On Tue, Jun 28, 2016 at 12:51 AM, Adam Van Ymeren <adam.v...@gmail.com> wrote: > On Mon, Jun 27, 2016 at 4:41 AM, Shawn <cit...@gmail.com> wrote: >> I'm not an expert of GPL compliance. I personally don't see any GPL >> violation in PaX/Grsecurity. Because of some embedded vendors pissed >> off PaX/Grsecurity's authors last year and then they decided stable >> patch was going to customer-only, which means you could get the source >> code once you paid. It's very fair to myself. Because they need to >> spend time and hire people to do the regression testing to make their >> customer's production system as stable as possible. Fortunately, they >> are still release test patch for public. As a user and a security >> consultant, test patch is good enough to deal with the most situation >> I've met. > > From what I've read. It sounds like they are making customers sign > NDAs, and/or threatening to cut them off if the customers share the > source code for those patches to anyone. This is clearly a violation > of freedom 2 > Well, about this part I can't speak for Spender and PaX team. IMOHO, Spender doesn't care if you share the patch to those real FLOSS hackers who knows the importance of contribute back to the community.
> "The freedom to redistribute copies so you can help your neighbor (freedom > 2)." > IMOHO, Spender & PaX team never try to stop me help my "neighbors" from hardenedlinux community;-) > I'm not a lawyer or expert on the GPL. The GPL may not protect > against situations like this, but it clearly goes against the spirit > of Free Software. > FLOSS community has been benefiting from PaX/Grsecurity for more than a decade. Most features of PaX/Grsecurity is/was ahead of industry and kernel upstream over years, e.g: the 1st non-executable bit was implemented in PaX's SEGEXEC back in 2000 and then Intel made it as a hardware bit( NX) in 2004; PaX released UDEREF around 2007, Intel's SMEP/SMAP came later for 4--7 years. Even other OSes has been learning from PaX/Grsecurity's design and implementation: http://hardenedlinux.org/images/pax_grsec_graph.jpg We've been suffering for years from Linux kernel's security philosophy "a bug is bug". KSPP is emerged out after the truth disclosured to the public: http://www.washingtonpost.com/sf/business/2015/11/05/net-of-insecurity-the-kernel-of-the-argument/ KSPP is a good starting point and it's going to a long way to go. Dude, we are very lucky to have PaX/Grsecurity because they are willing to share their research. Maybe some people don't like Spender's personal character...to be honest, I don't give a shit about it. CU'z I don't have other options. If some big corps leeched your research and make money from it, what would you do? As a security consultant and a free software enthusiast( supporter of FSF/FSFE/EFF/SFC for years), I can fully understand why PaX/Grsecurity guys do this. IMOHO, PaX/Grsecurity is a friend of ours( FLOSS community). BIGBROs/Exploit vendors/leaches are the real enemies. > >> >> I 'd say we are lucky to have brilliant FLOSS hackers like Spender and >> PaX team in this era. Because of them, we have a very effective >> solution for linux kernel security, which compares to other core >> infrastructures such as firmware or compiler. Even CHIPSEC and >> reproducible builds are just starting point somehow. It'd be a long >> way to protect your digital freedom away from BIGBROs just like >> PaX/Grsecurity in kernel field;-) >> >> On Sun, Jun 5, 2016 at 12:58 PM, <concernedfoss...@teknik.io> wrote: >>> Soylent news published an article/discussion on GRSecurity, RMS, etc >>> If you're interested it's here: >>> https://soylentnews.org/article.pl?sid=16/06/02/214243 >>> >>>>RMS Responds - GRsecurity is Preventing Others From Redistributing Source >>>>Code [UPDATED] >>> >>> >> >> >> >> -- >> GNU powered it... >> GPL protect it... >> God blessing it... >> >> regards >> Shawn >> -- GNU powered it... GPL protect it... God blessing it... regards Shawn