[SwellJoe]

"Also, you should read the fine print from any other Linux vendor – RHEL, Oracle, etc. You don't have to go on "my understanding from several reliable sources", the documents actually state they'll terminate you as a customer if you redistribute their stuff."

I don't know about Oracle, but I know about Red Hat. They not only do not prohibit one from distributing source code and the patches they apply to it, they distribute it freely themselves, and help maintain a free distribution of RHEL called CentOS built from the same sources they use for RHEL.

There is no reasonable way to compare Red Hat's policies about source distribution and availability to grsecurity.

[cyphar]

The same goes for SUSE as well. Not only that, but the openSUSE community created an entirely new distribution based on the SLE sources (openSUSE Leap).

[drewcrawford]

> Red Hat. They not only do not prohibit one from distributing source code and the patches they apply to it

Of course they prohibit it. e.g. from [1]

> This EULA does not permit you to distribute the Programs or their components using Red Hat's trademarks, regardless of whether the copy has been modified. You may make a commercial redistribution of the Programs only if (a) permitted under a separate written agreement with Red Hat authorizing such commercial redistribution, or (b) you remove and replace all occurrences of Red Hat trademarks.

from [2]

> Distributing the Software and Services (or any portion) to a third party outside the Portal or using the Software and/or Services to support a third party without paying for each Instance is a material breach of this Agreement even though the open source license applicable to individual software packages may give you the right to distribute those packages

from [3]

> Any unauthorized use of the Subscription Services is a material breach of the Agreement, such as... (d) using Subscription Services in connection with any redistribution of Software

[1] https://www.redhat.com/f/pdf/licenses/GLOBAL_EULA_RHEL_Engli...

[2] https://www.redhat.com/licenses/cloud_CSSA/Red_Hat_Cloud_Sof...

[3] https://www.redhat.com/licenses/GLOBAL_Appendix_one_English_...

[SwellJoe]

Your first quote covers trademarks. That is unrelated to source code. CentOS ships with a different set of trademarks. If you want to rebuild and redistribute the RH sources, you remove the trademarks. That's well understood and well within the terms of the GPL.

Second refers to binary builds of the software. Also well within the terms of the GPL.

Third refers to the Subscription Service which includes access to binary builds, access to a customer portal with knowledge base, private support tickets, etc.

None of these refer to distribution of source, which is explicitly permitted by Red Hat.

[drewcrawford]

> Your first quote covers trademarks. That is unrelated to source code.

Source code contains trademarks, that is why CentOS has to remove them. If you distribute the source code you get from the RHEL subscription area you have violated your RHEL agreement.

You are not in violation of the GPL, but that is precisely my point: everybody does this, and nobody (except OP) believes it is a GPL violation.

[SwellJoe]

I'm not interested in re-litigating the trademark discussion here. It's not relevant to the grsecurity conversation, and it's been settled for a decade or so. Trademark law is separate from copyright law and really has no place in a copyright discussion.

Red Hat places branding in their own packages, generally, which is easily replaced by distributions...they do their own re-branding in Fedora and CentOS; the trademarks are built to be removable. Red Hat went out of their way to make it easier to build a from-source RHEL without violating trademarks, despite not really having a legal obligation to do so.

[drewcrawford]

My assertion had nothing to do with whether they made it easy or hard to remove their trademarks.

My assertion was that Red Hat customers make agreements with Red Hat in which they agree not to redistribute RHEL. That is directly analogous to the GRSecurity case, except there we are relying on something OP heard thirdhand and in the case of RH we can read the agreements.

[SwellJoe]

"My assertion was that Red Hat customers make agreements with Red Hat in which they agree not to redistribute RHEL. That is directly analogous to the GRSecurity case, except there we are relying on something OP heard thirdhand and in the case of RH we can read the agreements."

Then your assertion is a lie. I feel like I'm talking to a wall.

Red Hat very clearly does not prohibit distribution of the source of their kernel, or any other GPL component of RHEL, and in fact they make it available for free in the form of CentOS, and they do not prohibit others from distributing it either. Everything you've quoted above says nothing about what you keep saying it means.

[cyphar]

You don't understand the issue then (and your assertion is patently false as I outlined elsewhere).

First of all, requiring trademark removal is something the FSF considers acceptable so long as it is reasonable to do[1]. Both RHEL and SUSE have all of their branding in specifically labeled packages so it is easy to replace.

Second of all, GRSecurity will always penalise you if you distribute their sources (regardless of whether you remove any trademarks they may have in their source -- which I don't think they do).

The two issues are completely different and you're muddying the waters by bringing up Red Hat, even though the free software community has agreed that removal of trademarks is acceptable[1]. You're bringing up a non-issue in a discussion about an actual issue.

[1]: https://www.gnu.org/distros/free-system-distribution-guideli...

[cthalupa]

Red Hat requires you remove their trademarks before distributing the component. The trademarks are not the source code.

They do not restrict you from distributing the source code.

Grsecurity restricts you from distributing the source code.

These are very different things.