Grsecurity will stop issuing patches citing trademark abuse

Grsecurity is an open-source project that creates and distributes security patches for the Linux kernel.

A major corporation is misusing grsecurity’s trademarks and violating the terms of the GNU Public License – and as a consequence, the leader of the project said Wednesday, grsecurity will stop making its stable patches available to the general public.

In an official announcement, grsecurity project leader Brad Spengler said that it was unfair to the project’s sponsors to allow the companies in the embedded Linux industry – which he declined to name, citing legal advice – to dilute grsecurity’s trademarks.

+ALSO ON NETWORK WORLD: Massachusetts boarding school sued over Wi-Fi sickness + Access points with 802.11ac are taking over enterprise WLANs

“Companies in the embedded industry not playing by the same rules as every other company using our software violates users' rights, misleads users and developers, and harms our ability to continue our work,” he wrote.

Grsecurity is an open-source project that creates and distributes security patches for the Linux kernel. Until now, like any other GPL project, grsecurity has distributed everything it creates, including stable patches for older versions of the kernel, as well as the “test” series, which apply to the most recent kernel versions. It also offers additional support in exchange for paid sponsorship of the project, but users have been free to integrate any patches they like on their own.

However, according to Spengler, a “multi-billion-dollar corporation” recently began advertising its commercial embedded Linux products with references to grsecurity, despite the fact that it modified the software in violation of the GPL.

“The aforementioned company has been using the grsecurity name all over its marketing material and blog posts to describe their backported, unsupported, unmaintained version in a version of Linux with other code modifications that haven’t been evaluated by us for security impact,” he said. “Simply put, it is NOT grsecurity – it doesn’t meet our standards and at the same time it uses our brand and reputation to further its marketing.”

But grsecurity doesn’t have the money to fight a legal battle, Spengler said, and so the decision was made to simply stop releasing stable patches to non-sponsors – in effect, cutting off the alleged violator’s access to grsecurity’s code improvements. The project’s full source code will still be released to the public at large, in compliance with the GPL, but non-sponsors will have to pick through every update to find out what’s applicable to them.

The new policy will go into effect in less than two weeks. Spengler could not be reached for further comment.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about Linux

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Jon Gold

Latest Videos

More videos

Blog Posts