| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA256 |
| 3 |
|
| 4 |
On 04/09/15 14:37, Marc Schiffbauer wrote: |
| 5 |
> * philipp.ammann@××××××.de schrieb am 04.09.15 um 13:33 Uhr: |
| 6 |
>> Am 03.09.2015 23:08 schrieb Marc Schiffbauer: |
| 7 |
>>> True and what I wanted to say with the OTOH part. But doesn't |
| 8 |
>>> this apply to any sponsor? I mean we are talking about GPL'ed |
| 9 |
>>> Software... does the GPL permit to distribute source under some |
| 10 |
>>> kind of NDA? |
| 11 |
>>> |
| 12 |
>>> I fully respect their decision but I hope things will be back |
| 13 |
>>> to normal again soon. |
| 14 |
>>> |
| 15 |
>> |
| 16 |
>> No you can't override the GPL with an NDA. But a sponsor - who is |
| 17 |
>> selling products based on grsecurity - is not required to make |
| 18 |
>> the code available to the general public, only to the customer |
| 19 |
>> who pays for the product. They're also not required to make their |
| 20 |
>> /patches/ available, only the complete source. So even if you get |
| 21 |
>> the sources from a customer (or you buy the product yourself), |
| 22 |
>> you would have to diff the code against a vanilla kernel - and |
| 23 |
>> then you only get a huge patch that includes *all* changes. |
| 24 |
>> Extracting just the grsecurity patch from that is complicated and |
| 25 |
>> error prone. You'll probably run into less bugs if you just stick |
| 26 |
>> to the public testing patches. |
| 27 |
> |
| 28 |
> Yes, but the point I was trying to make is: Such a customer can |
| 29 |
> make the sources available to the public. I am NOT saying we should |
| 30 |
> do this but in theory it would be possible. Lets see what the |
| 31 |
> future brings. This is going to be too OT ;) |
| 32 |
> |
| 33 |
> -Marc |
| 34 |
> |
| 35 |
|
| 36 |
I tried to fix a PaX patch time ago, After the attempt I think my |
| 37 |
"patch" started to make coffee instead of working as a truth patch. |
| 38 |
|
| 39 |
Yeah! You could try to do that and may be you would create a new AI |
| 40 |
life form in the process accidentally. |
| 41 |
|
| 42 |
Taint Grsec-PaX patches is hard, and if you don't know what are you |
| 43 |
doing it's something like a terrible teethache. |
| 44 |
|
| 45 |
I think that with distribution if grsec is considered a derivative |
| 46 |
work of a linux kernel the sponsor must make available the source code |
| 47 |
to the public, I don't think patch available, just source code. The |
| 48 |
question I think is that if they try to fork grsec, the effort to make |
| 49 |
a good grsec patch from sources and vanilla kernel and maintain it in |
| 50 |
a good state at same level as Brad and Pipacs do is feasible for all |
| 51 |
of them in time, in quality and economicaly. I don't think so. |
| 52 |
|
| 53 |
Apple Apple said: |
| 54 |
> |
| 55 |
> The software industry is full of hypocrisies like this. Yes it is |
| 56 |
> true that a company cannot legally stop a customer from releasing |
| 57 |
> GPLed code; in reality they just use other threats to get what they |
| 58 |
> want. For example, if you release code today, we will not give you |
| 59 |
> the update tomorrow, or if you have a problem we don't answer the |
| 60 |
> phone or you want to renew your contract next year? Sorry it costs |
| 61 |
> 2x now. Etc. |
| 62 |
> |
| 63 |
|
| 64 |
IMO Free as in Freedom not price, Welcome to services business model. |
| 65 |
Brad needs to live too ¿don't you think? If they want that Brad |
| 66 |
supports the source code (I don't know the case in question) that they |
| 67 |
will use freely to his business it's logic that Brad wants a fee by |
| 68 |
his time. At least I think so. Isn't it? |
| 69 |
|
| 70 |
GPL don't forbid modify the source code if they want to do what Brad |
| 71 |
does... if they have the knowledge, the time and all the coffee |
| 72 |
needed, and GPL neither makes the maintainers slaves :). |
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
-----BEGIN PGP SIGNATURE----- |
| 77 |
Version: GnuPG v2 |
| 78 |
|
| 79 |
iQIcBAEBCAAGBQJV6gvkAAoJEFfmTgt/w77fk2IP/0fjFoi/BTM5ZipIaAIcSZon |
| 80 |
49JQMOcEwCRX29I/ftsJig57tGBTaCcfyITwHI84p8K2FB+NalX79NReKSKsMtyC |
| 81 |
OiU8YQOhNAaufqF0byKQi5L2AGEvpDq1lYaBW4cyiVOKQhs+d09GIl3CrEQ/mD2W |
| 82 |
5bLRjw5Olqx3uHL0en8y1WY1jB7Ws18amE8qCjPcgm3IVJqMn1oFEO2nR7+KOP98 |
| 83 |
Pbsqb6lQpVlgx0HZaAXG1cI5Pi7p3hgtRe8bXY0c8IE12HEcixWNj+2uzCP7POR/ |
| 84 |
RexzPl1uzNxcUHUmDx8DRIm0ikLpPo3HWtosJVbKf2+z/Tu5mK5CXnmHK/gGFP/P |
| 85 |
OSONkYPCW8aYYHUG3Bpv1DecYGqpQ+S7M2TVkwlCHH6t9ntMqY/3Sj8PsWZxXjhE |
| 86 |
B+vXNuH+QS6o/+pCvYusIgWgBY7H1azyHnfsdSXC74YmwvSs8rk0QnmwLXPyVTSH |
| 87 |
AX5bol01gepGvKh5+sp0BQk/gMOwwlObkPrt3pc/tSG6PCUxNEfE2NyheJOmGnOT |
| 88 |
+Hr+EVF0J/1h3f8hF5B6PnTfGHq1nGRTxGt1Mt+KHwjrtgunt0Yszrx1KMsjEVji |
| 89 |
o4iqtl1vc+CpMjutenuXhHUh5GGtkMnbR0PzvZqweoqniROTbtBRVZiwV/D+sJKY |
| 90 |
+teQQWrSxnBUvVzZa4Bb |
| 91 |
=mdxR |
| 92 |
-----END PGP SIGNATURE----- |
Archives