[jraph]

They may allow their customers to redistribute the patches and then decide to stop providing further updates to customers that use these rights. I can see this faq being still literally right. They just don't mention this fact.

But this last Q&A states between the lines that no, they wouldn't provide a free version for evaluation only because if they did, you could freely redistribute the patch since they can't impose you to keep it secret because of this very paragraph of the GPL you quote, and they don't want this because that would break their business model.

That's not proof they actually tell their customers they will stop providing them further updates if they redistribute the patch, but this only reinforces my belief they do. This is exactly how they manage to keep there code non-public.

The GPL doesn't and can't force the GRSecurity project to provide updates to their customers under any circumstances.

This faq does not lie and is technically correct, it just "forgets" to mention that customers are tied to such a contract.