1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA256 |
3 |
|
4 |
On 04/09/15 14:37, Marc Schiffbauer wrote: |
5 |
> * philipp.ammann@××××××.de schrieb am 04.09.15 um 13:33 Uhr: |
6 |
>> Am 03.09.2015 23:08 schrieb Marc Schiffbauer: |
7 |
>>> True and what I wanted to say with the OTOH part. But doesn't |
8 |
>>> this apply to any sponsor? I mean we are talking about GPL'ed |
9 |
>>> Software... does the GPL permit to distribute source under some |
10 |
>>> kind of NDA? |
11 |
>>> |
12 |
>>> I fully respect their decision but I hope things will be back |
13 |
>>> to normal again soon. |
14 |
>>> |
15 |
>> |
16 |
>> No you can't override the GPL with an NDA. But a sponsor - who is |
17 |
>> selling products based on grsecurity - is not required to make |
18 |
>> the code available to the general public, only to the customer |
19 |
>> who pays for the product. They're also not required to make their |
20 |
>> /patches/ available, only the complete source. So even if you get |
21 |
>> the sources from a customer (or you buy the product yourself), |
22 |
>> you would have to diff the code against a vanilla kernel - and |
23 |
>> then you only get a huge patch that includes *all* changes. |
24 |
>> Extracting just the grsecurity patch from that is complicated and |
25 |
>> error prone. You'll probably run into less bugs if you just stick |
26 |
>> to the public testing patches. |
27 |
> |
28 |
> Yes, but the point I was trying to make is: Such a customer can |
29 |
> make the sources available to the public. I am NOT saying we should |
30 |
> do this but in theory it would be possible. Lets see what the |
31 |
> future brings. This is going to be too OT ;) |
32 |
> |
33 |
> -Marc |
34 |
> |
35 |
|
36 |
I tried to fix a PaX patch time ago, After the attempt I think my |
37 |
"patch" started to make coffee instead of working as a truth patch. |
38 |
|
39 |
Yeah! You could try to do that and may be you would create a new AI |
40 |
life form in the process accidentally. |
41 |
|
42 |
Taint Grsec-PaX patches is hard, and if you don't know what are you |
43 |
doing it's something like a terrible teethache. |
44 |
|
45 |
I think that with distribution if grsec is considered a derivative |
46 |
work of a linux kernel the sponsor must make available the source code |
47 |
to the public, I don't think patch available, just source code. The |
48 |
question I think is that if they try to fork grsec, the effort to make |
49 |
a good grsec patch from sources and vanilla kernel and maintain it in |
50 |
a good state at same level as Brad and Pipacs do is feasible for all |
51 |
of them in time, in quality and economicaly. I don't think so. |
52 |
|
53 |
Apple Apple said: |
54 |
> |
55 |
> The software industry is full of hypocrisies like this. Yes it is |
56 |
> true that a company cannot legally stop a customer from releasing |
57 |
> GPLed code; in reality they just use other threats to get what they |
58 |
> want. For example, if you release code today, we will not give you |
59 |
> the update tomorrow, or if you have a problem we don't answer the |
60 |
> phone or you want to renew your contract next year? Sorry it costs |
61 |
> 2x now. Etc. |
62 |
> |
63 |
|
64 |
IMO Free as in Freedom not price, Welcome to services business model. |
65 |
Brad needs to live too ¿don't you think? If they want that Brad |
66 |
supports the source code (I don't know the case in question) that they |
67 |
will use freely to his business it's logic that Brad wants a fee by |
68 |
his time. At least I think so. Isn't it? |
69 |
|
70 |
GPL don't forbid modify the source code if they want to do what Brad |
71 |
does... if they have the knowledge, the time and all the coffee |
72 |
needed, and GPL neither makes the maintainers slaves :). |
73 |
|
74 |
|
75 |
|
76 |
-----BEGIN PGP SIGNATURE----- |
77 |
Version: GnuPG v2 |
78 |
|
79 |
iQIcBAEBCAAGBQJV6gvkAAoJEFfmTgt/w77fk2IP/0fjFoi/BTM5ZipIaAIcSZon |
80 |
49JQMOcEwCRX29I/ftsJig57tGBTaCcfyITwHI84p8K2FB+NalX79NReKSKsMtyC |
81 |
OiU8YQOhNAaufqF0byKQi5L2AGEvpDq1lYaBW4cyiVOKQhs+d09GIl3CrEQ/mD2W |
82 |
5bLRjw5Olqx3uHL0en8y1WY1jB7Ws18amE8qCjPcgm3IVJqMn1oFEO2nR7+KOP98 |
83 |
Pbsqb6lQpVlgx0HZaAXG1cI5Pi7p3hgtRe8bXY0c8IE12HEcixWNj+2uzCP7POR/ |
84 |
RexzPl1uzNxcUHUmDx8DRIm0ikLpPo3HWtosJVbKf2+z/Tu5mK5CXnmHK/gGFP/P |
85 |
OSONkYPCW8aYYHUG3Bpv1DecYGqpQ+S7M2TVkwlCHH6t9ntMqY/3Sj8PsWZxXjhE |
86 |
B+vXNuH+QS6o/+pCvYusIgWgBY7H1azyHnfsdSXC74YmwvSs8rk0QnmwLXPyVTSH |
87 |
AX5bol01gepGvKh5+sp0BQk/gMOwwlObkPrt3pc/tSG6PCUxNEfE2NyheJOmGnOT |
88 |
+Hr+EVF0J/1h3f8hF5B6PnTfGHq1nGRTxGt1Mt+KHwjrtgunt0Yszrx1KMsjEVji |
89 |
o4iqtl1vc+CpMjutenuXhHUh5GGtkMnbR0PzvZqweoqniROTbtBRVZiwV/D+sJKY |
90 |
+teQQWrSxnBUvVzZa4Bb |
91 |
=mdxR |
92 |
-----END PGP SIGNATURE----- |