From: "Javier Juan Martínez Cabezón" <tazok.id0@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] The state of grsecurity in gentoo
Date: Fri, 04 Sep 2015 23:23:50 +0200 [thread overview]
Message-ID: <55EA0BE6.5000302@gmail.com> (raw)
In-Reply-To: <20150904123737.GC14064@schiffbauer.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 04/09/15 14:37, Marc Schiffbauer wrote:
> * philipp.ammann@posteo.de schrieb am 04.09.15 um 13:33 Uhr:
>> Am 03.09.2015 23:08 schrieb Marc Schiffbauer:
>>> True and what I wanted to say with the OTOH part. But doesn't
>>> this apply to any sponsor? I mean we are talking about GPL'ed
>>> Software... does the GPL permit to distribute source under some
>>> kind of NDA?
>>>
>>> I fully respect their decision but I hope things will be back
>>> to normal again soon.
>>>
>>
>> No you can't override the GPL with an NDA. But a sponsor - who is
>> selling products based on grsecurity - is not required to make
>> the code available to the general public, only to the customer
>> who pays for the product. They're also not required to make their
>> /patches/ available, only the complete source. So even if you get
>> the sources from a customer (or you buy the product yourself),
>> you would have to diff the code against a vanilla kernel - and
>> then you only get a huge patch that includes *all* changes.
>> Extracting just the grsecurity patch from that is complicated and
>> error prone. You'll probably run into less bugs if you just stick
>> to the public testing patches.
>
> Yes, but the point I was trying to make is: Such a customer can
> make the sources available to the public. I am NOT saying we should
> do this but in theory it would be possible. Lets see what the
> future brings. This is going to be too OT ;)
>
> -Marc
>
I tried to fix a PaX patch time ago, After the attempt I think my
"patch" started to make coffee instead of working as a truth patch.
Yeah! You could try to do that and may be you would create a new AI
life form in the process accidentally.
Taint Grsec-PaX patches is hard, and if you don't know what are you
doing it's something like a terrible teethache.
I think that with distribution if grsec is considered a derivative
work of a linux kernel the sponsor must make available the source code
to the public, I don't think patch available, just source code. The
question I think is that if they try to fork grsec, the effort to make
a good grsec patch from sources and vanilla kernel and maintain it in
a good state at same level as Brad and Pipacs do is feasible for all
of them in time, in quality and economicaly. I don't think so.
Apple Apple said:
>
> The software industry is full of hypocrisies like this. Yes it is
> true that a company cannot legally stop a customer from releasing
> GPLed code; in reality they just use other threats to get what they
> want. For example, if you release code today, we will not give you
> the update tomorrow, or if you have a problem we don't answer the
> phone or you want to renew your contract next year? Sorry it costs
> 2x now. Etc.
>
IMO Free as in Freedom not price, Welcome to services business model.
Brad needs to live too ¿don't you think? If they want that Brad
supports the source code (I don't know the case in question) that they
will use freely to his business it's logic that Brad wants a fee by
his time. At least I think so. Isn't it?
GPL don't forbid modify the source code if they want to do what Brad
does... if they have the knowledge, the time and all the coffee
needed, and GPL neither makes the maintainers slaves :).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJV6gvkAAoJEFfmTgt/w77fk2IP/0fjFoi/BTM5ZipIaAIcSZon
49JQMOcEwCRX29I/ftsJig57tGBTaCcfyITwHI84p8K2FB+NalX79NReKSKsMtyC
OiU8YQOhNAaufqF0byKQi5L2AGEvpDq1lYaBW4cyiVOKQhs+d09GIl3CrEQ/mD2W
5bLRjw5Olqx3uHL0en8y1WY1jB7Ws18amE8qCjPcgm3IVJqMn1oFEO2nR7+KOP98
Pbsqb6lQpVlgx0HZaAXG1cI5Pi7p3hgtRe8bXY0c8IE12HEcixWNj+2uzCP7POR/
RexzPl1uzNxcUHUmDx8DRIm0ikLpPo3HWtosJVbKf2+z/Tu5mK5CXnmHK/gGFP/P
OSONkYPCW8aYYHUG3Bpv1DecYGqpQ+S7M2TVkwlCHH6t9ntMqY/3Sj8PsWZxXjhE
B+vXNuH+QS6o/+pCvYusIgWgBY7H1azyHnfsdSXC74YmwvSs8rk0QnmwLXPyVTSH
AX5bol01gepGvKh5+sp0BQk/gMOwwlObkPrt3pc/tSG6PCUxNEfE2NyheJOmGnOT
+Hr+EVF0J/1h3f8hF5B6PnTfGHq1nGRTxGt1Mt+KHwjrtgunt0Yszrx1KMsjEVji
o4iqtl1vc+CpMjutenuXhHUh5GGtkMnbR0PzvZqweoqniROTbtBRVZiwV/D+sJKY
+teQQWrSxnBUvVzZa4Bb
=mdxR
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2015-09-04 21:26 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-02 16:13 [gentoo-hardened] The state of grsecurity in gentoo Anthony G. Basile
2015-09-02 17:22 ` Aaron W. Swenson
2015-09-02 19:17 ` Francisco Blas Izquierdo Riera (klondike)
2015-09-03 19:28 ` Marc Schiffbauer
2015-09-03 19:46 ` Matthew Thode
2015-09-03 21:08 ` Marc Schiffbauer
2015-09-04 11:33 ` philipp.ammann
2015-09-04 12:37 ` Marc Schiffbauer
2015-09-04 20:12 ` Apple Apple
2015-09-04 21:23 ` Javier Juan Martínez Cabezón [this message]
2015-09-05 9:44 ` Marc Schiffbauer
2015-09-05 13:55 ` Anthony G. Basile
2015-09-18 8:53 ` J. Roeleveld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55EA0BE6.5000302@gmail.com \
--to=tazok.id0@gmail.com \
--cc=gentoo-hardened@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox