Home » Gadgets » Grsecurity: Open Source Security sues Bruce Perens for slander

Grsecurity: Open Source Security sues Bruce Perens for slander

Friday, August 4th, 2017 | Gadgets

The company Open Source Security, developer of the Grsecurity patches, has filed a lawsuit against the renowned open-source developer Bruce Perens in a California court. Perens had damaged the reputation of the company. The trigger of the lawsuit is a blog post Perens, in which he warns customers, Open Source Security violates the GPL. A monthly dispute between kernel developers and open source security preceded.

The grsecurity patches for the Linux kernel, developed by Open Source Security, are only made available to a number of customers. The patches are, however, for compatibility reasons under the GPLv2, because the software deeply anchored in the Linux kernel, which is also under the GPLv2. Two years ago, Open Source Security forbade its customers to pass the code of stable versions of its grsecurity patches, although this is explicitly required under GPLv2. In April 2017, Open Source Security extended the ban on the test versions of its software. Customers must contractually agree to the ban.
Dispute over the validity of the GPLv2
However, this violates the GPLv2, which explicitly forbids such clauses, and thus expires, writes Perens in his blog post from June 2017. He warns Open Source Security customers that they may have used an unlicensed version of the Linux kernel, Copyright infringement.
Open Source Security does not violate the GPLv2, it says in the Prosecution. On the contrary, the Treaty rules apply only to codes which are in the planning phase and which are still to be developed. Perens utterances are callousing for the company.

Controversy over the code
Company boss Brad Spengler made the decision not to make grsecurity patches public, so that many companies profit from the security patches without paying for it. In addition, Spengler was frustrated in the past that his patches would be reluctant to be included in the Linux kernel even though he often submitted them there.
Linux-Chefhacker Linus Torvalds had recently described the submitted patches as "garbage". They would regularly "break down other things" and not submit them in the clear form, as requested by other kernel developers. The then-accepted code parts would have had to be thoroughly reworked. When Spengler complained that his code was being privatized, he did not understand it, said Torvalds.
Controversy about money
He would like to do that if he was paid for it, countered Spengler and threw Torvalds to neglect the security aspect in the Linux kernel. He quoted a report from the Core Infrastructure Initiative (CII) of 2016, which found that there were not enough developers for the security work on the kernel to work on these problems without payment. In fact, Torvalds considers security bugs to be common mistakes in the code and has been refusing to give them a special place for years. Therefore, it accepts security patches only in small, manageable code units, just like other patches.
Grsecurity and its partner project Pax were often pioneers in technologies that make it harder to exploit security gaps. For example, Pax provided the first implementation of the ASLR (Address Space Layout Randomization) for Linux. Almost all exploits for security holes in the Linux kernel failed in the past when the grsecurity patch was used. Finally, Grsecurity introduced an implementation of ControlFlow Integrity with the extension RAP.

Incoming search terms:

Related

USA officially withdraw from the climate

The United States has officially informed the United Nations about its intention to

Bitcoin Vs Usd

Bitcoin Vs Usd XBT to USD currency converter. Get live exchange rates for

Chris Cornell Brandon Boyd

Chris Cornell Brandon Boyd Chris Cornell Brandon Boyd Vlogs Bryson Tiller – Exchange

Sinead O'connor Emperor's New Clothes Re

Sinead O'connor Emperor's New Clothes Remix This page has many articles about sinead