GRsecurity is preventing others from redistributing source code

Neal McBurnett neal at
Wed Jun 1 14:52:29 UTC 2016

I agree with RMS that it sounds like this is a GPL violation.  That also seems to agree with what you quoted from bkuhn (Brad Kuhn, president of Software Freedom Conservancy), who simply noted that we needed more details and the complaint has to be originitated by someone who does have the code and wants to distribute it.  That's quite different from your characterization of the SFC response.

And I agree that this is quite different from what Red Hat does, since they do distribute their patches.  They protect their brand via trademark, which is appropriate.

Someone who wants to open up GRsecurity patches could buy commercial support:   Elsewhere it has been said that support cost $200, but perhaps that has changed.

Thanks for noting this, and I hope we find someone who can actually make this happen, or file a legal case.

Neal McBurnett       

On Wed, Jun 01, 2016 at 02:37:51PM +0000, concernedfossdev at wrote:
> Here is RMS' response:
> Re: GRsecurity is preventing others from employing their rights under version 2 the GPL to
> redistribute source code
> Richard Stallman (May 31 2016 10:27 PM)
> [[[ To any NSA and FBI agents reading my email: please consider ]]]
> [[[ whether defending the US Constitution against all enemies, ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> If I understand right, this is a matter of GPL 2 on the Linux patches.
> Is that right? If so, I think GRsecurity is violating the GPL on
> Linux.
> --
> Dr Richard Stallman
> President, Free Software Foundation (,
> Internet Hall-of-Famer (
> Skype: No way! See

On Wed, Jun 01, 2016 at 02:15:46PM +0000, concernedfossdev at wrote:
> There is an important distinguishing feature: RedHat itself does release its sourcecode, albit as huge code patches rather than the little ones that are desired, but that makes the issue moot even before it would go to court.
> That is an important distinction, so these situations are not the same.
> Here the source is not released by Spengler to the public,
> the stable patches do differ substantially from the "testing" patches
> (one feature is 5 times bigger in the closed stable patch), and 
> sublicensees are threatened to not distribute.
> Now some people are arguing that kernel patches are not derivative works;
> which would make the entire GPL even MORE worthless than it already has shown to be in practice.
> And the SFConservancy doesn't seem to give a damn,
> and #fsf and #gnu all scream to the high heavens that what spengler is doing is just fine and
> they seem to totally support him in it.
> I try to teach them that there is more to the law than their license but they won't listen.
> ----
> There is a legal term for this. It's called acting in bad faith.
> That often gets your contract nullified.
> Here there is a license grant. Spengler is acting in bad faith to frustrate its purpose.
> It does not matter if he is breaking legs, threatening to expose secrets, or threatining to raise prices to exorbidant rates, or to cease sending the patches:
> What matters is that his goal is to deny the sublicensee the right given to the sublicensee by the original licensor, and that he has obtained that goal via his actions (the threats here).
> He has frustrated the purpose of the agreement (the grant) he had with the original licensor, and thus
> the grant fails. In other words: he has violated the license.
> June 1 2016 2:02 PM, "Jonathan Corbet" <corbet at> wrote:
> > On Tue, 31 May 2016 18:47:38 +0000
> > concernedfossdev at wrote:
> > 
> >> Is this not tortious interference, on grsecurity's (Brad Spengler) part,
> >> with the quazi-contractual relationship the sublicensee has with the
> >> original licensor?
> > 
> > Unfortunately, it doesn't seem to be that way. This is essentially the
> > Red Hat approach, and that has generally been deemed to be acceptable over
> > the years.
> > 
> > jon
> > --
> > Jonathan Corbet / / corbet at

More information about the Ubuntu-devel-discuss mailing list