Re: GRSec.
At one point Spengler's work was marvellous and free and actually had a rational point.
I would not be entirely surprised if opinions differed. I'm not saying that the mainstream kernel community's approach to the immense CVE list is invalid; it's perfectly acceptable in a normal, open society. But it's not one that everyone wants. And opinion shouldn't be allowed to stop someone else doing something about it, even if most people think that what they've done is crazy.
Perens's opinion is one I happen to share. And have shared. (Historically) I was the initial SA deploying linux at an enterprise and there was some push at *that* time to pull in GRSec patches, however the conflict between the GRSec agreement and the RH agreement at the *legal* level at the time was already a substantial issue. It was made worse by the "pay only" model that Spengler took on...
What I do find objectionable about this whole situation is the use of public opinion to sway public perceptions of what the license actually says. Contrary to what most people think, there is no obligation under GPL2 to do anything more than sending source on a CD-R in the post, on request. Even punched paper tape is, technically speaking, acceptable. There is no obligation to do even that after three years. There is no obligation to distribute the source to the entire population of the planet, only to people you have given a binary to. There is no obligation to send the source code again simply because some of it has changed. Clause 6 mentions "The Program"; not any other program, or future versions of it, and applies only if you actually choose to distribute it to some one. There is no obligation to onward distribute source code you have acquired, unless you distribute a binary built from it (just as well, otherwise we'd all be in trouble).
We Don't Want to be in a World Where License Terms Can be Changed Retrospectively
The role of public opinion in this is important. Most people are of the firm opinion that open source always means "I can download it from some server whenever I like". Some licenses are like that. GPL2 really is not.
However, if a court eventually caves in to the weight public opinion stoked up by people like Perens and forces a re-interpretation of the GPL2 to include terms like making it available on a web server to all and sundry, then a very important thing will have happened:
The source code would have been forcibly released under a different license terms by a court not acting at the request of or with the consent of the author(s).
That would be an atrocious precedent to set. It seriously threatens the certainty of all software licenses. It would mean that all GPL2 code everywhere was now fair game. And if GPL2, why not some more proprietary licenses?
That would cost us all dearly, in the end.
There's enough of a problem brewing with Google resorting to claiming "Fair Use" in its dispute with Oracle over Java. If Google ultimately win that one (it's still rumbling along), and Peren's firm opinion gets adopted as a precedent by some court somewhere, then as far as I can tell all bets are off, source code (either proprietary or free) can no longer be adequately defended by copyright law.
And it's copyright law that licenses such as GPL2, GPL3, etc utterly rely on.
So I'm annoyed with Perens for stirring up the pot. Is the Linux source code licensing situation ideal for what most contributors want? No, frankly it's crap. But it's nearly 30 years too, too late to correct that. Are the actions of GR legal? Probably yes. Are they in any way significant to what the rest of the Linux world does? Completely not. Could this all turn into a clusterfsck for the rest of us? Quite easily. Why risk that? Leave sleeping hornets nests alone I say.
Inevitable
Situations such as this were always kind of inevitable with the GPLs. Their copyleft nature is their very own weakness; any flaw in their terms is unrecoverable. Fixing the perceived flaws by stretching the copyright laws that the licenses rely on is going to weaken the licenses in other ways.
Personally speaking I think that GPL has not been of significant benefit to Linux or other projects when compared to, say, the BSD license. FreeBSD is even more freely licensed than GPL2, and that's not done FreeBSD any harm at all (in terms of community activity, code quality, etc).
GPL2 has also been a significant barrier to getting useful freely available code into Linux (ZFS, DTRACE, device drivers, etc). Getting stoked up by people like Perens about GPL2 adherence simply raises the barriers to becoming more accepting of other licenses, which brings its own problems.
To get around some of these legal barriers and issues we see projects like Google's Project Treble emerging. That stands a very good chance of fixing device driver issues on Android (and thence everywhere else), but it will then be significantly different to the mainstream. Fragmentation is a bad thing; it dilutes effort.