From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id AC5301385DD for ; Fri, 4 Sep 2015 12:37:53 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B35F714289; Fri, 4 Sep 2015 12:37:51 +0000 (UTC) Received: from mx10.schiffbauer.net (mx10.schiffbauer.net [188.40.110.137]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id BDCE71425B for ; Fri, 4 Sep 2015 12:37:50 +0000 (UTC) Received: from pd956cfd5.dip0.t-ipconnect.de ([217.86.207.213]:40755 helo=localhost) by mx10.schiffbauer.net with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from ) id 1ZXqFY-0005jg-NM for gentoo-hardened@lists.gentoo.org; Fri, 04 Sep 2015 14:37:49 +0200 Date: Fri, 4 Sep 2015 14:37:37 +0200 From: Marc Schiffbauer To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] The state of grsecurity in gentoo Message-ID: <20150904123737.GC14064@schiffbauer.net> Mail-Followup-To: gentoo-hardened@lists.gentoo.org References: <55E7202D.7080402@opensource.dyc.edu> <20150903192826.GF30362@schiffbauer.net> <55E8A3AB.1010703@gentoo.org> <20150903210855.GE5210@schiffbauer.net> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Dxnq1zWXvFF0Q93v" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-Virus-Scanned: by ClamAV (http://www.clamav.org) X-Spam-Score: -1.0 X-Spam-Level: - X-Archives-Salt: 695ea624-a026-4b08-aed5-a7404e2cfc3e X-Archives-Hash: 9fc005524f3bdbb83e890a71c30f31b5 --Dxnq1zWXvFF0Q93v Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * philipp.ammann@posteo.de schrieb am 04.09.15 um 13:33 Uhr: > Am 03.09.2015 23:08 schrieb Marc Schiffbauer: > > True and what I wanted to say with the OTOH part. But doesn't this=20 > > apply > > to any sponsor? I mean we are talking about GPL'ed Software... does the > > GPL permit to distribute source under some kind of NDA? > >=20 > > I fully respect their decision but I hope things will be back to normal > > again soon. > >=20 >=20 > No you can't override the GPL with an NDA. But a sponsor - who is=20 > selling products based on grsecurity - is not required to make the code= =20 > available to the general public, only to the customer who pays for the=20 > product. They're also not required to make their /patches/ available,=20 > only the complete source. So even if you get the sources from a customer= =20 > (or you buy the product yourself), you would have to diff the code=20 > against a vanilla kernel - and then you only get a huge patch that=20 > includes *all* changes. Extracting just the grsecurity patch from that=20 > is complicated and error prone. You'll probably run into less bugs if=20 > you just stick to the public testing patches. Yes, but the point I was trying to make is: Such a customer can make the=20 sources available to the public. I am NOT saying we should do this but=20 in theory it would be possible. Lets see what the future brings. This is going to be too OT ;) -Marc --=20 0x35A64134 - 8AAC 5F46 83B4 DB70 8317 3723 296C 6CCA 35A6 4134 --Dxnq1zWXvFF0Q93v Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlXpkI4ACgkQKWxsyjWmQTTE7wCdGWiR4GiBbsK8ZCm2MueB+KpL zRUAoIGk5z8Rg3dhwyiOODITAMDXW8zd =ICal -----END PGP SIGNATURE----- --Dxnq1zWXvFF0Q93v--