> They surely do something like Red Hat that says in a contract you lose access to the GRSecurity patch as a user if you publicly redistribute the source.

GPL 2.0

> 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.

You may not impose any further restrictions on the recipients' exercise of the rights granted herein.

Red Hat prohibits you from redistributing their binary packages, and that's well within the rights of the GPL as it attached to the source with the only requirement on binaries being that the GPL'd source code be made available upon request. Before the CentOS rebase, they went a step further and you could just download SRPMs right off their FTP server without even being a paying customer.

In the case of GRSecurity, in their FAQ [https://grsecurity.net/faq] they even acknowledge that their customers have a right to share the patches.

Q: Does grsecurity have a free version for evaluation only?

A: Grsecurity fully complies with the license of the Linux kernel, the GPLv2. Since grsecurity is delivered as a source code patch, it is not possible under the terms of the GPL to offer a free version under an actual restriction that it be used only for evaluation purposes. Any customer receiving a grsecurity patch receives all the GPL-granted rights and responsibilities, including the right to redistribute patches in their possession or even to sell them to others.

They may allow their customers to redistribute the patches and then decide to stop providing further updates to customers that use these rights. I can see this faq being still literally right. They just don't mention this fact.

But this last Q&A states between the lines that no, they wouldn't provide a free version for evaluation only because if they did, you could freely redistribute the patch since they can't impose you to keep it secret because of this very paragraph of the GPL you quote, and they don't want this because that would break their business model.

That's not proof they actually tell their customers they will stop providing them further updates if they redistribute the patch, but this only reinforces my belief they do. This is exactly how they manage to keep there code non-public.

The GPL doesn't and can't force the GRSecurity project to provide updates to their customers under any circumstances.

This faq does not lie and is technically correct, it just "forgets" to mention that customers are tied to such a contract.

That's just their FAQ, which is meaningless since it isn't legally binding.

What EULA do they require of end users?

Not a customer and their access agreement isn't public, but terminating a contract in retribution for redistributing their patch would be a violation of the GPL's "no further restrictions" clause and thus they would be in breach. If they're pulling a stunt like that somebody with big enough pockets only needs to file a lawsuit.

I don't think that's true. "If you redistribute we stop collaboration" is not a restriction on the source code the customer has access to.

I think this clause doesn't mean what you mean. This clause means that the GRSecurity project can't license their modifications under a more restrictive license than the GPL. Which the GRSecurity project respects, customers do have access to the modifications under the GPL license.

One of those customers also redistributed GRSec modifications:

https://github.com/jameshilliard/linux-grsec