[josephcsible]

If Oracle ever wants to be the good guys just once, I have an idea for them that's right in their wheelhouse. Step 1: buy grsecurity's kernel hardening patches. Step 2: put said patches in the publicly released UEK source. Step 3: wait for grsecurity to refuse to give them future patches. Step 4: sue grsecurity for imposing further restrictions on the exercise of rights granted by the GPL.

[somat]

I think the weakness of your model is just because you have the right to distribute a certain patch level that does not mean you automatically have the right to distribute further patches,

Conversely, If the right to distribute is revoked, say a GPL to closed source license change you have still the right to distribute any versions originally distributed under the open license.

A good example off all this is the sordid history of the berkely db.

[fragmede]

Exactly right - you can get the GPL source for v1.0 which you've bought and paid for access to the binaries, but there's nothing that says they have to sell you binaries for v1.1, and thus you don't have any right to v1.1's source, despite it being GPL.

[mappu]

Matthew Ruffell was keeping the last open grsecurity patchset alive as part of Dapper Linux, but it's stuck on 4.9 and never managed to get a bootable 4.13 port.

Another good thing Oracle could do, is to release a CDDL update that is GPL-compatible.