Re: [gentoo-hardened] RIP hardened-sources

public inbox for gentoo-hardened@lists.gentoo.org
 help / color / mirror / Atom feed

From: Alex Efros <powerman@powerman.name>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] RIP hardened-sources
Date: Sun, 30 Apr 2017 15:56:02 +0300	[thread overview]
Message-ID: <20170430125602.GB11463@home.power> (raw)
In-Reply-To: <1862f6e2-7bed-1414-630d-7e864e7662b5@riseup.net>

Hi!

On Sun, Apr 30, 2017 at 01:55:16PM +0200, SK wrote:
> And it's not about money from what I've read, should read this if you
> want some more information :

If it's all just about credits, ego and personal conflict with LF - when
they the hell it affects everybody else? AFAIK Gentoo Hardened and
probably most other distributions which use GrSec/PaX have nothing with
all of this. Wanna say "fuuuu" to LF? No prob, change license to say only
listed Linux distributions may continue using GrSec/PaX for free.
This will makes it very clear sign of LF doesn't control GrSec/PaX and
doesn't punish end-users who has nothing with LF and that conflict.

But my original question has nothing with all of this. I was asking how it
possible for security-concerned people like GrSec/PaX developers to make
decisions which will leave vast majority of Linux systems less protected
than they are now? No matter because of that - money, credits, ego… -
none of these worth such a high damage to the world. And is it possible to
somehow minimize that damage. That's it.

P.S. I'm Linux user since 1994. And since that time I hear about LF twice:
read in news when it was created… and yesterday. That's because I'm doing
real work instead of playing politics. One may name it ignorance instead
and tell me if I leave politics alone it doesn't means politics will leave
me alone too… and that's true, of course. But at the end of day there is
no such thing as abstract politics, it's always about concrete people
making concrete decisions. And here we've very concrete GrSec/PaX
developers making very concrete decision to harm overall world security.

P.P.S. Leave NSA alone for the moment, because if it's all NSA then all we
can do is to hope Google or anyone else who has enough resources and good
will will just fork GrSec/PaX and continue developing it under GPL2.
And this discussion then doesn't makes any sense. There is a very small
but still non-zero chance my posts will change GrSec/PaX developers mind
about all of this, but none I can say may affects Google's decision to
fork or not to fork.

Also, if it's NSA case, next step will be to add backdoor into GrSec/PaX
(I suppose everyone realize that) which will eventually ruin Open Source
Security Inc. business anyway. So I just choose to believe this isn't the
case and no matter how strong NSA may push on them they didn't give up.
And all what's happens now has nothing with NSA.

-- 
			WBR, Alex.

next prev parent reply	other threads:[~2017-04-30 12:56 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-04-29 11:49 [gentoo-hardened] RIP hardened-sources Luis Ressel
2017-04-29 12:47 ` Alex Efros
2017-04-29 15:56   ` Daniel Cegiełka
2017-04-29 16:52     ` Javier Juan Martinez Cabezon
2017-04-29 16:58       ` Luis Ressel
2017-04-30  8:15         ` Javier Juan Martinez Cabezon
2017-04-29 17:04     ` Luis Ressel
2017-04-29 18:43       ` Daniel Cegiełka
2017-04-29 20:34         ` "Tóth Attila"
2017-04-29 22:04           ` Brant Williams
2017-04-30 13:00           ` Andrew Savchenko
2017-04-30 13:16             ` Alex Efros
2017-04-30 14:34               ` Andrew Savchenko
2017-04-30 14:56                 ` "Tóth Attila"
2017-04-30 13:07   ` Andrew Savchenko
2017-04-29 13:11 ` Alex Efros
2017-04-29 13:46   ` PaX Team
2017-04-29 16:46     ` Alex Efros
2017-04-30 11:08       ` Alex Efros
2017-04-30 11:50         ` SK
2017-04-30 11:55           ` SK
2017-04-30 12:32             ` Andrew Savchenko
2017-04-30 12:56             ` Alex Efros [this message]
2017-04-30 13:28               ` Andrew Savchenko
2017-04-30 13:07           ` Daniel Cegiełka
2017-04-29 15:30   ` Paweł Hajdan, Jr.

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170430125602.GB11463@home.power \
    --to=powerman@powerman.name \
    --cc=gentoo-hardened@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox