From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 50DA2139694 for ; Sat, 13 May 2017 00:18:02 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2F00FE0BF5; Sat, 13 May 2017 00:17:54 +0000 (UTC) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E76ACE0BEC for ; Sat, 13 May 2017 00:17:53 +0000 (UTC) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 36945209A6; Fri, 12 May 2017 20:17:53 -0400 (EDT) Received: from web6 ([10.202.2.216]) by compute2.internal (MEProxy); Fri, 12 May 2017 20:17:53 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=trystero.is; h= content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=mesmtp; bh=3UAwEAudfu1qqXxSRumaDW9sKP 0T2WeompqVm8QXErs=; b=kpVIV8CbnjChr7c13ej1nl3uPRcmsxSMVx+exWIBEW LvPUwf9gj7G+B4G4oftXNppmjY4+LJzexc9088yJRFstM/nW/uvi+xKF7WRhPqEB OcNswfC35Fagg7dhhXRAw6DLc8ms5yXk1sLbrawYKkrNNLSHngyw1OP/0bBjIQUU E= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=3UAwEA udfu1qqXxSRumaDW9sKP0T2WeompqVm8QXErs=; b=Hlm7J6q2yj7JNsGkvU3GXZ cc4rQlFfm/CxAslwzq9jC04ad1K3IW55mk2x+zBIS6v1cpxG872sbpa7VTNvwFCH 2OqCC9sf9E+FHwZL2fbEwQLg7f0OW+lrMQvqRqfSyEu1XGOvYPWoWyIg9Z5XkEbB Rbw2LTyDrap3mSQPhhg6zp+ooHL/URUkm5oMwa32CsSQMywowvqD1w7lQUNN9IGc MGOU/KonOI3rAeFUE/hcD0g+ao9NZgHUlQjtIl2Rw05n4+nd8mKg2JF5vFF89QyD jNyJdSG7jregOpOHFDrCqLUANneuT9uxVBui5/StAo2UjO4CFpRIQyMr5Ne3leew == X-ME-Sender: Received: by mailuser.nyi.internal (Postfix, from userid 99) id 0B85948006; Fri, 12 May 2017 20:17:53 -0400 (EDT) Message-Id: <1494634672.363667.975060048.16742F31@webmail.messagingengine.com> From: "Max R.D. Parmer" To: Alex Efros , gentoo-hardened@lists.gentoo.org Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" X-Mailer: MessagingEngine.com Webmail Interface - ajax-6cc55fe1 In-Reply-To: <20170512233819.GC16275@home.power> Date: Fri, 12 May 2017 17:17:52 -0700 References: <20170501093843.GA927@gentoo.org> <20170501132854.98400aa781d29f13457dacd1@gentoo.org> <20170501135808.GA644@gentoo.org> <20170509001203.f95bbca4bea4957afb3a86c3@gentoo.org> <708eb0ac0669097fd9db4a0889a222ad.squirrel@atoth.sote.hu> <20170512233819.GC16275@home.power> Subject: Re: [gentoo-hardened] Technical repercussions of grsecurity removal X-Archives-Salt: f654f3a1-acf8-41c9-b717-c9586591acc1 X-Archives-Hash: 313db6ab90bee62d42fbd105c8833b12 On Fri, May 12, 2017, at 16:38, Alex Efros wrote: > Hi! >=20 > On Fri, May 12, 2017 at 09:10:43PM +0200, "T=C3=B3th Attila" wrote: > > Please take a look at on the reply of PaxTeam postend on the openwall > > mailing list: > > http://openwall.com/lists/kernel-hardening/2017/05/11/2 >=20 > What's for? It's pointless. Only very few people are really interested > (i.e. not just curious) in knowing who is paid by which company for doing > what, who makes more real bugs, and who lies about something. >=20 > The important questions about how to keep current level of protection for > individual/small business users and how users of some distributions like > Gentoo/Ubuntu/Android can be protected with GrSec/PaX are still > unanswered. >=20 > While large companies may buy subscription for GrSec/PaX the mentioned > above categories of users can't (correct me if I'm wrong, please) - so > effectively the change in GrSec policy makes harm and punish mostly these > categories of users. If that's real GrSec/PaX goal - it's very sad but > they probably have rights to do this (except their public reasoning > doesn't match what they actually do, so probably there are some unsaid > reasoning exists too), but if it's not their real goal - then they > probably should provide some options for these categories of users too. >=20 > --=20 > WBR, Alex. Individuals can certainly request a quote -- I did -- their director of sales is very patient, considerate and accommodating. Unfortunately the price is quite a bit more than I can personally afford at present. I don't personally doubt PaXteam/Spenders stated reasoning. It appears they've encountered a quite aggravating situation with what may amount to plagiarists. The post Dr. Toth linked closely mirrored what I initially anticipated from observing kspp and the like from afar. I think they're in a crap situation and what they've done is one of the better of several bad options. So, I am considering the costs of alternative control environments for my personal systems, perhaps it will be worth the quoted price after all once I've assessed options. But, point being, if paying is not out of the question I think you should request a quote.=20 -- 0x7D964D3361142ACF