[gentoo-hardened] Grsecurity / PaX in danger!

[gentoo-hardened] Grsecurity / PaX in danger!

[atoth]

While Grsecurity 2.1.12 has been officially released, an alarming message
has been also included in the announcement.
http://www.grsecurity.net/news.php#grsec2112
If no sponsors will be found in a few months, Grsecurity can be expected
to become discontinued.

I encourage every individuals for a small donation (I've already done) and
companies using the software to consider sponsoring Brad & PaxTeam.

I personally could donate $10 monthly for keeping the essential, crucial
piece of patch alive. If every user could make a small donation the
project could be saved by an effort of the community.

If I were the US cabinet, I would immediately instruct NSA to save
Grsecurity & PaX.

Regards,
Dw.
-- 
dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962
Attila Toth MD, Radiologist, +36-20-825-8057, +36-30-5962-962

Re: [gentoo-hardened] Grsecurity / PaX in danger!

[Brian Kroth]

My ability to keep up on these things comes and goes as I'm sure
everyone's does, so I just noticed this:
http://lwn.net/Articles/313621/#Comments

For those of us who clearly see the benefit of the PaX/Grsecurity
patchset, but don't have enough kernel programming knowledge to directly
contribute (I'm sure there are many of us out there), I'm curious, what
can we do to help ensure (even parts of) the project's survival, either
in or out of the mainline kernel?

Unfortunately I work for a state facing a major deficit, so sponsorship
by my "company" isn't really a possibility, though your idea of NSA
sponsorship intrigues me.  Has that, or some other form of grant, been
pursued?  

How much "sponsorship" would be required?

Would lobbying or other efforts to get certain features ready for
mainline kernel inclusion help or does that go against the
PaX/Grsecurity teams' wishes?

What would those features be?  Should users be polled for what they'd
like to see attempted first?

Is this even the right place to discuss such a proposal?  Probably other
distros like Debian would be interested in the project's survival as
well, however in my experience the gentoo-hardened list has generally
been more active than the grsecurity one.

For what it's worth I made my donation today.

Thanks again,
Brian

atoth@atoth.sote.hu <atoth@atoth.sote.hu> 2008-12-29 06:22:
> While Grsecurity 2.1.12 has been officially released, an alarming message
> has been also included in the announcement.
> http://www.grsecurity.net/news.php#grsec2112
> If no sponsors will be found in a few months, Grsecurity can be expected
> to become discontinued.
> 
> I encourage every individuals for a small donation (I've already done) and
> companies using the software to consider sponsoring Brad & PaxTeam.
> 
> I personally could donate $10 monthly for keeping the essential, crucial
> piece of patch alive. If every user could make a small donation the
> project could be saved by an effort of the community.
> 
> If I were the US cabinet, I would immediately instruct NSA to save
> Grsecurity & PaX.
> 
> Regards,
> Dw.
> -- 
> dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962
> Attila Toth MD, Radiologist, +36-20-825-8057, +36-30-5962-962