From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id B684F1385DD for ; Fri, 4 Sep 2015 21:26:02 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 572D514345; Fri, 4 Sep 2015 21:25:47 +0000 (UTC) Received: from mail-wi0-f174.google.com (mail-wi0-f174.google.com [209.85.212.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 85927142CE for ; Fri, 4 Sep 2015 21:25:46 +0000 (UTC) Received: by wibz8 with SMTP id z8so29495514wib.1 for ; Fri, 04 Sep 2015 14:25:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=6ABpuCsIwAzE+sxTBRz7+YUgrz+1/VueLrtMw7AMYZM=; b=W9gGXIgzjaOR7tjW45wzckbdQYpaVb0Z9Xe0e4BS64pbrKPPSsf+USGls2UZdkTOOe RT8JL3f9+Om2WNxmjSpJBNTwC2b0ZKDT/DxP2JYxjzuD82kiN8c7gjzB+1ndSFtlhuBE bcQue0t8cbPDygefSJZrmrWYCSwlAnmmnk3xh4WFUO5yOQKQLgOiFxv9ZcB3Ckoduo1T kYA1HTNtH8u+bpwOQuD28rGcL54K/fufP2NE24sUx1sfngT2H5pgOthKWjs+jeE+t0Sy SYsf41p6Sm0IQArJuk5khlWsptokXZPqHsWdr9vBWVsCofuFWtM4Nuj+0S+cDYawLdeQ Vg3g== X-Received: by 10.180.187.227 with SMTP id fv3mr10401114wic.57.1441401945465; Fri, 04 Sep 2015 14:25:45 -0700 (PDT) Received: from [192.168.0.5] (213.227.17.41.static.user.ono.com. [213.227.17.41]) by smtp.googlemail.com with ESMTPSA id im10sm6214591wjb.40.2015.09.04.14.25.44 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 Sep 2015 14:25:44 -0700 (PDT) Message-ID: <55EA0BE6.5000302@gmail.com> Date: Fri, 04 Sep 2015 23:23:50 +0200 From: =?windows-1252?Q?Javier_Juan_Mart=EDnez_Cabez=F3n?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.5.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] The state of grsecurity in gentoo References: <55E7202D.7080402@opensource.dyc.edu> <20150903192826.GF30362@schiffbauer.net> <55E8A3AB.1010703@gentoo.org> <20150903210855.GE5210@schiffbauer.net> <20150904123737.GC14064@schiffbauer.net> In-Reply-To: <20150904123737.GC14064@schiffbauer.net> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Archives-Salt: 1b8fe08d-37da-4b3d-8ed1-b2b1517a9736 X-Archives-Hash: 40ec57903381b4415310198578f48fd4 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 04/09/15 14:37, Marc Schiffbauer wrote: > * philipp.ammann@posteo.de schrieb am 04.09.15 um 13:33 Uhr: >> Am 03.09.2015 23:08 schrieb Marc Schiffbauer: >>> True and what I wanted to say with the OTOH part. But doesn't >>> this apply to any sponsor? I mean we are talking about GPL'ed >>> Software... does the GPL permit to distribute source under some >>> kind of NDA? >>> >>> I fully respect their decision but I hope things will be back >>> to normal again soon. >>> >> >> No you can't override the GPL with an NDA. But a sponsor - who is >> selling products based on grsecurity - is not required to make >> the code available to the general public, only to the customer >> who pays for the product. They're also not required to make their >> /patches/ available, only the complete source. So even if you get >> the sources from a customer (or you buy the product yourself), >> you would have to diff the code against a vanilla kernel - and >> then you only get a huge patch that includes *all* changes. >> Extracting just the grsecurity patch from that is complicated and >> error prone. You'll probably run into less bugs if you just stick >> to the public testing patches. > > Yes, but the point I was trying to make is: Such a customer can > make the sources available to the public. I am NOT saying we should > do this but in theory it would be possible. Lets see what the > future brings. This is going to be too OT ;) > > -Marc > I tried to fix a PaX patch time ago, After the attempt I think my "patch" started to make coffee instead of working as a truth patch. Yeah! You could try to do that and may be you would create a new AI life form in the process accidentally. Taint Grsec-PaX patches is hard, and if you don't know what are you doing it's something like a terrible teethache. I think that with distribution if grsec is considered a derivative work of a linux kernel the sponsor must make available the source code to the public, I don't think patch available, just source code. The question I think is that if they try to fork grsec, the effort to make a good grsec patch from sources and vanilla kernel and maintain it in a good state at same level as Brad and Pipacs do is feasible for all of them in time, in quality and economicaly. I don't think so. Apple Apple said: > > The software industry is full of hypocrisies like this. Yes it is > true that a company cannot legally stop a customer from releasing > GPLed code; in reality they just use other threats to get what they > want. For example, if you release code today, we will not give you > the update tomorrow, or if you have a problem we don't answer the > phone or you want to renew your contract next year? Sorry it costs > 2x now. Etc. > IMO Free as in Freedom not price, Welcome to services business model. Brad needs to live too żdon't you think? If they want that Brad supports the source code (I don't know the case in question) that they will use freely to his business it's logic that Brad wants a fee by his time. At least I think so. Isn't it? GPL don't forbid modify the source code if they want to do what Brad does... if they have the knowledge, the time and all the coffee needed, and GPL neither makes the maintainers slaves :). -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJV6gvkAAoJEFfmTgt/w77fk2IP/0fjFoi/BTM5ZipIaAIcSZon 49JQMOcEwCRX29I/ftsJig57tGBTaCcfyITwHI84p8K2FB+NalX79NReKSKsMtyC OiU8YQOhNAaufqF0byKQi5L2AGEvpDq1lYaBW4cyiVOKQhs+d09GIl3CrEQ/mD2W 5bLRjw5Olqx3uHL0en8y1WY1jB7Ws18amE8qCjPcgm3IVJqMn1oFEO2nR7+KOP98 Pbsqb6lQpVlgx0HZaAXG1cI5Pi7p3hgtRe8bXY0c8IE12HEcixWNj+2uzCP7POR/ RexzPl1uzNxcUHUmDx8DRIm0ikLpPo3HWtosJVbKf2+z/Tu5mK5CXnmHK/gGFP/P OSONkYPCW8aYYHUG3Bpv1DecYGqpQ+S7M2TVkwlCHH6t9ntMqY/3Sj8PsWZxXjhE B+vXNuH+QS6o/+pCvYusIgWgBY7H1azyHnfsdSXC74YmwvSs8rk0QnmwLXPyVTSH AX5bol01gepGvKh5+sp0BQk/gMOwwlObkPrt3pc/tSG6PCUxNEfE2NyheJOmGnOT +Hr+EVF0J/1h3f8hF5B6PnTfGHq1nGRTxGt1Mt+KHwjrtgunt0Yszrx1KMsjEVji o4iqtl1vc+CpMjutenuXhHUh5GGtkMnbR0PzvZqweoqniROTbtBRVZiwV/D+sJKY +teQQWrSxnBUvVzZa4Bb =mdxR -----END PGP SIGNATURE-----