[Ksummit-discuss] grsecurity and kernel hardening

James Bottomley James.Bottomley at HansenPartnership.com
Thu Aug 27 22:49:52 UTC 2015


On Thu, 2015-08-27 at 15:08 -0700, Stephen Hemminger wrote:
> Looks like grsecurity has had a turn for the worse
>  http://www.theregister.co.uk/2015/08/27/grsecurity/

We could add this to the legal discussion.  The above article reads like
a classic how not to do things right.  Trademarks aren't like copyrights
or patents, they're really tricky things to use successfully.  You can't
register them and only pull them out of a drawer when someone does
something you don't like.  For trademarks, you have to establish your
mark and the norms first.  This usually requires some sort of policy
statement, the most critical element of which is (especially if the mark
is actually part of the distributed open source base or a tag attached
to the patch set) what acceptable and non-acceptable use is.  In
particular, you can't allow people to use it all over the place and then
later turn around and decide X use is a trademark infringement because
you now decide you don't like it or whoever's using it hasn't paid you
any money.

The Iceweasel controversy notwithstanding, Mozilla seems to have about
the most effective Open Source trademark practises.  They certainly
demonstrate that a trademark gives you more control than you'd otherwise
expect over a permissively licensed project.

>  But can't say that I blame him for being mad about vendors
>  using without giving back...

We also have to be a little careful about this.  The strict requirements
are whatever the licence says and nothing more.  We like it when vendors
give back, either by becoming contributing members of the community or
sponsoring conferences, or even just giving developers cash, but we have
to acknowledge that they don't do it because they're required to, or
even because they feel morally obliged to ... they mostly do it because
they have sound business reasons for doing so.

Getting a vendor to see that they have sound business reasons for giving
back is a specialised skill usually practised over long time period and
only successfully by a few people in the industry.  It doesn't happen
automatically and certainly not because you have a dummy spit over
someone taking something you advertised as "for free" and having the
temerity to expect not to have to pay you.

Perhaps it would be useful to run a "how to get your company to regard
open source as an investment" type training course, but it's probable
that the kernel summit isn't the best venue.

James




More information about the Ksummit-discuss mailing list