Grsecurity Breaks its Silence on Defamation Lawsuit

If the software is licensed under the GPL, and you distribute the source code with the binaries (as opposed to making an offer for source code), you are under no obligation to supply future releases to anyone.

NextGen Medium-Rectangle-300×250-3a

Open Source Security, Inc. (OSS) publishes grsecurity, a suite of security defenses for Linux used in high-security environments and products across a range of industries including defense, government, and finance.

OSS has finally broken its silence over its recently concluded defamation lawsuit against a non-lawyer who in 2017 had claimed in a widely-publicized blog that OSS had violated the GPL and subjected its customers to contributory copyright infringement liability by virtue of its subscription agreement that contained conditions on future services.

OSS' response is in a series of three blog posts. In the first, OSS reveals information about the anonymous troll that formed the basis of defendant's post about OSS' subscription agreements for its grsecurity software. In defendant' rush to judgment, he had not even seen a copy of OSS' subscription agreement before making his first post, and cited unnamed "reliable witnesses" that OSS claimed in court do not exist. In the second post, OSS details a number of controversies defendant has been involved in previously. In the final post, the wider implications of OSS' experience are discussed.

Others have weighed in either recently or previously, discrediting the claims made by defendant, who owns a for-profit license compliance business and has been the subject of frequent controversy.

The Free Software Foundation (FSF) has previously stated, regarding the interaction between subscription terms on future services and the GPL, that "If the software is licensed under the GPL, and you distribute the source code with the binaries (as opposed to making an offer for source code), you are under no obligation to supply future releases to anyone."

Bradley Kuhn, Policy Fellow of the Software Freedom Conservancy (SFC) has previously stated, "If we interpreted the GPL to say that you were required to keep someone as a customer no matter what they did, that would be an unreasonable interpretation." He has further stated that a similar subscription agreement of Red Hat's was "GPL-compliant."

An intellectual property attorney, Rohit Chhabra, has also weighed in on the matter, saying that, "I find no legal issue, whatsoever, in OSS’s condition to provide access to future versions from their servers only if users do not exercise their GPL rights." Chabbra has published a detailed legal analysis on his website.

Chhabra has also offered the following, on a second blog regarding the lawsuit, "In public interest, I am willing to discuss this further, free of cost, with the legal counsel of any business entity that is considering to replicate OSS’s business model, or those who would like to be OSS’s customers and enhance the security of their Linux based servers by utilizing the grsecurity patch."

For more information about grsecurity and its world-class Linux security, please visit https://grsecurity.net

Share article on social media or email:

NextGen Leaderboard-728×90-1a