Solaris fix-it firm offers free Bash patch for legacy Oracle kit A Solaris fix-it-firm being sued by Oracle over copyrighted code says it has stepped in to defend customers not protected by Larry Ellison's firm from Bash attacks. Terix has released a Bash fix for Solaris on SPARC and x86 that it claims goes further than Oracle’s own recent Bash patch. Bash, vulnerability CVE-2014-7169, …
I'm no lawyer, but their Support Terms of Use make it pretty clear that you can't access the site for the purpose of giving your customers something they aren't entitled to themselves:
"You agree that access to the Support Portal, including access to the service request function, will be granted only to your designated support contacts and that the Materials may be used only in support of your authorized use of the Oracle product and/or cloud services for which you have a current support contract. Except as specifically provided in your agreement with Oracle, the Materials may not be used to provide services for or to third parties and may not be shared with or accessed by third parties."
Where it gets murky is the situation you've described, where you pick up knowledge in the course of your authorised access that happens to be helpful to a third party sometime in the future. My guess would be that saying "oh hey, I have a downloaded copy of a support article that might come in handy here" is out, but saying "I've hit this problem before and I remember what the fix was" is ok - unless Oracle want to claim they own the part of your brain holding their content, of course...
It sounds like the behaviour described in the article, offering patches you've written yourself without access to licensed support material, is quite different from what they're squabbling about in the lawsuit. Whether it contravenes some other license clause is a whole separate question.
you can't access the site for the purpose of giving your customers something they aren't entitled to themselves:
However, in the case of GPL code, those customers *are* entitled[1] to the updates, and it would void Oracle's right to distribute the software if they try to prevent anyone from getting them...
Vic.
[1] I'm ignoring the possibility of a Section 3(a) distribution, because I'm pretty sure Oracle doesn't do that. Not every single time, at least...
Also a bit tricky, because if the license with the Sun^H^H^HOracle hardware included perpetual support, then it seems to me that this contradicts Oracle's terms that restrict distribution of patches. Oracle's assertion that "perpetual support" means third parties can support the hardware perpetually is a bit silly. Once I've bought software and hardware, I have every expectation (once warranty or expected support from the original vendor is run out) to be able to get support for this hardware and software from anybody I want; it's up to the license to *remove* this right if it's not allowed for a specific piece of software or hardware. I assume that the "perpetual support" term is probably courtesy of Sun, and Sun probably had every expectation to at least provide patches for the useful life of the hardware they shipped (you'd pay for new OS versions but get bug and security fixes for your existing OS free.)
Oracle refused to give us the Solaris 9 bash patch, despite releasing the Solaris 11, 10 AND 8 patches! The Solaris 9 Bash patch depended on another patch which they deemed a Vintage Systems patch and of course we did not have that support...!
Eventually they relented; I guess they received so many requests and complaints (like mine and I also opened level 1 SRs with them for this) that they felt bad about it and gave in, but who knows how these people work...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
