On 2021-06-23 08:43, Matt Turner wrote:
On Tue, Jun 22, 2021 at 3:19 PM Thomas Deutschmann <whi...@gentoo.org> wrote:The PaX community in Gentoo is still big and active.Many Gentoo users received free access to upstream sources or became paying customers. It's just not available for everyone for free/without registration anymore. But it is still a thing in Gentoo.Can you substantiate that claim?
I am probably not the right person to answer that, given that I was never active in Gentoo's hardened/PaX project but let me try: When I got in touch with that stuff (via Debian) and was looking for help, I always run into a community full of helpful Gentoo users.
The project itself always had a very good connection with the Gentoo project. Before they stopped providing unrestricted access, the Gentoo PaX/hardened community was around ~30 *active* people with additional ~40-60 changing people hanging around which I believe is a lot for such a niche.
That's why upstream also mentioned Gentoo in https://grsecurity.net/passing_the_baton.php.
Regarding numbers: I am not sure what you are expecting. All I can tell you is that people who were active, interested and probably known to upstream had the chance to get free access for their personal use (there was even an offer for Gentoo infrastructure...). I don't know how many are still using Gentoo.
There was a pax-kernel USE flag on Mesa and I don't recall anyone saying a word when I removed it.
As you probably know, I am not a Linux desktop user (yet). My complete experience with that PaX stuff is limited to servers.
If there are paying customers that have PaX kernels, perhaps they'd be interested in providing some support for Gentoo if we're being asked to retain support for something we cannot test.
Yeah, would be nice to hear something from Gentoo hardened project at all (I am looking at you, mschiff, zorry or blueness ;)). I think slashbeast could also provide more information.
I still remember when I reworked firefox/thunderbird ebuild and broke PaX marking there (https://bugs.gentoo.org/756679). So yes, we have at least some users ;-)
-- Regards, Thomas Deutschmann / Gentoo Linux Developer fpr: C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
OpenPGP_signature
Description: OpenPGP digital signature
