From: Alex Efros <powerman@powerman.name>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] RIP hardened-sources
Date: Sun, 30 Apr 2017 14:08:11 +0300 [thread overview]
Message-ID: <20170430110811.GA11463@home.power> (raw)
In-Reply-To: <20170429164610.GA11187@home.power>
Hi!
On Sat, Apr 29, 2017 at 07:46:10PM +0300, Alex Efros wrote:
> Thanks! But isn't this mean you forbid all Linux distributions (including
> commercial ones like RedHat) to be GrSec/PaX subscribers (in case they
> like to spend some money for it)? I.e. this decision will ensure majority
> of Linux systems will never ever have GrSec/PaX
If no one is replies on this yet because that's sad truth, then may I ask
why don't you like to solve this in some way?
For example, you can continue publishing source of GrSec/PaX versions, but
use license which allows using it for free only for personal use and small
business (say, less than 10-20 computers) on usual desktop/server PC.
This way all server/desktop Linux distributions will be able to include
alternative hardened kernel or have alternative hardened variant of
overall distribution, but end-user will have to decide is they can use it
for free or should subscribe or avoid using it.
For Android phones/tablets and embedded devices you can make separate
clause in license to let you get some money from Google and companies
developing embedded devices if they will like to use GrSec/PaX, without
forbidding such a possibility at all (rumours are current subscription
options require to limit amount of installations, which is surely doesn't
makes sense for Android).
This way you shouldn't lose any money comparing to current situation,
it also solve mentioned before issues when bad companies sell unsupported
and modified GrSec variant and use "grsecurity" for marketing own
products. Plus you'll continue wide-test your patch with Gentoo Hardened
and some other distribution users and have your patch available for any
external audit which is always good for security product's karma.
If there are no good reasons to reject proposed solution and no
alternatives to let people continue using GrSec/PaX for personal/small
business use, then, yeah, conspiracy theories and three-letter-agencies
start coming to mind - just because they wins more than anybody else
including yourself if all Linux distributions won't have GrSec/PaX anymore.
--
WBR, Alex.
next prev parent reply other threads:[~2017-04-30 11:08 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-29 11:49 [gentoo-hardened] RIP hardened-sources Luis Ressel
2017-04-29 12:47 ` Alex Efros
2017-04-29 15:56 ` Daniel Cegiełka
2017-04-29 16:52 ` Javier Juan Martinez Cabezon
2017-04-29 16:58 ` Luis Ressel
2017-04-30 8:15 ` Javier Juan Martinez Cabezon
2017-04-29 17:04 ` Luis Ressel
2017-04-29 18:43 ` Daniel Cegiełka
2017-04-29 20:34 ` "Tóth Attila"
2017-04-29 22:04 ` Brant Williams
2017-04-30 13:00 ` Andrew Savchenko
2017-04-30 13:16 ` Alex Efros
2017-04-30 14:34 ` Andrew Savchenko
2017-04-30 14:56 ` "Tóth Attila"
2017-04-30 13:07 ` Andrew Savchenko
2017-04-29 13:11 ` Alex Efros
2017-04-29 13:46 ` PaX Team
2017-04-29 16:46 ` Alex Efros
2017-04-30 11:08 ` Alex Efros [this message]
2017-04-30 11:50 ` SK
2017-04-30 11:55 ` SK
2017-04-30 12:32 ` Andrew Savchenko
2017-04-30 12:56 ` Alex Efros
2017-04-30 13:28 ` Andrew Savchenko
2017-04-30 13:07 ` Daniel Cegiełka
2017-04-29 15:30 ` Paweł Hajdan, Jr.
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170430110811.GA11463@home.power \
--to=powerman@powerman.name \
--cc=gentoo-hardened@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox