Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Arnt Karlsen]

On Tue, 27 Jun 2017 18:37:31 -0700, Bruce wrote in message 

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Rick Moen]

Quoting Bruce Perens (br...@perens.com):

> I did offer to discuss the case with companies and their counsel,
> under NDA, without charge. In addition, I just added to the article
> parenthetically that I am willing to discuss why fair-use does not
> apply, but would not complicate that article with it.

Makes sense.

> Essentially, I don't think your addition to work under DJB's silly
> non-license was transformative fair use, I think the work was
> all-rights-reserved under the Bern Copyright Convention of 1981 or so,
> and you never even had the right to run his code.
> 
> You should have avoided the work until DJB got off his drug trip about
> the lack of necessity to have any license at all nor even to dedicate
> the work to the public domain. Which is why I was working on Postfix
> after being a Qmail beta tester before DJB announced his plan.

{broad smile}

It's really funny that you think I am or ever was a DJBware fancier.
More like the opposite.

Back in 1999, I was chief sysadmin at Linuxcare, Inc. in San Francisco.
My friend Dave Mandala had set their corporate SMTP up with qmail, him
having a high opinion of it at the time.  He gave me a few pointers, as
I'd never admined it before.

Word got around in the San Francisco Bay Area Linux community that Rick
Moen didn't like qmail very much, and that they could crank him up and
hear why.  After about the third time this happened, I got wise and
FAQed the answer (http://linuxmafia.com/~rick/faq/warez.html#djb), which
cited several reasons I considered individually compelling, including
his non-licensing.  In that FAQ, I was the first person on the Internet
to explain in layman-friendly language the Jedi mind-trick Dan pulled of
having a proprietary implicit (default) licence through default
operation of copyright law in the absence of an accompanying licence
text (beyond what was said on one of his Web pages).  

Within a couple of months, some of Dan's roving fan club alerted him to
my FAQ, and I suddenly received highly belligerent mail from Dan,
more-or-less threatening me with litigation for 'libeling his software'
[sic].  I gave him a very polite response that was not even remotely
what he was hoping for -- and immediately expanded my FAQ to not only
list affected DJBware but also all the leading open source alternatives
to them.

You might find our correspondence entertaining:
http://linuxmafia.com/~rick/faq/dan-brandishing-legal-threats

For his part, Dan responded to my polite referral to my attorney by 
calling me an 'idiot' and impugning my honesty on his Web main page that
granted (selected) rights to qmail.

I of course don't know for sure what was going through Dan's head, but I
have long speculated that what most annoyed him about my FAQ is the bit
where I ruined his trolling of open source people who kept being
confused by his non-licence and unable to determine whether it was open
source or not -- because they didn't understand the default proprietary
licence inherent in copyright statutes unless overriden explicitly.  
It seemed to me that Dan enjoyed screwing with people's heads, and I
ended that.

The name-calling on http://cr.yp.to/distributors.html was entirely
delightful:  For many years, I was able to honestly tell people I'm the
only person I'm aware of who's mentioned by name in a major software
licence (on the page where Dan calls me an idiot).  Also, the DJBware
cult adopted me as Chief Devil Figure for 14 years, until I was replaced
by Theo de Raadt on account of this openbsd-ports thread:

http://linuxmafia.com/pub/humour/dan-versus-theo

Anyway, gosh, no, I'm really _not_ a DJBware guy, and that's the most
amusing statement you've made about me since the one about
'testosterone' back in 2012.  (You might remember that one.)


> > The key bit is your sentence 'GPL version 2 section 6 explicitly
> > prohibits the addition of terms such as this redistribution
> > prohibition', which does not accord with my own understanding of that
> > clause or of pragmatic copyright caselaw -- as I've said.
> 
> 
> OK. I just read it again:
> 
>  6. Each time you redistribute the Program (or any work based on the
> Program), the recipient automatically receives a license from the
> original licensor to copy, distribute or modify the Program subject to
> these terms and conditions.  You may not impose any further restrictions
> on the recipients' exercise of the rights granted herein.
> 
> And your theory of this not applying is?

Simply that Spengler and friends have not imposed any further
restriction on the recipients' exercise of the rights granted therein.

Hypothetically, it is claimed that they have suggested that they will
terminate the support contract of any customer who exercises that right.
If true, their doing so would not prevent or impede the customer
exercising the rights granted to them by the upstream coders (as applied
to the grsecurity/PaX patchsets).

Shall we take this a step at a time?  

1.  I, Rick Moen, will 

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Bruce Perens]

On Tue, Jun 27, 2017 at 7:00 PM, Rick Moen  wrote:
>
>
> Well, it's interesting.  I notice you just summarily declare that the
> patchsets cannot be fair use, without even mentioning the applicable
> four-factor conceptual test framework -- your right, of course, if you
> don't care to get into messy details.  But that's something an alert
> reader will pick up on, and immediately wonder about.

I did offer to discuss the case with companies and their counsel,
under NDA, without charge. In addition, I just added to the article
parenthetically that I am willing to discuss why fair-use does not
apply, but would not complicate that article with it.

Essentially, I don't think your addition to work under DJB's silly
non-license was transformative fair use, I think the work was
all-rights-reserved under the Bern Copyright Convention of 1981 or so,
and you never even had the right to run his code.

You should have avoided the work until DJB got off his drug trip about
the lack of necessity to have any license at all nor even to dedicate
the work to the public domain. Which is why I was working on Postfix
after being a Qmail beta tester before DJB announced his plan.

> The key bit is your sentence 'GPL version 2 section 6 explicitly
> prohibits the addition of terms such as this redistribution
> prohibition', which does not accord with my own understanding of that
> clause or of pragmatic copyright caselaw -- as I've said.


OK. I just read it again:

 6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions.  You may not impose any further restrictions
on the recipients' exercise of the rights granted herein.

And your theory of this not applying is?

> One day, a customer who happens to have been one of, let's
> say, three customers who've been redistributing those works receives a
> letter saying that in accordance with contract terms that permit either
> party to do so, the commercial firm is ending the business relationship
> prospectively.  No allegation is made that the one action was in
> response to the other.

That customer can, if they wish, go to court and claim that they were
terminated unlawfully from their own contract because they exercised
their rights under another contract to which _both parties were
joined,_ and which did not permit the addition of any terms whatsoever
regarding the right exercised, including their termination. They can
depose everybody in the company, and with any luck someone will
corroborate the reason for their termination.

> Customer does not have a cause of action under copyright,

It doesn't have to be under copyright at all.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Rick Moen]

Quoting Bruce Perens (br...@perens.com):

> I did publish a warning about Grsecurity, here
> 
> .

Well, it's interesting.  I notice you just summarily declare that the
patchsets cannot be fair use, without even mentioning the applicable
four-factor conceptual test framework -- your right, of course, if you
don't care to get into messy details.  But that's something an alert
reader will pick up on, and immediately wonder about.

The key bit is your sentence 'GPL version 2 section 6 explicitly
prohibits the addition of terms such as this redistribution
prohibition', which does not accord with my own understanding of that 
clause or of pragmatic copyright caselaw -- as I've said.

Here's a (separate but tangentially related) interesting hypothetical:
Imagine a commercial firm distributing derivative works of third-party
GPLv2 codebases only to paid customers who're paying for updates and
support.  One day, a customer who happens to have been one of, let's
say, three customers who've been redistributing those works receives a
letter saying that in accordance with contract terms that permit either
party to do so, the commercial firm is ending the business relationship
prospectively.  No allegation is made that the one action was in
response to the other.

Customer does not have a cause of action under copyright, but let's say
the third-party stakeholder brings tort action against commercial firm
for copyright violation (i.e., substantively denying a redistributor of
a derivative work a required permission).  Who prevails?

Stakeholder claims that without granting right of distribution,
commercial firm lacked copyright permission for -its- redistribution 
to paying customers, hence is in violation.  Commercial firm counters
that, to the contrary, it's done nothing to prevent customer from
exercising that right, and merely was ending a business relationship as
was its right.

The only difference between this and the Spengler et alii matter is
that, in the latter case -- according to you -- customers were told this
was a 'penalty' and a 'threat'.

Whose wording was that, by the way, Spengler's or yours?


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Bruce Perens]

I did publish a warning about Grsecurity, here

.

On Tue, Jun 27, 2017 at 5:43 PM, Rick Moen  wrote:

> Quoting Arnt Karlsen (a...@iaksess.no):
>
> > ..aye, I saw your cynical interpretation, that getting-paid bit was
> > the other/implied half of the "cred" complaint I saw at Groklaw.
>
> FWIW, I was a Groklaw reader, too (though only occasionally a poster),
> and was deeply appreciating of PJ & friends' contributions.
>
> You might have seen my and my friend Karsten's filk song that we
> composed early in the SCO case:
> http://linuxmafia.com/pub/humour/PiratesOfPenguinance.html
> (About six months after we wrote that, it got sung to Torvalds on one of
> the 'geek cruises', so we felt briefly famous.)
>
>
> I've written a couple of other filks, too, but the in-group references
> might
> prevent them from being funny except to limited crowds:
> http://filkerdave.livejournal.com/541186.html
> http://deirdre.net/filk-sad-puppies-arent-much-fun/
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Rick Moen]

Quoting Arnt Karlsen (a...@iaksess.no):

> ..aye, I saw your cynical interpretation, that getting-paid bit was 
> the other/implied half of the "cred" complaint I saw at Groklaw.

FWIW, I was a Groklaw reader, too (though only occasionally a poster),
and was deeply appreciating of PJ & friends' contributions.

You might have seen my and my friend Karsten's filk song that we
composed early in the SCO case:
http://linuxmafia.com/pub/humour/PiratesOfPenguinance.html
(About six months after we wrote that, it got sung to Torvalds on one of
the 'geek cruises', so we felt briefly famous.)


I've written a couple of other filks, too, but the in-group references might
prevent them from being funny except to limited crowds:
http://filkerdave.livejournal.com/541186.html
http://deirdre.net/filk-sad-puppies-arent-much-fun/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Arnt Karlsen]

On Tue, 27 Jun 2017 17:06:36 -0700, Rick wrote in message 
<20170628000636.gc28...@linuxmafia.com>:

> Quoting Arnt Karlsen (a...@iaksess.no):
> 
> > ..I may have missed their complaint in todays research, the common
> > "cred" or "credit" compaint I saw in my 11 years at Groklaw, was the
> > BSD-style cred fly-by screen "not being shown", which may have
> > formed a bias between my ears. ;o)
> 
> My understanding of the recurring complaint Spengler and friends had
> against Wind River, Google, VeriFone, Intel/ARM, etc. was that they 
> used old grsecurity/Pax 'stable' patchsets (sometimes with backported
> fixes) applied against old, buggy kernels, thereby creating the
> impression in downstream users' minds that grsecurity is buggy and
> rather moldy.  (As I said earlier, the cynical interpretation of this 
> complaint is that they wanted to get paid.)

..aye, I saw your cynical interpretation, that getting-paid bit was 
the other/implied half of the "cred" complaint I saw at Groklaw.

-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Arnt Karlsen]

On Tue, 27 Jun 2017 16:21:53 -0700, Rick wrote in message 
<20170627232153.gx28...@linuxmafia.com>:

> Quoting Arnt Karlsen (a...@iaksess.no):
> 
> > ..nope, I stated my understanding of the GPLs and my understanding
> > of their complaint.
> 
> I for one am utterly mystified by your suggestion that the
> grsecurity/PaX team have been attempting to require 'BSD-style cred
> fly-by screens' (failure of such a thing to be provided forming all or
> part of their complaint?).  

..I may have missed their complaint in todays research, the common
"cred" or "credit" compaint I saw in my 11 years at Groklaw, was the
BSD-style cred fly-by screen "not being shown", which may have formed
a bias between my ears. ;o)

> If you could please explain that reference, that would probably help
> a great deal.  It's a headscratcher.  Thanks.


-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Rick Moen]

Quoting Bruce Perens (br...@perens.com):

> Because grsecurity.net's stated policy (which could also be called
> "threat") has created a chilling effect upon such redistribution. IMO that
> is enough to be actionable.

Show me the caselaw, please.

'Chilling effect' is indeed a concept in law, but no actual tort by that
name exists.  But if you claim that copyright violation can be found by 
causing exercise of a copyright-covered right have consequences that are 
within a party's rights to visit upon the rights-user -- such as
Spengler's firm ending a business relationship -- then I would hope you
can show me caselaw where a judge so ruled.

Spengler deciding no longer to do business with a redistributor doesn't
prevent that party from carrying out redistribution.  It just means it
has lawful real-world consequences the redistributor might not like.

Your calling that a 'chilling effect' doesn't make it tortious.


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Arnt Karlsen]

On Tue, 27 Jun 2017 14:33:35 -0700, Bruce wrote in message 
:

> On Tue, Jun 27, 2017 at 2:27 PM, para...@dyne.org 
> wrote:
> 
> >
> > There is very little ground to actually make up a court case.
> > Nobody has been blocked yet, and nobody has publicly
> > (re)distributed the non-public patches.
> 
> 
> Because grsecurity.net's stated policy (which could also be called
> "threat") has created a chilling effect upon such redistribution. IMO
> that is enough to be actionable.
> 
> I have a customer who does paid distribution of enhanced GPL
> software, but they don't make the threat and they put everything in
> the public within 9 months to a year after distribution to their paid
> customers. So, they can get away with that, but once the threat is
> known, IMO it's a violation.

..I agree this violation is actionable, FWIW.

-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Arnt Karlsen]

On Tue, 27 Jun 2017 16:04:54 -0700, Rick wrote in message 
<20170627230454.gd11...@linuxmafia.com>:

> Quoting Bruce Perens (br...@perens.com):
> 
> > So, what you are saying is that you are permitted to redistribute
> > the latest grsecurity patch, but that the company will as a penalty
> > disallow you from further being their customer or receiving any
> > additional versions of the patch. And this might not be written
> > down, but it's their policy.
> > 
> > The punitive action is not incidental, it is a direct punishment
> > for the taking of an action which the GPL requires to be permitted.
> > 
> > I don't think a judge would have an problem with seeing this as a
> > deliberate contract violation.

..I would agree if you said 'license violation.', and that would land
the parties in a copyright law dispute, as all GPL versions I've ever
seen, eliminate themselves upon any license violation.

..contract law disputes are civil law disputes, unless there is an
element of fraud, is there such an element in this patch policy?

> IMO this confuses the right to distribute a work (patchsets already
> provided) with the right to distribute entirely different works
> (patchsets produced after termination of contract).  Future support
> and maintenance are just not part of a licensee's obligations under
> GPLv2, irrespective of what theory of law you're applying.

..why in the world isn't the grsecurity guys not dual-licensing?
They own copyright to their own stuff and can license it anyway 
they damned please.

> As always, though, the only view that ultimately matters is the
> judge's.


-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Rick Moen]

Quoting Arnt Karlsen (a...@iaksess.no):

> ..nope, I stated my understanding of the GPLs and my understanding
> of their complaint.

I for one am utterly mystified by your suggestion that the
grsecurity/PaX team have been attempting to require 'BSD-style cred
fly-by screens' (failure of such a thing to be provided forming all or
part of their complaint?).  If you could please explain that reference,
that would probably help a great deal.  It's a headscratcher.  Thanks.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Arnt Karlsen]

On Tue, 27 Jun 2017 13:43:29 -0700, Rick wrote in message 
<20170627204329.gw28...@linuxmafia.com>:

> Quoting Arnt Karlsen (a...@iaksess.no):
> 
> > ..the GPLs does not require showing BSD-style cred fly-by screens,
> 
> FWIW, the grsecurity/PaX people had no such aspirations.  You seem to
> have misstated their complaint.

..nope, I stated my understanding of the GPLs and my understanding
of their complaint.

-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Rick Moen]

Quoting Bruce Perens (br...@perens.com):

> So, what you are saying is that you are permitted to redistribute the
> latest grsecurity patch, but that the company will as a penalty disallow
> you from further being their customer or receiving any additional versions
> of the patch. And this might not be written down, but it's their policy.
> 
> The punitive action is not incidental, it is a direct punishment for the
> taking of an action which the GPL requires to be permitted.
> 
> I don't think a judge would have an problem with seeing this as a
> deliberate contract violation.

IMO this confuses the right to distribute a work (patchsets already
provided) with the right to distribute entirely different works (patchsets
produced after termination of contract).  Future support and maintenance
are just not part of a licensee's obligations under GPLv2, irrespective of
what theory of law you're applying.

As always, though, the only view that ultimately matters is the judge's.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Miroslav Rovis]

On 170627-21:47+0200, Arnt Karlsen wrote:
> On Tue, 27 Jun 2017 12:09:49 +, Miroslav wrote in message 
> <20170627120949.wyhvph3uxrrpxhtr@gdOv>:
> 
> > On 170627-11:06+0200, Arnt Karlsen wrote:
> > > On Fri, 16 Jun 2017 16:56:24 -0400, zap wrote in message 
> > > <505f058b-0fe3-16b2-157d-352d4d56b...@posteo.de>:
> > > 
> > > > how does one remove that package without removing anything else?
> > > > 
> > > > 
> > > > I mean how do you remove it from being depended on by nearly
> > > > every bit of software...
> > > > 
> > > > 
> > > > I want to install openrc so that is why I ask...
> > > 
> > > ..there's hope, it would take holding the systemd fanbois 
> > > to the same standards as the 'clowns' at grsecurity...
> > > http://www.theregister.co.uk/2017/06/26/linus_torvalds_slams_pure_garbage_from_clowns_at_grsecurity/
> > > 
> > 
> > Comparing grsecurity to systemd? That's like valuing true gold the
> > same as cellophane.
> > 
> > Heads, which is one of the marvelous thing that happened in FOSS
> > lately, and it happened in the Devuan realm of OSes, remains, on top
> > of completely free, secured with grsecurity, and not via the Schmoog
> > underhanded ripoff of grsecurity code...
> > 
> > Paid access to test patches
> > https://forums.grsecurity.net/viewtopic.php?f=3=4699#p17127
> > (
> > the recent post by Bradley Spengler, spender, the inventor of
> > grsecurity; who is truthful, and together with his anonymous friend
> > who goes by the pseudonym PaX Team, but I strongly believe, judging
> > by communication with them, that he is just one person... actually I
> > also read what spender wrote somewhere to that effect...
> > ...[and together with] PaX Team, they kept fixing the kernel, fixing
> > all the security holes that Mr Linux wouldn't care about, because of
> > his "all bugs are just bugs", security and other, attitude, and
> > worse... In that recent post Bradley Spengler, a developer whom I
> > trust, openly states, and all facts, all that has happened with the
> > code, on that KSPP, serves as confirmation to his words... He openly
> > states:
> > > Google made the choice to engage in underhanded competition against
> > > us with our own code.
> > )
> > 
> > ...[Heads remains secured with grsecurity and not via the Schmoog's
> > underhanded ripoff of grsecurity code] which they pay people to,
> > essentially, steal from grsecurity, precisely by means of the KSPP
> > (Kernal Self Protection Project or so)...
> > 
> > But [Heads remains secured with grsecurity] via the
> > baton-passed-and-firmly-held and grsecurity code honestly
> > maintained...
> > 
> > On grsec and status of heads
> > https://heads.dyne.org/news/2017/04/on-grsec.html
> > 
> > which page should be updated with a link to minipli github page...
> > just as the more up-to-date Heads 0.3 announcement says:
> > 
> > https://heads.dyne.org/news/2017/06/release-03.html
> > which points at:
> > https://github.com/minipli/linux-unofficial_grsec/
> > 
> > ...and so Heads remains secured with grsecurity that appears to me
> > well maintained for kernel 4.9 (but although I may work thoroughly, I
> > work very slowly as well... haven't checked the latest there yet).
> > 
> > And Heads is gold, as well as the gold: grsecurity (along with purely
> > free software) that it uses. Systemd is a very-bad ware, it is some
> > spyware-enabler, and other bad things it is, as all poetterware is.
> > 
> > Just as Linux governed by the Schmoog, it that is what the future
> > holds for us, will become as intrusion-enabler as the Schmoog's own
> > Chrome is... Secure, yes: secure, but for the stinking Google to be
> > the sole one intruder to whoever uses Chrome/Chromium. Little hacker
> > fish pretty much out, only the shark Schmoog controling you!
> > 
> > Danger greater than we think!
> > 
> > Linus, the kernel should be taken away from you!
> > 
> > You've already tried to give it over to NSA, back when you
> > accomodated for SELinux...
> > (
> > Developer Raps Linux Security
> > http://www.crmbuyer.com/story/39565.html
> > )
> > ...but grsecurity saved us back then! And SELinux is little if any
> > worth by this day...
> > 
> > And now you've been giving it over to the Scmoog! Who is going to
> > save us this time when the stinking Google itself has, as, and I'm
> > citing spender again, when the stinking Google has engaged:
> > > in underhanded competition against us with our own code
> > "us" being spender and PaX Team and their few helpers.
> > 
> > The kernel should be taken away from under the couple Linus-Schmoog!
> > Great danger there! For your own freedom, tuxian!
> > 
> > Not the first time that I'm calling for kernel to be taken away from
> > Linus. See:
> > 
> > Why is Gentoo not switching to systemd?
> > https://forums.gentoo.org/viewtopic-t-998108-postdays-0-postorder-asc-start-300.html#7624044
> > where find:
> > > Linus, you sold us all. Kernel should be taken away from you! In
> > > whichever way. Forked, best.
> > 
> > And 

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Bruce Perens]

On Tue, Jun 27, 2017 at 2:27 PM, para...@dyne.org  wrote:

>
> There is very little ground to actually make up a court case. Nobody has
> been blocked yet, and nobody has publicly (re)distributed the non-public
> patches.


Because grsecurity.net's stated policy (which could also be called
"threat") has created a chilling effect upon such redistribution. IMO that
is enough to be actionable.

I have a customer who does paid distribution of enhanced GPL software, but
they don't make the threat and they put everything in the public within 9
months to a year after distribution to their paid customers. So, they can
get away with that, but once the threat is known, IMO it's a violation.

Thanks

Bruce
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[para...@dyne.org]

On Tue, 27 Jun 2017, Bruce Perens wrote:

>> On IRC it was mentioned that you will lose access if
>> you redistribute, but you are in no way restricted from redistributing.

>So, what you are saying is that you are permitted to redistribute the
>latest grsecurity patch, but that the company will as a penalty
>disallow you from further being their customer or receiving any
>additional versions of the patch. And this might not be written down,
>but it's their policy.

Yes. We have yet to see it happen though.

>The punitive action is not incidental, it is a direct punishment for
>the taking of an action which the GPL requires to be permitted.
>I don't think a judge would have an problem with seeing this as a
>deliberate contract violation.

There is very little ground to actually make up a court case. Nobody has
been blocked yet, and nobody has publicly (re)distributed the non-public
patches.

>On Tue, Jun 27, 2017 at 2:02 PM, [1]para...@dyne.org
><[2]para...@dyne.org> wrote:
> 
>  On Tue, 27 Jun 2017, Bruce Perens wrote:
>  >> You are allowed to redistribute the patch legally, but you
>  shall
>  >> simply lose access to future patches. One could call it
>  blackmail,
>  >> another would call it a business move.
>  >Do you work for [1][3]grsecurity.net or do you have first
>  knowledge of
>  >this fact? I think a pretty good case could be made that this
>  is an
>  >added term under section 6.
>  I do have first-hand (informal) information from Brad (spender).
>  When
>  buying the patches and support from Grsecurity you are signing a
>  contract. On IRC it was mentioned that you will lose access if you
>  redistribute, but you are in no way restricted from redistributing.
>  Very few people have actually seen the contract, and it is only
>  given to
>  parties that are grsecurity customers.
>  GPL2 (Section 6)
>  > Each time you redistribute the Program (or any work based on the
>  Program),
>  > the recipient automatically receives a license from the original
>  licensor
>  > to copy, distribute or modify the Program subject to these terms
>  and
>  > conditions. You may not impose any further restrictions on the
>  recipients'
>  > exercise of the rights granted herein. You are not responsible for
>  > enforcing compliance by third parties to this License.
> 
>--
>~ parazyd
>GPG: 0333 7671 FDE7 5BB6 A85E  C91F B876 CB44 FA1B 0274
> 
> References
> 
>1. mailto:para...@dyne.org
>2. mailto:para...@dyne.org
>3. http://grsecurity.net/

-- 
~ parazyd
GPG: 0333 7671 FDE7 5BB6 A85E  C91F B876 CB44 FA1B 0274


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Bruce Perens]

> On IRC it was mentioned that you will lose access if you redistribute,
but you are in no way restricted from redistributing.

So, what you are saying is that you are permitted to redistribute the
latest grsecurity patch, but that the company will as a penalty disallow
you from further being their customer or receiving any additional versions
of the patch. And this might not be written down, but it's their policy.

The punitive action is not incidental, it is a direct punishment for the
taking of an action which the GPL requires to be permitted.

I don't think a judge would have an problem with seeing this as a
deliberate contract violation.

Thanks

Bruce

On Tue, Jun 27, 2017 at 2:02 PM, para...@dyne.org  wrote:

> On Tue, 27 Jun 2017, Bruce Perens wrote:
>
> >> You are allowed to redistribute the patch legally, but you shall
> >> simply lose access to future patches. One could call it blackmail,
> >> another would call it a business move.
>
> >Do you work for [1]grsecurity.net or do you have first knowledge of
> >this fact? I think a pretty good case could be made that this is an
> >added term under section 6.
>
> I do have first-hand (informal) information from Brad (spender). When
> buying the patches and support from Grsecurity you are signing a
> contract. On IRC it was mentioned that you will lose access if you
> redistribute, but you are in no way restricted from redistributing.
>
> Very few people have actually seen the contract, and it is only given to
> parties that are grsecurity customers.
>
> GPL2 (Section 6)
> > Each time you redistribute the Program (or any work based on the
> Program),
> > the recipient automatically receives a license from the original licensor
> > to copy, distribute or modify the Program subject to these terms and
> > conditions. You may not impose any further restrictions on the
> recipients'
> > exercise of the rights granted herein. You are not responsible for
> > enforcing compliance by third parties to this License.
>
> --
> ~ parazyd
> GPG: 0333 7671 FDE7 5BB6 A85E  C91F B876 CB44 FA1B 0274
>
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[para...@dyne.org]

On Tue, 27 Jun 2017, Bruce Perens wrote:

>> You are allowed to redistribute the patch legally, but you shall
>> simply lose access to future patches. One could call it blackmail,
>> another would call it a business move.

>Do you work for [1]grsecurity.net or do you have first knowledge of
>this fact? I think a pretty good case could be made that this is an
>added term under section 6.

I do have first-hand (informal) information from Brad (spender). When
buying the patches and support from Grsecurity you are signing a
contract. On IRC it was mentioned that you will lose access if you
redistribute, but you are in no way restricted from redistributing.

Very few people have actually seen the contract, and it is only given to
parties that are grsecurity customers.

GPL2 (Section 6)
> Each time you redistribute the Program (or any work based on the Program),
> the recipient automatically receives a license from the original licensor
> to copy, distribute or modify the Program subject to these terms and
> conditions. You may not impose any further restrictions on the recipients'
> exercise of the rights granted herein. You are not responsible for
> enforcing compliance by third parties to this License.

-- 
~ parazyd
GPG: 0333 7671 FDE7 5BB6 A85E  C91F B876 CB44 FA1B 0274


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Bruce Perens]

> You are allowed to redistribute the patch legally, but you shall simply
> lose access to future patches. One could call it blackmail, another
> would call it a business move.

Do you work for grsecurity.net or do you have first knowledge of this fact?
I think a pretty good case could be made that this is an added term under
section 6.

Thanks

Bruce

On Tue, Jun 27, 2017 at 1:44 PM, para...@dyne.org  wrote:

> This is rather a violation of moral. Better said, I think we got used to
> the fact that we always receive libre software for free (gratis).
>
> You are allowed to redistribute the patch legally, but you shall simply
> lose access to future patches. One could call it blackmail, another
> would call it a business move.
>
> On Tue, 27 Jun 2017, Bruce Perens wrote:
>
> >The allegation is that customers receive a patch to GPL software and
> >that the company makes it clear to the customers that this patch must
> >not be redistributed.
> >
> >On Tue, Jun 27, 2017 at 1:30 PM, [1]para...@dyne.org
> ><[2]para...@dyne.org> wrote:
> >
> >  On Tue, 27 Jun 2017, Bruce Perens wrote:
> >  >I've been getting credible  reports that [1][3]grsecurity.net
> >  is
> >  >infringing the kernel by preventing customers from
> >  redistributing the
> >  >GPL code for their patch.
> >  Can you provide proof? In no way are they violating the GPL. It
> >  might be
> >  a question of moral and the "spirit" of free software, but the GPL
> >  (and
> >  in case of the kernel it is GPL2) is not being violated by
> >  Grsecurity.
> >  >What is it we want Google to do? They usually listen when I
> >  ask...
> >  Stop funding wrong and incompetent people.
> >  --
> >  ~ parazyd
> >  GPG: 0333 7671 FDE7 5BB6 A85E  C91F B876 CB44 FA1B 0274
> >
> > References
> >
> >1. mailto:para...@dyne.org
> >2. mailto:para...@dyne.org
> >3. http://grsecurity.net/
>
> --
> ~ parazyd
> GPG: 0333 7671 FDE7 5BB6 A85E  C91F B876 CB44 FA1B 0274
>
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[para...@dyne.org]

This is rather a violation of moral. Better said, I think we got used to
the fact that we always receive libre software for free (gratis).

You are allowed to redistribute the patch legally, but you shall simply
lose access to future patches. One could call it blackmail, another
would call it a business move.

On Tue, 27 Jun 2017, Bruce Perens wrote:

>The allegation is that customers receive a patch to GPL software and
>that the company makes it clear to the customers that this patch must
>not be redistributed.
> 
>On Tue, Jun 27, 2017 at 1:30 PM, [1]para...@dyne.org
><[2]para...@dyne.org> wrote:
> 
>  On Tue, 27 Jun 2017, Bruce Perens wrote:
>  >I've been getting credible  reports that [1][3]grsecurity.net
>  is
>  >infringing the kernel by preventing customers from
>  redistributing the
>  >GPL code for their patch.
>  Can you provide proof? In no way are they violating the GPL. It
>  might be
>  a question of moral and the "spirit" of free software, but the GPL
>  (and
>  in case of the kernel it is GPL2) is not being violated by
>  Grsecurity.
>  >What is it we want Google to do? They usually listen when I
>  ask...
>  Stop funding wrong and incompetent people.
>  --
>  ~ parazyd
>  GPG: 0333 7671 FDE7 5BB6 A85E  C91F B876 CB44 FA1B 0274
> 
> References
> 
>1. mailto:para...@dyne.org
>2. mailto:para...@dyne.org
>3. http://grsecurity.net/

-- 
~ parazyd
GPG: 0333 7671 FDE7 5BB6 A85E  C91F B876 CB44 FA1B 0274


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Rick Moen]

Quoting Bruce Perens (br...@perens.com):

> The allegation is that customers receive a patch to GPL software and that
> the company makes it clear to the customers that this patch must not be
> redistributed.

What does 'make clear' amount to, though?  This all sounds extremely
hazy and a bit melodramatic.

If I 'make clear' to you by waving a shillelagh meaningfully in your
direction that I'd keenly appreciate your handing over your wallet, that
is robbery.  If I 'make clear' to you that I'll be annoyed at your
exercising your right of redistribution and might terminate your
software support contract, that's life in the big city.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Rick Moen]

Quoting Bruce Perens (br...@perens.com):

> OK, I don't see much reason to ask Google to help with *that.*
> 
> There hasn't been a litigated case, that I know of, of transformative fair
> use as applied to Free Software.

For leading cases, you'd naturally look to non-software ones, which
is a perfectly natural thing for lawyers and judges to do, even if it
isn't for software geeks.  (Code is considered a 'literary work' --
pause for irony -- within copyright law.)

As I'm sure you know, commentary/criticism is one of the enumerated
legitimate purposes for creation of infringing derivative works with a
fair use defence, that being helpful for the first of the four factors
(in USA copyright law), _all of which_ the judge is required (17 U.S.C.
107) to consider and weigh, on a case-by-case basis -- possibly in
addition to other concerns (these four being a statutory minimum):

1. the purpose and character of the use, including whether such use is
   of a commercial nature or is for nonprofit educational purposes
   [RM: encouraging scholarship, research, education, and commentary.]
2. the nature of the copyrighted work;
   [RM: encouraging copying from informational work more than works 
   of fiction, and from published works much more than from unpublished ones.]
3. the amount and substantiality of the portion used in relation to the
   copyrighted work as a whole; and
4. the effect of the use upon the potential market for or value of the
   copyrighted work.

The reason I review the above is:

> I could, if it were litigated, produce a good expert testimony that
> grsecurity does fail the fair use test because it causes market damage
> to Linux and the GPL's purpose of accumulating additional Free
> Software as modifications are produced.

Non-sequitur conclusion.  US judges are required by 17 U.S.C. 107 to
consider and weigh all four factors as part of any determination of fair
use.  No single one of them is dispositive.

My friends at Nolo Press said:  'A court, faced with this argument,
weighs four factors and, if the weight of the factors is in favor of the
defendant, declares that the unauthorized use of the material is
permitted.'  
http://www.nolo.com/legal-encyclopedia/fair-use-the-four-factors.html

(I don't know what it says about me that I used to await eagerly every
issue of _Nolo News_, and not just the Lawyer Joke Page on the back,
either.)

Library of Congress Copyright Office elaborates:  'In addition to the
above [RM: the four factors], other factors may also be considered by a
court in weighing a fair use question, depending upon the circumstances.
Courts evaluate fair use claims on a case-by-case basis, and the outcome
of any given case depends on a fact-specific inquiry.  This means that
there is no formula to ensure that a predetermined percentage or amount
of a work—or specific number of words, lines, pages, copies—may be used
without permission.'

https://www.copyright.gov/fair-use/more-info.html
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[para...@dyne.org]

On Tue, 27 Jun 2017, Bruce Perens wrote:

>I've been getting credible  reports that [1]grsecurity.net is
>infringing the kernel by preventing customers from redistributing the
>GPL code for their patch.

Can you provide proof? In no way are they violating the GPL. It might be
a question of moral and the "spirit" of free software, but the GPL (and
in case of the kernel it is GPL2) is not being violated by Grsecurity.

>What is it we want Google to do? They usually listen when I ask...

Stop funding wrong and incompetent people.

-- 
~ parazyd
GPG: 0333 7671 FDE7 5BB6 A85E  C91F B876 CB44 FA1B 0274


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Arnt Karlsen]

On Tue, 27 Jun 2017 09:50:50 -0700, Rick wrote in message 
<20170627165050.gu28...@linuxmafia.com>:

> Miroslav Rovis wrote:
> 
> > Heads, which is one of the marvelous thing that happened in FOSS
> > lately, and it happened in the Devuan realm of OSes, remains, on top
> > of completely free, secured with grsecurity, and not via the Schmoog
> > underhanded ripoff of grsecurity code...   
> 
> Point of information:  Wind River (now a subsidiary of Intel) was also
> guilty of the same thing, shipping an old release of grsecurity with
> backported patches applied to an old kernel, calling the resulting
> commercial product 'Carrier Grade Profile for Wind River Linux'
> https://web.archive.org/web/20140521162030/http://www.windriver.com:80/announces/security_carrier_grade_profile/
> (without even acknowledging grsecurity's trademark).

> And also VeriFone (according to spender)
> https://forums.grsecurity.net/viewtopic.php?f=3=3938=13940#p13940
> 
> Also the Intel/ARM alliance took grsecurity code without credit.
> http://openwall.com/lists/kernel-hardening/2017/05/03/1

..the GPLs does not require showing BSD-style cred fly-by screens,
they (v2, v2-and-later, v3 etc) merely require source code offering 
etc compliance, or-I-pick-up-my-toys-and-go-home, leaving any and 
all culprits in criminal violation of copyright law, which may be 
just why Microsoft spent around US $4Billion over 11 years on proxy
litigation in Utah and Delaware courts to try (get away from failing 
to) defeat the GPLv2, if I can believe my own estimate from my 
http://groklaw.net experience.

-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Arnt Karlsen]

On Tue, 27 Jun 2017 12:09:49 +, Miroslav wrote in message 
<20170627120949.wyhvph3uxrrpxhtr@gdOv>:

> On 170627-11:06+0200, Arnt Karlsen wrote:
> > On Fri, 16 Jun 2017 16:56:24 -0400, zap wrote in message 
> > <505f058b-0fe3-16b2-157d-352d4d56b...@posteo.de>:
> > 
> > > how does one remove that package without removing anything else?
> > > 
> > > 
> > > I mean how do you remove it from being depended on by nearly
> > > every bit of software...
> > > 
> > > 
> > > I want to install openrc so that is why I ask...
> > 
> > ..there's hope, it would take holding the systemd fanbois 
> > to the same standards as the 'clowns' at grsecurity...
> > http://www.theregister.co.uk/2017/06/26/linus_torvalds_slams_pure_garbage_from_clowns_at_grsecurity/
> > 
> 
> Comparing grsecurity to systemd? That's like valuing true gold the
> same as cellophane.
> 
> Heads, which is one of the marvelous thing that happened in FOSS
> lately, and it happened in the Devuan realm of OSes, remains, on top
> of completely free, secured with grsecurity, and not via the Schmoog
> underhanded ripoff of grsecurity code...
> 
> Paid access to test patches
> https://forums.grsecurity.net/viewtopic.php?f=3=4699#p17127
> (
> the recent post by Bradley Spengler, spender, the inventor of
> grsecurity; who is truthful, and together with his anonymous friend
> who goes by the pseudonym PaX Team, but I strongly believe, judging
> by communication with them, that he is just one person... actually I
> also read what spender wrote somewhere to that effect...
> ...[and together with] PaX Team, they kept fixing the kernel, fixing
> all the security holes that Mr Linux wouldn't care about, because of
> his "all bugs are just bugs", security and other, attitude, and
> worse... In that recent post Bradley Spengler, a developer whom I
> trust, openly states, and all facts, all that has happened with the
> code, on that KSPP, serves as confirmation to his words... He openly
> states:
> > Google made the choice to engage in underhanded competition against
> > us with our own code.
> )
> 
> ...[Heads remains secured with grsecurity and not via the Schmoog's
> underhanded ripoff of grsecurity code] which they pay people to,
> essentially, steal from grsecurity, precisely by means of the KSPP
> (Kernal Self Protection Project or so)...
> 
> But [Heads remains secured with grsecurity] via the
> baton-passed-and-firmly-held and grsecurity code honestly
> maintained...
> 
> On grsec and status of heads
> https://heads.dyne.org/news/2017/04/on-grsec.html
> 
> which page should be updated with a link to minipli github page...
> just as the more up-to-date Heads 0.3 announcement says:
> 
> https://heads.dyne.org/news/2017/06/release-03.html
> which points at:
> https://github.com/minipli/linux-unofficial_grsec/
> 
> ...and so Heads remains secured with grsecurity that appears to me
> well maintained for kernel 4.9 (but although I may work thoroughly, I
> work very slowly as well... haven't checked the latest there yet).
> 
> And Heads is gold, as well as the gold: grsecurity (along with purely
> free software) that it uses. Systemd is a very-bad ware, it is some
> spyware-enabler, and other bad things it is, as all poetterware is.
> 
> Just as Linux governed by the Schmoog, it that is what the future
> holds for us, will become as intrusion-enabler as the Schmoog's own
> Chrome is... Secure, yes: secure, but for the stinking Google to be
> the sole one intruder to whoever uses Chrome/Chromium. Little hacker
> fish pretty much out, only the shark Schmoog controling you!
> 
> Danger greater than we think!
> 
> Linus, the kernel should be taken away from you!
> 
> You've already tried to give it over to NSA, back when you
> accomodated for SELinux...
> (
> Developer Raps Linux Security
> http://www.crmbuyer.com/story/39565.html
> )
> ...but grsecurity saved us back then! And SELinux is little if any
> worth by this day...
> 
> And now you've been giving it over to the Scmoog! Who is going to
> save us this time when the stinking Google itself has, as, and I'm
> citing spender again, when the stinking Google has engaged:
> > in underhanded competition against us with our own code
> "us" being spender and PaX Team and their few helpers.
> 
> The kernel should be taken away from under the couple Linus-Schmoog!
> Great danger there! For your own freedom, tuxian!
> 
> Not the first time that I'm calling for kernel to be taken away from
> Linus. See:
> 
> Why is Gentoo not switching to systemd?
> https://forums.gentoo.org/viewtopic-t-998108-postdays-0-postorder-asc-start-300.html#7624044
> where find:
> > Linus, you sold us all. Kernel should be taken away from you! In
> > whichever way. Forked, best.
> 
> And Arnt Karlsen, pls. do not compare grsecurity with systemd. It's
> as bad as putting a frog next to a horse or a knight next to a
> traitor and valuing them the same/honoring them with the same respect.

..by holding people to the same standards, you get to see exactly 

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Bruce Perens]

OK, I don't see much reason to ask Google to help with *that.*

There hasn't been a litigated case, that I know of, of transformative fair
use as applied to Free Software. The closest so far is *Oracle v. Google, *in
which Oracle claimed that Google's use could not be fair use because
it was *not
*transformative. I could, if it were litigated, produce a good expert
testimony that grsecurity does fail the fair use test because it causes
market damage to Linux and the GPL's purpose of accumulating additional
Free Software as modifications are produced. The fact that the market
damage is a non-monetary one was already successfully litigated in the
appeal of *Jacobsen v. Katzer,* although Victoria Hall did not successfully
state Jacobsen's actual damages in the lower court case (she pleaded
something like "by the infringement, the plaintiff was damaged").

Thanks

Bruce

On Tue, Jun 27, 2017 at 11:58 AM, Rick Moen  wrote:

> Quoting Bruce Perens (br...@perens.com):
>
> > I've been getting credible  reports that grsecurity.net is infringing
> the
> > kernel by preventing customers from redistributing the GPL code for their
> > patch.
>
> They would be infringing the copyright on the Linux kernel if it were
> establishable as a judiciable fact that their patchsets fail the fair
> use tests as derivative works -- but that is not clearly the case.
> (At least in US law, fair use is an affirmative defence, so you find out
> whether it's applicable to a particular case only when it's decided.)
>
> Back when qmail, djbdns, etc. were still proprietary code, I heard legal
> commentary on the wide distribution of patchsets, and recall hearing
> lawyerly opinion that such patchsets fairly easily satisfy the test of
> being commentary on the copyrighted work
> (http://fairuse.stanford.edu/overview/fair-use/what-is-fair-use/) as a
> 'transformative' purpose.  So, for example the consensus was that Russ
> Nelson & friends' 'netqmail' patchset did not violate DJB's copyright in
> qmail.
>
> > What is it we want Google to do? They usually listen when I ask...
>
> Brad Spengler seemeed to want Google to cease using old grsecurity
> releases on old kernel codebases (for, I think, Chrome OS) and still
> letting the world think that the results reflected on the quality of
> grsecurity.  Their complaint was that this, in their view, damaged their
> brand.  (A more cynical take would be that they just wanted to get
> paid.)
>
> This much water having gone over the dam, I personally doubt asking
> Google to do/not do something at this late date would mend things.
>
>
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Rick Moen]

Quoting Bruce Perens (br...@perens.com):

> I've been getting credible  reports that grsecurity.net is infringing the
> kernel by preventing customers from redistributing the GPL code for their
> patch.

They would be infringing the copyright on the Linux kernel if it were
establishable as a judiciable fact that their patchsets fail the fair
use tests as derivative works -- but that is not clearly the case.  
(At least in US law, fair use is an affirmative defence, so you find out
whether it's applicable to a particular case only when it's decided.)

Back when qmail, djbdns, etc. were still proprietary code, I heard legal
commentary on the wide distribution of patchsets, and recall hearing
lawyerly opinion that such patchsets fairly easily satisfy the test of
being commentary on the copyrighted work
(http://fairuse.stanford.edu/overview/fair-use/what-is-fair-use/) as a
'transformative' purpose.  So, for example the consensus was that Russ
Nelson & friends' 'netqmail' patchset did not violate DJB's copyright in
qmail.

> What is it we want Google to do? They usually listen when I ask...

Brad Spengler seemeed to want Google to cease using old grsecurity
releases on old kernel codebases (for, I think, Chrome OS) and still 
letting the world think that the results reflected on the quality of
grsecurity.  Their complaint was that this, in their view, damaged their
brand.  (A more cynical take would be that they just wanted to get
paid.)

This much water having gone over the dam, I personally doubt asking
Google to do/not do something at this late date would mend things.


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Bruce Perens]

I've been getting credible  reports that grsecurity.net is infringing the
kernel by preventing customers from redistributing the GPL code for their
patch.

What is it we want Google to do? They usually listen when I ask...

Thanks

Bruce

On Tue, Jun 27, 2017, 09:51 Rick Moen  wrote:

> Miroslav Rovis wrote:
>
> > Heads, which is one of the marvelous thing that happened in FOSS
> > lately, and it happened in the Devuan realm of OSes, remains, on top
> > of completely free, secured with grsecurity, and not via the Schmoog
> > underhanded ripoff of grsecurity code...
>
> Point of information:  Wind River (now a subsidiary of Intel) was also
> guilty of the same thing, shipping an old release of grsecurity with
> backported patches applied to an old kernel, calling the resulting
> commercial product 'Carrier Grade Profile for Wind River Linux'
>
> https://web.archive.org/web/20140521162030/http://www.windriver.com:80/announces/security_carrier_grade_profile/
> (without even acknowledging grsecurity's trademark).
>
> And also VeriFone (according to spender)
> https://forums.grsecurity.net/viewtopic.php?f=3=3938=13940#p13940
>
> Also the Intel/ARM alliance took grsecurity code without credit.
> http://openwall.com/lists/kernel-hardening/2017/05/03/1
>
> Etc.
>
> So, in short, it wasn't just Google, but a widespread problem.  Google
> was just the last straw for spender & co.
>
>
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Rick Moen]

Miroslav Rovis wrote:

> Heads, which is one of the marvelous thing that happened in FOSS
> lately, and it happened in the Devuan realm of OSes, remains, on top
> of completely free, secured with grsecurity, and not via the Schmoog
> underhanded ripoff of grsecurity code... 

Point of information:  Wind River (now a subsidiary of Intel) was also
guilty of the same thing, shipping an old release of grsecurity with
backported patches applied to an old kernel, calling the resulting
commercial product 'Carrier Grade Profile for Wind River Linux'
https://web.archive.org/web/20140521162030/http://www.windriver.com:80/announces/security_carrier_grade_profile/
(without even acknowledging grsecurity's trademark).

And also VeriFone (according to spender)
https://forums.grsecurity.net/viewtopic.php?f=3=3938=13940#p13940

Also the Intel/ARM alliance took grsecurity code without credit.
http://openwall.com/lists/kernel-hardening/2017/05/03/1

Etc.

So, in short, it wasn't just Google, but a widespread problem.  Google
was just the last straw for spender & co.


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] grsecurity ripoff by Google, with Linus' approval WAS: I have a question about libsystemd0 in devuan ascii,

[Arnt Gulbrandsen]

Please pay attention to what Linus actually wrote.

Linus complained about the patches, not the grsecurity code. I know (from 
other threads) that he's not in love with the code either, but what he 
actually complained about is the patches. Linus wants patches with clean 
version history, and he wants commit messages that describe the problem 
solved. More than one commit per problem is okay, but changing two 
unrelated things in one commits is not.


Arnt

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng