1. 29

  2. 23

    Nothing says “please entrust your business with us” than suing a critic for defamation.

    1. 17

      I’m not a big fan of Perens by any means, but being sued for stating an opinion on licensing seems a bit dubious to me – but I am of course, not a lawyer.

      1. 5

        Especially given he seems to be pretty much on the money with the assertions made.

        1. 5

          I’m not a big fan of Perens by any means, but being sued for stating an opinion on licensing seems a bit dubious to me – but I am of course, not a lawyer.

          It depends on the jurisdiction, but given that this is filed in the US Federal system, it’s pretty dubious. They’d have to prove that not only what Perens said was false, but also that he acted with either negligence or actual malice (essentially, they’d have to show it was false, that he knew it to be false, and that he acted with reckless disregard to that knowledge).

          This is in practice monumentally hard to prove. Even if you set aside the fact that what he said is probably true, even if it were false, unless Bruce Perens left a paper trail of statements along the lines of “I know this is false but I want to screw these guys and destroy their business with my false statements!”, it’s enough of a defence that he says he believed it to be true, because it doesn’t follow that he made the claim to imply the existence of facts which could be easily verified to be false (the Milkovich ruling the complaint mentions).

          (IANAL either, but this is pretty clear-cut caselaw)

          1. 1

            Doesn’t GRC win (the ability to say they’re non-infringing) here if they prove the statements false, even if they don’t prove defamation.

            1. 4

              No, you’re allowed to express opinions that later turn out to be incorrect.

              What this hinges on is that reasonable people can reasonably disagree about the interpretation of the GPL (disagreeing about the meaning of contracts is, after all, what lawyers do) and they can certainly express their opinions about that interpretation.

              You’d need to sell the judge on the idea that both GRC’s interpretation was correct AND it was so manifestly and obviously correct that the only possible interpretation of Perens’ statement was that he was making it to defame GRC because the opinion was so trivially proven false.

              Prior to Milkovich, expressing any opinion at all was protected. Milkovich’s wrinkle was that you couldn’t do something like “In my opinion, based on evidence I’ve seen, he’s lying” (implying the existence of evidence that shows he’s lying) if none existed and you could trivially have verified that there was no such evidence.

              Perens wasn’t doing that. He made a cogent argument based on his understanding of the GPL. That it disagrees with GRC’s interpretation, even if GRC’s interpretation is upheld in a court of law in the future, doesn’t make it defamatory.

              1. -2

                I doubt that.

              2. 1

                Well, there’s law on what he said and copyright law itself. Anyone backing up the infringement claim can focus on the copyright angle in the next court.

          2. 13

            Bruce’s piece must’ve eaten into their profits. Good!

            1. 8

              This is the end of Grsecurity. At least, I hope it is.

              1. 5

                I couldn’t disagree more. I believe entities like grsec pushing kernel security forward in any way is valuable, whether or not Linus or your or anyone agrees or disagrees with what or how they’re doing it. Having these other players looking out for and challenging the status quo of system security seems valuable. Having them become closed source is weird and unfortunate, but I certainly don’t want them to go away.

                1. 11

                  I agree with you in principle, except they seem to be operating in bad faith here with their subscription terms. A positive outcome for this would be for them to respect the GPLv2 and stay in business with a reformed business plan.

                  1. 5

                    These days there is the KSPP and I’m much more comfortable with the way they are operating. Obviously many of their patches are based on work by PaX/Grsecurity (at least for the time being), but unlike Brad Spengler et al. they are much more transparent about their work, don’t throw a public temper tantrum every two months, acknowledge that things other than security might matter too and actually cooperatively work with upstream instead of acting like everybody secretly hates them.

                    PaX/Grsecurity have brought great innovations and I think there is room for more radical security improvements that aren’t bound by the strict compatibility policy of mainline Linux, but Grsecurity is being way too hostile to make me trust the security of my machines to them. I’m also not convinced their technical process is sound and up to modern standards, but who knows what they are really doing?

                2. 7

                  At first it seemed like a pretty close thing to me (the original argument, not the defamation action, which is bullshit regardless IMO) — I can see where grsecurity’s argument is coming from. They’re saying “we give you the GPL’d code, we do it in compliance with the GPL, and you have all the rights to give you to the code you received, so everything is hunky-dory. But we aren’t obligated (except by our agreement) to keep giving you new versions, and we’ll terminate that agreement if we find out you redistributed”. I can see how they think that holds up.

                  But that section 6: “you may not impose any further restrictions on the recipients’ exercise of the rights granted herein”. Again, I can imagine the narrow interpretation where they think they’re staying within the letter of that… but I expect they’re entirely wrong. They’re holding customers to a pre-existing agreement that specifically covers what they can do with GPL code and imposes a penalty for redistribution, so in all likelihood (in my highly unprofessional opinion) that means that the GPL doesn’t grant them any right to convey the code to any customers covered by that kind of agreement. And as the GPL says, if it doesn’t, nothing else does. So I think I’m convinced.

                  1. 4

                    Has anyone contacted Popehat yet? This is exactly the sort of thing Ken enjoys writing about! If nobody has, I will after work. :)

                    Edit: I sent him a note. If he decides to weigh in, I look forward to Ken’s great commentary.

                    1. 3

                      Passing the bar exam is the equivalent of selling pickaxes in the complicatedly licensed software gold rush.

                      1. -5