red Hat and a threat to their business model. OEL is equivalent to RHEL in a number of ways.

    The Kernel Self Protection project are a group of bright folks that have however failed to produce anything similar to grsecurity even after 1.5 years of trying, and with all the code available in front of them.
    The reality is the Kernel Self Protection project will take a while to go through and audit everything grsecruity had done.
    https://lwn.net/Articles/724319/
    Lot of the time the method is being modified.

    Originally posted by chithanh View Post
    There is still not problem in making and openly distributing hashes of GPL'ed source code. Even if they were copyrightable.
    If you bundle that hash with something doing a modification to a GPL source the copyright status of the hash becomes important. Google using tools auto-generating code off of JAR files and this being declared copyrightable in oracles favour so forcing google to fight fair usage.

    Attempting to patch a GPL source avoiding GPL is a possible path to hell. Either you will have snippets of the GPL source or you will have something generated from the GPL source either way your work will be connected to the GPL license so has to get out under the terms of GPL. Like being able to prove not a derived work in that case GPL does not apply. So there are ways to connect GPL to non GPL code but you have to be insanely careful.

    Leave a comment:


  • chithanh
    replied
    Oracle was directly poaching customers from Red Hat and a threat to their business model. OEL is equivalent to RHEL in a number of ways.

    The Kernel Self Protection project are a group of bright folks that have however failed to produce anything similar to grsecurity even after 1.5 years of trying, and with all the code available in front of them.

    Originally posted by oiaohm View Post
    Code being in the public does not alter it copyright status or the copyright status of anything you generate from it. GPL is not public domain. So claim of no conflict is wrong and you logic is how people get caught.
    There is still not problem in making and openly distributing hashes of GPL'ed source code. Even if they were copyrightable.

    Leave a comment:

Working...
X