Re: [gentoo-hardened] The state of grsecurity in gentoo

[Marc Schiffbauer <mschiff@gentoo.org>]

[-- Attachment #1: Type: text/plain, Size: 1496 bytes --]

* philipp.ammann@posteo.de schrieb am 04.09.15 um 13:33 Uhr:
> Am 03.09.2015 23:08 schrieb Marc Schiffbauer:
> > True and what I wanted to say with the OTOH part. But doesn't this 
> > apply
> > to any sponsor? I mean we are talking about GPL'ed Software... does the
> > GPL permit to distribute source under some kind of NDA?
> > 
> > I fully respect their decision but I hope things will be back to normal
> > again soon.
> > 
> 
> No you can't override the GPL with an NDA. But a sponsor - who is 
> selling products based on grsecurity - is not required to make the code 
> available to the general public, only to the customer who pays for the 
> product. They're also not required to make their /patches/ available, 
> only the complete source. So even if you get the sources from a customer 
> (or you buy the product yourself), you would have to diff the code 
> against a vanilla kernel - and then you only get a huge patch that 
> includes *all* changes. Extracting just the grsecurity patch from that 
> is complicated and error prone. You'll probably run into less bugs if 
> you just stick to the public testing patches.

Yes, but the point I was trying to make is: Such a customer can make the 
sources available to the public. I am NOT saying we should do this but 
in theory it would be possible.
Lets see what the future brings. This is going to be too OT ;)

-Marc

-- 
0x35A64134 - 8AAC 5F46 83B4 DB70 8317
             3723 296C 6CCA 35A6 4134

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]