Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <a0ecb79b-c65a-1e8f-83e5-275d9ac5ab6d@nmatt.com>
Date: Sat, 3 Jun 2017 11:16:37 -0400
From: Matt Brown <matt@...tt.com>
To: Brad Spengler <spender@...ecurity.net>,
 kernel-hardening@...ts.openwall.com
Subject: Re: Stop the plagiarism

On 6/3/17 7:30 AM, Brad Spengler wrote:
> http://www.openwall.com/lists/kernel-hardening/2017/06/03/11
> 
> Guys, this is your *last warning*.  This stops *now* or I'm sending lawyers
> after you and the companies paying you to plagiarize our work and violate

I actually do not get paid to do this work. I was a happy user of your
patch while it was public. Now you took it away from the public and I'm
doing my small part to pick up the baton.

> our *registered* copyright (which for the record entitles us to punitive
> damages which now are very easily provable).  It's time to get serious
> about attribution -- what you are doing is completely unacceptable.  I'm
> already in contact with lawyers to prepare for the next time this happens.
> If any of this plagiarized and misattributed code actually made it into
> the Linux kernel, you'd all be in a world of pain.
> 
> Matt -- did you not see in the directory the Kconfig file was copy+pasted
> from the following:
> 
> # grsecurity - access control and security hardening for Linux
> # All code in this directory and various hooks located throughout the Linux kernel are
> # Copyright (C) 2001-2014 Bradley Spengler, Open Source Security, Inc.
> # http://www.grsecurity.net spender@...ecurity.net
> #
> # This program is free software; you can redistribute it and/or
> # modify it under the terms of the GNU General Public License version 2
> # as published by the Free Software Foundation.
> #
> # This program is distributed in the hope that it will be useful,
> # but WITHOUT ANY WARRANTY; without even the implied warranty of
> # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> # GNU General Public License for more details.
> #
> # You should have received a copy of the GNU General Public License
> # along with this program; if not, write to the Free Software
> # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
> 

I am sincerely sorry about this. It will be corrected in v2. Would you
like this license included in the Kconfig and tpe_lsm.c or just one of
them? I didn't see a license at the top of grsecurity/grsec_tpe.c so I
didn't know what to include.

> Yet you are claiming copyright entirely over my work.  Your copy+pasted
> Kconfig entry didn't even adjust for your renaming of my sysctl variables.
> Search+replace of config and function names is not transformative, and
> I dare to think how much of your tpe_lsm.c is copy+pasted from cormander's
> LSM.
> 
> I know it must be hard for the KSPP, having no original ideas of its

I am not a part of KSPP nor do my patches/comments reflect on them.

> own, but this is not security or development.  It's mindless plagiarism
> and illegal.  Then to slap your own copyright over the whole copy+pasted
> thing is a total insult and demonstrates the complete lack of respect
> KSPP has for the work it can't accomplish anything without.  The KSPP
> and the companies funding it wouldn't be able to show a shred of perceived
> progress were it not for its ability to simply copy+paste portions of
> our work, because every time you modify something you introduce bugs and
> new vulnerabilities, demonstrating your cluelessness.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.