Well good riddance
Their patches kinda sucked and were over-burdened with crap licenses, their code will not be missed.
Linux users, the free lunch is over. Pennsylvania-based Open Source Security on Wednesday decided to stop making test patches of Grsecurity available for free. The software, a set of powerful Linux kernel security enhancements, includes features such as support for role-based access controls and chroot restrictions that harden …
The GPL part of their software is available at no cost, via CentOS if not directly from them. Red Hat charges for support and for tools and other additional non-free software, as also is their right. And they are, as stated, doing alright with that model.
Could be. If they're still including GRSecurity's patches without sticking to the license terms, then they've just screwed up. They make a feature of it in their sales blurb, which would now be cut off. I guess we'll see if their kernel drops the GR moniker, or starts becoming increasingly outdated.
AFAIK BlackBerry also use GRSecurity's patches in their version of Android. Seems like a sensible idea.
There is no licensing issue. GrSecurity's kernel are license under GPLv2 which specifically allows the recipient to re-distribute.
However, you are not obliged to re-distribute and nor are grSecurity obliged to do business with you, so if they find that you have distributed the kernel they are entirely within their right to refuse to give you their next version.
The use of the grSecurity trademark is a different matter and I suppose the usage of it depends on what they are claiming in the associated documentation.
However, you are not obliged to re-distribute
While this is technically correct, if a company sells devices which include the GrSecurity kernel patches, then that is re-distribution, and they are therefore obliged to provide the source code to any recipient who requests it.
GrSecurity could be well within their contractual rights to cancel that company's subscription to their future patches, but the alternative is for the company to be in violation of the GPL, and lose any right to redistribute the Linux kernel at all.
So if GrSecurity do take that position, then the only legally tenable use for their patches that I can see, are for hosted services where the machines in question never leave the control of organisations with direct GrSecurity contracts.
GRSecurity, SELinux and RBAC in general are all great perhaps for work but the first time you spend many hours diagnosing a seemingly unrelated problem due to RBAC causing things to silently fail in unpredictable ways you pretty much keep that head ache at work. Not to mention you get to pay up to a 5% performance penalty besides. If security is that important to you you are better off using properly audited OpenBSD instead anyway.
"very few people dedicating half of their life to creating useful original work"
Except Linus perhaps? And probably a load of others heavily involved in the linux kernel. Whose work they have taken and used for personal gain...
I have nothing against people getting paid for what they do, but I think they would have been better served maintaining a public fork of the branch and providing paid for consultancy / support etc. There's a lot of people who earn a living working in Linux.
They are, of course, free to do as they wish with the Linux code, within the terms of the license.
... of making themselves obsolete and irrelevant.
WindRiver may or may not have tried to stiff Grsecurity by not paying for these patches. There's always two sides to any story. But that's besides the point.
WindRiver is allowed, under GPLv2, to create and distribute binaries built from these patches. For free, or for money. If WindRiver distributes binaries, they are required, also under GPLv2, to make the source code for these patches available to anyone, on demand.
However, WindRiver is under no obligation whatsoever to charge money for publishing the Grsecurity source code. Nor are they required to kick some of this money back to Grsecurity.
Grsecurity knew all of this when they sold the patches to WindRiver. All these T's and C's are clearly written in the GPLv2.
The only thing I see in this story is Grsecurity making an ass of themselves, as usual.
If 16 years out of 34 seems too much of a commitment to writing security patches for the Linux kernel for free, then stop doing it, and move on to something else. Or ask RedHat to buy your company, if it's that valuable.
"what an interesting way for Grsecurity ...
... of making themselves obsolete and irrelevant."
I always wondered why grsec hadn't been included in mainstream kernel. Used it in times of 2.4 and 2.6 and it was a pain in the ass to manually apply the patches and recompile the kernel each time, so eventually I've lost interest in grsec when it was still free. It was doomed then already, and paywall just brings closer grsec's death IMO.
> I always wondered why grsec hadn't been included in mainstream kernel.
They've been accused of violating GPLv2 in the past. No serious Linux distro would touch this stuff with a 10-foot pole.
Interesting and sleazy weasel-words offered as justification.
Piling in against someone who doesn't seem to comprehend the ramifications of the license they released their code under seems entirely justified. If anyone releases products with a GPLv2 kernel they are *obliged* under the terms of the GPL to make source code available to those they sell the products to.
If you release code under a GPLv2 license it seems a bit rich to complain when people actually use it under the terms that the license allowed ...
"If anyone releases products with a GPLv2 kernel they are *obliged* under the terms of the GPL to make source code available to those they sell the products to."
They are not obliged to provide you with new versions if you break the terms of the commercial agreement however. That agreement is orthogonal to the license.
Biting the hand that feeds IT © 1998–2021